SmithRx is hiring a
Security Engineer

Summary

Join SmithRx, a rapidly growing Health-Tech company, as a Security Engineer to manage security policies, risk assessments, data protection strategies, and regulatory compliance initiatives. The ideal candidate will possess a solid understanding of industry security frameworks, data security practices, and emerging threats.

Requirements

• Bachelor's degree in Information Security, Computer Science, Information Technology, or a related field (or equivalent experience)
• 3+ years of experience in Information Security, focusing on GRC and/or Data Security
• Strong experience with security frameworks (ISO 27001, NIST, COBIT) and regulatory compliance (GDPR, HIPAA, PCI-DSS)
• Hands-on experience with data protection strategies, encryption technologies, and risk management tools
• Strong analytical and problem-solving skills with the ability to assess complex security risks
• Familiarity with security tools and technologies (Vanta, Zscaler, Snowflake, Encryption tools, DSPM)
• Excellent verbal and written communication skills to engage with both technical and non-technical teams
• Ability to manage multiple projects, prioritize tasks, and work effectively in a fast-paced environment
• Knowledge of cloud security principles and data governance in cloud environments is a plus
• Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or similar GRC and data security certifications preferred

Responsibilities

• Develop, implement, and maintain security policies, standards, and procedures to ensure compliance with industry standards (e.g., ISO 27001, NIST, GDPR, HIPAA, PCI-DSS)
• Conduct regular security risk assessments and audits to identify gaps in compliance and recommend corrective actions
• Monitor and report on the effectiveness of the organization’s security posture and risk mitigation efforts
• Stay up-to-date with regulatory changes and work with relevant departments to ensure compliance with data protection laws and frameworks
• Implement and manage data security solutions, including encryption, data masking, and secure data transmission protocols
• Collaborate with IT teams to safeguard sensitive data, such as personally identifiable information (PII) and intellectual property
• Monitor and respond to data breaches, data loss events, and other security incidents, ensuring rapid containment and investigation
• Conduct regular vulnerability assessments and data privacy impact assessments to ensure the integrity of organizational data
• Design and deliver security awareness training programs to educate employees on security best practices and compliance requirements
• Provide guidance on data security measures to teams handling sensitive information across the organization
• Assess the security posture of third-party vendors and partners to ensure they comply with the organization’s security requirements
• Collaborate with legal and procurement teams to integrate security requirements into third-party agreements
• Contribute to the development and execution of incident response plans, focusing on GRC and data security components
• Collaborate with incident response teams to ensure proper escalation, investigation, and mitigation of security events
• Continuously evaluate and improve security controls, GRC processes, and data security practices
• Research and stay current with emerging threats, technologies, and industry trends to proactively address potential risks

Benefits

• Highly competitive wellness benefits including Medical, Pharmacy, Dental, Vision, and Life Insurance and AD&D Insurance
• Flexible Spending Benefits
• 401(k) Retirement Savings Program
• Short-term and long-term disability
• Discretionary Paid Time Off
• 12 Paid Holidays
• Wellness Benefits
• Commuter Benefits
• Paid Parental Leave benefits
• Employee Assistance Program (EAP)
• Well-stocked kitchen in office locations
• Professional development and training opportunities