Senior IT Security Administrator
Description:
Job Summary:
We are seeking a highly skilled and experienced Senior IT Security Administrator to join our growing cybersecurity team. The ideal candidate will have a proven track record in securing IT environments, with expertise in email security, MDR/EDR solutions, security risk analysis, and leading security awareness initiatives.
This is a hands-on role that requires a deep technical background, strong problem-solving abilities, and the ability to independently lead and execute complex security projects. As a key member of the security team, you will take the lead in identifying vulnerabilities, responding to security incidents, and contributing to the design and implementation of cutting-edge security strategies to safeguard the organization’s IT infrastructure.
The role is also heavily focused on preparing for and supporting audits and compliance activities aligned with HIPAA, NIST, ISO 27001, and other security frameworks. Experience in a healthcare environment and familiarity with HIPAA compliance is strongly preferred.
Schedule will be Mon through Friday- 9:00am – 5:00pm. Salary range $80k – $95k, negotiable based on experience.
Key Responsibilities:
Security Incident Response & Investigation:
Lead and manage end-to-end incident response efforts, including detection, analysis, containment, and remediation of security incidents.
Conduct thorough forensic investigations on potential breaches and security incidents, providing actionable insights and recommendations to enhance defense mechanisms.
Develop and refine incident response plans to ensure rapid and effective mitigation of security events.
Establish and enforce security policies and frameworks to ensure long-term, comprehensive protection of organizational assets.
Security Risk Management & Assessment:
Lead comprehensive risk assessments to evaluate threats, vulnerabilities, and potential impacts to IT systems, applications, and networks.
Drive proactive risk management initiatives, including vulnerability assessments, penetration testing, and implementation of mitigation strategies.
Provide expert guidance on risk prioritization and integrate risk management into business processes to align with organizational goals.
Security Project Execution & Leadership:
Take ownership of key security projects, ensuring they are aligned with organizational goals and compliance requirements.
Collaborate with cross-functional teams (IT, legal, development, compliance) to deploy security technologies (e.g., SIEM, firewalls, IDS/IPS, EDR/MDR solutions).
Lead the execution of security projects, ensuring that controls are effective, up-to-date, and scalable.
Advanced Threat Detection & Monitoring:
Configure, manage, and optimize advanced threat detection and monitoring systems, including SIEM, endpoint protection, email security solutions, and intrusion detection/prevention systems.
Continuously monitor the threat landscape and emerging risks, ensuring proactive detection and rapid, effective responses to advanced threats.
Security Compliance, Governance & Policy Development:
Ensure organizational alignment with HIPAA, NIST, ISO 27001, GDPR, and other regulatory frameworks by supporting internal and external audits, assessments, and risk reviews.
Develop, implement, and maintain robust security policies and procedures to ensure a secure operating environment and compliance with applicable regulations.
Partner with legal, risk, and compliance teams to ensure all security practices support healthcare-specific regulatory obligations, including HIPAA Security and Privacy Rules.
Collaboration, Training & Awareness:
Act as a cybersecurity subject matter expert, collaborating with internal teams (IT, development, legal, compliance) to ensure secure application development and deployment.
Lead and conduct security awareness training for staff, ensuring all employees are equipped to recognize and mitigate threats such as phishing and social engineering.
Foster a culture of cybersecurity awareness by providing ongoing education and measuring training effectiveness through key metrics and engagement tracking.
Documentation & Reporting:
Maintain detailed, accurate records of security incidents, audits, assessments, vulnerabilities, and remediation actions.
Provide regular reports to senior leadership, summarizing security posture, incident trends, key metrics, and audit readiness.
Qualifications:
Experience:
5+ years of hands-on experience in IT security or cybersecurity roles, with a proven history of independently managing complex security projects.
In-depth experience in email security, MDR/EDR solutions, vulnerability management, and enterprise security tools.
Strong incident response and advanced threat detection experience, including forensic investigation.
Experience working in or supporting healthcare organizations and maintaining HIPAA compliance is highly preferred.
Technical Skills:
Deep knowledge of network protocols, security architecture, and operating systems (particularly Windows).
Proficiency with security tools including SIEM, IDS/IPS, firewalls, encryption, IAM, and endpoint/email security platforms.
Experience with scripting or automation (Python, PowerShell, Bash) to enhance security operations and streamline incident response.
Certifications (Preferred, but not required):
CISSP, CISM, CEH, CompTIA Security+, or other relevant certifications.
Healthcare-specific certification (e.g., HCISPP) is a strong plus
Skills and Attributes:
Exceptional analytical and problem-solving skills with the ability to resolve complex security issues quickly.
Strong project management capabilities; able to lead multiple initiatives in fast-paced environments.
Excellent written and verbal communication skills; able to convey complex technical content to non-technical stakeholders.
Detail-oriented, proactive, and highly self-motivated with the ability to prioritize and manage multiple initiatives effectively.
Proven ability to mentor junior staff and foster a collaborative, security-first team culture.
Additional Information:
Work Environment:
Fast-paced, collaborative, and innovative-driven environment.
Opportunities to work on high-impact, compliance-critical cybersecurity projects.
Why Join Us
Competitive salary and comprehensive benefits package
Supportive, inclusive, and growth-focused company culture.
Access to continuous professional development and certification support
Flexible work environment (remote/hybrid options available)
BCHP will recruit, hire, train, transfer, promote, layoff and discharge associates in all job classifications without regard to their race, color, religion, creed, national origin, alienage or citizenship status, age, gender, actual or presumed disability, history of disability, sexual orientation, gender identity, gender expression, genetic predisposition or carrier status, pregnancy, military status, marital status, or partnership status, or any other characteristic protected by law