Job Description

WebMD (NASDAQ: WBMD) is the most recognized and trusted brand of health information and the leading provider of health information services, serving consumers, physicians, healthcare professionals, employers and health plans through our public and private online portals and WebMD the Magazine. The WebMD Health Network includes WebMD, Medscape, MedicineNet, eMedicine, RxList, and Medscape Education.  Our consumer portals and mobile health applications provide engaging, relevant and credible health and wellness information, personalized health assessment tools and access to online communities.

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status

Job Responsibilities

  • Accountable for the development, implementation and monitoring of a strategic, comprehensive enterprise information security program to ensure the availability, integrity and confidentiality of information across WebMD
  • Responsible for the overall information security program which, through automated and continuous monitoring, detects, contains and mitigates incidents that impair information security systems (e.g., antivirus software, firewalls, other security systems)
  • Provide leadership in the analysis and discussion of security policy, standards and practices; and guide the acquisition of advanced security technology;
  • Responsible for information protection policy compliance including network security architecture, network access and monitoring, and employee education and awareness
  • Provide leadership, guidance, evaluation and advocacy for institutional security audit responses
  • Evaluate risk and act expeditiously in making decisions and recommendations, while considering the technology environment
  • Lead and coordinate institutional responses to security incidents, providing timely reports during the incident and response, as well as proposing solutions to anticipate, prevent or mitigate future incidents;
  • Document and publish security standards, processes and procedures that WebMD is expected to meet.
  • Establishes organization security protocol requiring user identification and passwords, and protects networks from internal and external threat
  • Collaborates with various internal stakeholders to develop, document and implement procedures for handling security breaches
  • Develops and maintains an information security risk mitigation plan, including leading the security incident response team in prevention, investigation, mitigation and reporting activities
  • Ensures appropriate organizational policies, procedures, technical systems and workforce training on information and cyber security. Leads information security awareness training initiatives
  • Oversees outside consultants for independent security audits, engagements and monitoring, including regular penetration testing
  • Stays up-to-date on technology news, researching new security technology and safety protocols.
  • Balances information security needs with the organization’s strategic business plan, identifies risk factors, and determines solutions
  • Performs other duties as assigned

Job Qualifications

Education Required

  • A degree in Computer Science, Information Systems Management, Business Administration, or a related field;
  • Certification as a Certified Information Security Systems Security Professional (CISSP), Certified Chief Information Security Officer (CCISO), or Certified Information Security Manager (CISM);

Qualification/Skills Required

  • Demonstrated experience with technology policy and security administration;
  • Demonstrated leadership experience;
  • Demonstrated accomplishments in program leadership, policy development, and project management;
  • Demonstrated strong interpersonal and communications skills, plus the ability to achieve goals through influence, collaboration and cooperation;
  • Demonstrated ability to work with senior staff and senior technical personnel;
  • Knowledge of computer forensic investigation methodology and investigation tools to collect, analyze, and preserve electronic evidence; and
  • Integrity and high standards of personal and professional conduct.
  • Ability to think with a security mindset. The successful candidate has a strong IT background with expert level knowledge of a key security practice area: access control; application security; network security; monitoring; endpoint; etc.
  • Knowledge of web technologies including .NET and J2EE
  • Strong knowledge of regulatory standards that govern Information Security practices such as SOX, HIPAA, and state and federal privacy laws.
  • Experiencing managing and developing an ISO-27002 aligned security program.
  • Strong written and oral communication skills including the ability to interact directly with customers that do not have an IT background.

Preferred Qualifications:

  • Direct experience in the specific technical areas of systems administration, applications development, database administration, network operations, or data center operations;
  • Five years of experience with technology policy and security administration
  • Three years of Information Security demonstrated leadership experience
  • Experience working in a health related environment