Senior Information Security Systems Engineer

ABOUT US

At COTA, our vision is for data-driven cancer care to become the standard across healthcare. We believe that everyone touched by cancer deserves a clear path to care. Together, we can make that vision a reality. 

We’re searching for smart, motivated people who share our passion for bringing clarity to cancer. Connect with us, introduce yourself, and apply to one of our current openings.

PERKS

Working at COTA comes with many perks! At COTA, we are committed to workplace wellness and employee happiness. Some of the benefits for working full time at COTA include:

• Medical / dental / vision benefits
• 401k Match / retirement
• Monthly commuter benefits
• Annual bonus
• Flexible Fridays 
• Quarterly COTA Wellness days  
• Unlimited paid time off
• Paid sick time - 40 hrs/year
• 11 paid holidays per year
• Paid Parental leave
• Company team building events
• Educational lunch & learns
• Cause-driven employees
• Fun and productive culture
• Employee-led Diversity & Inclusion committee
• Healthy snacks
• Gourmet coffee and cold brew

LOCATION: New York City or Remote

OVERVIEW

We are looking for a Senior Information Security Systems Engineer to join our team. As the Senior Information Security Systems Engineer, you will assist in overseeing the Information Security Tools, Services, and Systems in conjunction with Security and Compliance leadership.  In addition to systems management and monitoring, this role will be the primary incident leader for Cybersecurity events.

HOW YOU WILL IMPACT COTA

• Assist in overseeing the Information Security Programs
• Owning and reporting on Information Systems to ensure compliance and maintain confidentiality, integrity, and availability of information
• lead risk and incident management activities
• provide subject matter expertise in designing and implementing security safeguards
• create, maintain and monitor security policies and procedures
• identify vulnerabilities, quantify risks, report findings and provide mitigation results
• maintain and report on information systems, controls, vulnerabilities, and risks

This position requires:

• One of the following certifications: CISSP, CISM, CRISC
• Deep experience in:
  • • security operations, including advanced threat management, vulnerability management, risk mitigation, and compliance
    • security architecture principles, including zero trust, identity management, application and data security, and SDLC best practices
    • modern security tools in areas such as SIEM, IDS, IPS, IAM and related domain tools
    • response and recovery from information security incidents
    • supply chain risk management
  • A clear ability to prioritize what needs to be done within a well-defined strategic plan
  • An ability to cultivate and build collaborative working relationships cross functionally
  • An ability to work with information technology staff supporting the organization’s IT functions
  • A commitment to leading the information security function in delivering high-quality, prompt, and efficient service to the business
  • Strong verbal and written communication skills
  • A well-developed understanding of and appreciation for organizational mission, values, and goals and consistent application of this knowledge
  • Strong decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate one
  • An ability to communicate complex and technical issues to diverse audiences, orally and in writing, in an easily understood, authoritative, and actionable manner
  • A working knowledge of the following areas of technical expertise: information policy and governance formulation, information security and cybersecurity management, business and IT risk management, and IT audits
  • The ability to provide senior leadership with factual reporting on system readiness, security findings, and risks

WHAT WILL YOU GAIN

• Communication skill enhancement via working with Executive management
• Information Security leadership strategy and planning
• Knowledge of and experience in information security and compliance program maintenance and support
• Program management ownership and accountability for organizational wide security functions including business operations, application and development security, and cross-organizational incident management leadership
• Experience in organizational change management and IT financial management
• Deeper experience in prioritizing complex projects against business needs

WHAT TO EXPECT IN YOUR FIRST YEAR AT COTA:

In thirty days, you will:

• Document all security systems and organizational stakeholders for Information Security
• Take over the day-to-day monitoring and reporting of information security systems
• Work with internal and external partners to implement or operationalize current projects
• Provide details to management on Information Systems “Current State”

In three months, you will:

• Provide Security Leadership with areas of improvement for Information Security Systems, Reporting, and Monitoring
• Review current information security risks, remediation plans, and procedures and provide recommendations to Compliance and Security leadership

In six months, you will:

• Lead security events, incidents, business continuity, and disaster recovery efforts
• Provide stakeholders subject matter expertise for vendors, partners, suppliers, and clients with business partners
• Provide security leadership with information to assess the maturity of the Information Security systems

In one year, you will:

• Provide technical expertise in systems compliance with the business to maintain current or achieve new certifications or assurances of the program
• Establish the baseline maturity level and requirements to grow our organizational security posture
• Assist and/or conduct business impact analyses

WHAT YOU BRING TO THE TABLE

• 4+ years of professional experience in an information security function, including analyzing and applying information security risk, risk management, policy development, and privacy practices
• 4+ years Cross-functional ITIL/ITSM/ISMS systems and frameworks
• 2+ years Security operations and systems monitoring support
• Experience working with national and international regulatory compliance frameworks such as ISO, SOX, GDPR, HIPAA, and PCI DSS
• Experience in HIPAA Security Rule compliance, risk analyses, audits and breach investigation for covered entity or business associate organization

NICE TO HAVE

• Focus on HITRUST, ISO 27001:2013 to 2022 implementations
• ISO 9000, 30xxx, 41xxx, COBIT 2019, COSO framework implementations
• Experience in strategic planning, budgeting, and allocation
• Additional certifications of value for the role: CGRC, CASP+, CCSP, Cloud+, SSCP, Security+, GSEC, Federal DoD Work Role ID: 722 - Information Systems Security Manager (advanced)

Salary: $100-$110K

At COTA, we are passionate about creating an inclusive workplace that celebrates and values diversity with the belief that it drives our innovation. Our commitment to diversity and inclusion is a guiding principle on how we build teams and develop leaders. As part of our commitment to building a respectful culture that encourages, develops and celebrates different backgrounds, experiences, abilities and perspectives all qualified applicants will receive consideration for employment without regard to race, color, religion, culture, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, veteran status or other applicable legally protected characteristics. All employment decisions, including decisions to hire and promote, will be based on merit, competence, business need and performance. 

We are a proud equal opportunity employer.

All employees who work from or enter COTA's office location or attend company events or meetings in-person must be fully vaccinated unless an exemption applies.

“NOTICE OF COLLECTION OF APPLICANT PERSONAL INFORMATION UNDER THE CALIFORNIA CONSUMER PROTECTION ACT (CCPA)

This Notice applies only to the collection of personal information from California residents on and from January 1, 2020. Cota (“we”) is committed to maintaining the privacy and security of our job applicants’ personal information. In connection with your application for employment, we will collect and process personal information that you provide to us or that we obtain through employment agencies, background check agencies, your professional or educational references or other third parties or service providers. This information includes contact information, such as name, email address, telephone number and other identifiers, professional or employment related information, and education information. We may also collect information concerning your protected characteristics if voluntarily provided by you. We will use your personal information and share it with third parties solely for purposes of considering your application for employment, and should you be hired, in connection with your employment.”

COTA's Privacy Policy