This prime will be responsible for ensuring that all applications within Health Plans SDO are developed and deployed adhering to all required security requirements including: proper access control, proper encryption at rest and in transit, vulnerability assessment, threat modeling, offensive security, proper key management and all appropriate security controls.
Design, Coding, Testing, Documentation in the areas of Development and Maintenance
Ownership of assigned software and non-software deliverables
Liaison with Business Analysts and/or internal / external customers to ensure that requirements are understood
Production of accurate, unambiguous technical design specifications to the required level of detail in the timescales as defined by the PM
Production, preparation and execution of unit test plans
Production of efficient and fully documented code.
Production of supporting technical and installation documentation for internal and external publication
Achievement of agreed productivity targets in order to ensure developments are delivered within budget, to schedule and to defined quality standards
Completion of all necessary software and non-software components in the timelines as defined by the Project Manager
Works with little supervision from project or line manager
Quality and adherence to Standards
Tech Specs, Code and/or Unit Test Plans produced are all in line with the Traceability Matrix/Functional Specification.
Ensure all work is reviewed to ensure adherence to the relevant development standards
Peer review and sign-off of others work
Timely and accurate reporting of project status as required by Line or Project Manager
Production and revision of accurate detailed estimates
Escalate product issues and suggest product improvements
Escalate all issues in a timely fashion
Mentor junior team members in best practices and standards
Provide oversight for Security on all Health Plans products
Provide insight to development teams on roles-based access controls as well as mandatory and discretionary access controls
Regularly audit access controls to ensure standards are being upheld
Provide audit reports for compliance needs
Provide security reviews for all Health Plan products. This includes but is not limited to:
HIPAA requirements for encryption at rest and in transit
Secure access controls
Compliance with Governance teams to document standards and procedures in alignment with Allscripts/Veradigm policies
Ensure HITRUST, NIST CSF, and ISO compliance for all Health Plans products
Manage information security projects in collaboration with Operations, DevOps, and Software Engineering organizations
Coordinate with Allscripts Privacy and Security teams for alignment to company policies and compliance requirements
Bachelor’s Degree in Computer Science or a related field.
Deep technical understanding of security vulnerabilities and risks, as well as countermeasures and compensating controls
Minimum of five years professional experience in the Information Security industry, to include knowledge and understanding in the areas of the Software Development Life Cycle (SDLC), IT Operations, Data Center Operations, IT Project Management, and IT auditing/compliance.
Minimum of three years practical experience designing and implementing enterprise information technology security services.
2+ years experience with cloud based deployments
Strong demonstrated knowledge of network, server, desktop, storage, and database infrastructure and how security relates to the overall IT and business environment.
Development background is strongly preferred
Previous vulnerability management experience; penetration testing is preferred
Demonstrated professional experience in preparing and presenting information effectively, clearly, and concisely, in written and spoken form.
Clear communicator and good interpersonal skills
Very little or no travel is required in this role.
Monday through Friday or as defined by local requirements
Telecommuting is allowed.
Internal Number: 2019-21579
Welcome to Allscripts! Our Mission is to be the most trusted provider of innovative solutions that empower all stakeholders across the healthcare continuum to deliver world class outcomes. Our Vision is a Connected Community of Health that spans continents and borders. With the largest community of clients in healthcare, Allscripts is able to deliver an integrated platform of clinical, financial, connectivity and information solutions to facilitate enhanced collaboration and exchange of critical patient information.