Information Technology Security Specialist

Imaging Endpoints (IE) is an Imaging Technology and Imaging Clinical Research Organization (iCRO).We are passionately focused on our vision to Connect Imaging to the CureTM. Everything we do is aligned with this singular purpose. We work everyday excited to advance imaging science, technology, and services to bring curative technologies to humankind. We have supported many of the most impactful new drug approvals in oncology, and we are seeking the most talented individuals globally that are passionate in their desire to assist us in our mission to customize each clinical trial's imaging to optimize the opportunity to demonstrate efficacy.

Imaging Endpoints is based in Scottsdale, Arizona, with offices in Cambridge, Massachusetts; London, UK; Leiden, Netherlands; Basel, Switzerland; Hyderabad, India and Shanghai, China. We are an affiliate of HonorHealth, one of the largest healthcare systems nationally, and Scottsdale Medical Imaging Limited (SMIL/RadPartners), the largest private radiology group in the United States. We are recognized as the world's largest and most preeminent iCRO in oncology.

The IT Security Specialist is primarily responsible for implementing, maintaining, and enhancing security measures to safeguard sensitive data and ensure compliance with regulatory requirements. The IT Security Specialist role requires flexibility to work with various technologies and the abilityto adapt to different shifts to provide continuous security coverage. The individual in this role must collaborate closely with cross-functional teams, including Innovation and IT, Security Operations, and Compliance and Regulatory Affairs, to perform Information Security risk assessments for IE and suppliers, analyze security risks, detect and respond to incidents, and develop proactive strategies to mitigate potential threats. The IT Security Specialist must have expertise in Data Loss Prevention (DLP), Microsoft 365 (M365) technologies to join our dynamic team, conducting internal security audits with respect to AWS, privilege access. This role offers an exciting opportunity to contribute to the protection and integrity of IE's critical information assets.

RESPONSIBILITIES

• Monitor, execute, and continuously improve Information Security Management System (ISMS) activities, including internal ISMS audits, enterprise risk assessments, monitoring of information security objectives, management reviews (MRM), and annual reviews and updates of ISMS documentation.
• Prepare for and provide support during external ISO/IEC 27001 audits, ensuring timely readiness and effective closure of audit findings.
• Conduct third-party risk assessments during supplier onboarding and perform periodic reassessments throughout the year to manage ongoing vendor risk.
• Verify security requirements following the implementation of tools, technologies, and system changes to ensure alignment with defined security standards
• Design, implement, and administer Data Loss Prevention (DLP) solutions across multiple environments, including policy definition, configuration, deployment, and continuous monitoring.
• Monitor DLP alerts, investigate incidents, and provide timely response and remediation actions to mitigate risks.
• Collaborate with stakeholders to identify and classify sensitive data, define data handling and protection procedures, and enforce data security policies.
• Conduct regular assessments and audits of DLP solutions to ensure effectiveness, accuracy, and alignment with industry best practices.
• Stay updated with emerging threats, vulnerabilities, and regulatory requirements, and provide recommendations for enhancing DLP and overall security controls posture.
• Assist in designing, implementing and management of security measures within the Microsoft365 (M365) suite, including but not limited to Azure AD, Exchange Online, SharePoint Online, and Teams.
• Conduct security reviews and audits of Active Directory logs, firewall configurations, and other relevant security monitoring systems.
• Perform periodic audits of privileged account access and review AWS security groups and network access control lists (ACLs) to ensure least-privilege access.
• Coordinate penetration testing activities with external vendors and internal teams, track identified vulnerabilities, and ensure timely remediation and closure.
• Collaborate with Compliance and Regulatory Affairs teams to ensure adherence to applicable security standards, such as GDPR, HIPAA,, etc., by establishing appropriate controls within DLP and M365 environments and data centers.
• Participate in incident response activities, including investigation, containment, eradication, and recovery, ensuring minimal impact on the organization.
• Provide technical guidance and expertise to internal teams and end-users regarding DLP and M365 security controls, best practices, and training initiatives.

EDUCATION AND EXPERIENCE

• Bachelor's degree in Computer Science, Information Security, or a related field. Relevant certifications (e.g., ISO 27001 Lead Implementer, Security +, CISM, CCSP) are a plus.
• Proven experience (7+ years) as a Security Specialist, specializing in DLP technologies and Microsoft 365 suite.

SKILLS

• Strong understanding of DLP concepts, policies, and technologies, including DLP solutions from leading vendors.
• In-depth knowledge of Microsoft 365 suite, including Azure AD, Exchange Online, SharePoint Online, Teams, and associated security controls.
• Strong understanding of ISO 27001 implementation and auditing
• Strong understanding of PAM solutions
• Good understanding of AWS network security concepts
• Familiarity with industry standards and regulations related to data privacy and protection (e.g., GDPR, HIPAA, PCI DSS).
• Experience with security incident response, threat intelligence, and vulnerability management processes.
• Flexible to work in shifts to provide round-the-clock security coverage, including nights, weekends, and holidays (On demand).
• Proficient in analyzing security logs, identifying anomalies, and responding to security incidents effectively.
• Excellent problem-solving skills and the ability to think critically in a fast-paced environment.
• Strong communication skills, both verbal and written, with the ability to convey complex security concepts to technical and non-technical stakeholders.

IMAGING ENDPOINTS TEAM CHARACTERISTICS

• Passion to Connect Imaging to the CureTM and pursue a meaningful career by improving the lives of cancer patients through imaging.
• Strong desire to be part of a dynamic, global team working closely together and growing year after year in a rewarding environment to help humanity through imaging.
• Commitment and caring for our fellow team members, their families, and the communities IE serves - see more information about Caring Endpoints at https://caringendpoints.org/.
• Integrity and high ethical standards; we always do the right thing.
• High intellect and ingenuity; we enjoy solving problems, finding a better way, and the challenge of making a difference by improving lives.
• Structured, organized, detail-oriented, and self-motivated; we approach each day with a detailed plan and excitement to accomplish the day's objectives while striving to improve ourselves and IE.
• Accountable; we do what we say and communicate effectively to meet deadlines; we enjoy advancing clinical trials, helping patients, and celebrating success.
• High standard for excellence; we proof our own work, hold high standards for ourselves and our team, and always prioritize quality above all else.

PHYSICAL REQUIREMENTS

While performing the duties of this job, the employee is regularly required to use hands to finger, handle, or feel; reach with hands and arms andtalk and hear. The employee is frequently required to sit. Specific vision abilities required by this job include close vision, color vision, ability to adjust focus.

TRAVEL

About 5 – 10 % travel (domestic and/or international)