Or email your resume to [email protected]
Apply for this Job below or Call Us at 1-888-743-7782
IT Security Analyst
IT Security Analyst
The role of the Information Technology Security Analyst is to serve as the company’s expert in securing servers, workstations, networks, telephone systems, and any other means by which information is received, created, stored, or transmitted. The ITSA reports to the Security Officer.
The ITSA position requires a well-rounded individual possessing both technical IT savvy and people skills (such as those required for training, coordinating, and leading others). The ITSA candidate should be well-versed on threat trends, to include being up-to-date on hacker methodologies, vulnerabilities, and how to counter them. The ITSA candidate should be able to demonstrate past success at coordinating initiatives requiring input by other (non-IT) business areas such as Legal and Compliance. The ITSA candidate should be able to demonstrate having a knowledge and methodology for leadership of IT personnel in implementing security processes in a manner that is compatible with the Company’s values and culture. The ITSA should be a highly competent communicator, able to translate and communicate direction from leadership to IT staff, and to communicate training and pertinent information from IT staff to the rest of the Company.
Essential Duties and Responsibilities – Other duties may be assigned.
1. Creates and executes the company’s information security training program to include documentation and audits for employees.
2. Collaborates with the Security Officer, Compliance, Legal, and Business Leadership to implement the Company’s security policies. This includes periodic risk assessment of all sensitive information held by the Company; designs and implements new processes with periodic audits, monitoring, reviews and updates processes as needed.
3. Advises the Company utilizing technical expertise on ongoing information risk management. The ITSA will work with the Security Officer to execute processes to locate and characterize the company’s information; identifies and assesses risks to that information; prioritizes risk mitigation measures; and executes corrections according to prioritization.
4. Executes a range of recurring, routine, and day-to-day activities to ensure the information security program runs smoothly and that compliance with standards and policies is provable by ongoing documentation. This includes duties related to training, patch management, server/infrastructure monitoring, review of access privileges, review of access logs and other metadata, review and optimization of access controls and other settings, review and administrator privileges, and other duties.
5. Reports to the Security Officer regarding internal and external threats and vulnerabilities, safeguards in place against threats and vulnerabilities, effectiveness of safeguards, and recommendations for reducing the company’s risk to threats and vulnerabilities. The ITSA will incorporate the Security Officer’s direction regarding prioritization of corrections into the risk management program.
6. Identifies areas in which data can be minimized, and implements data minimization processes to reduce the information retained by the Company. Works with the Security Officer and other leadership to execute Company directives and policies related to data retention and destruction, and designs and implements data reduction processes to comply with those directives and policies.
7. Ensures periodic review, testing, and incremental improvement of the Company’s business continuity, disaster recovery, and emergency operations plans. When one of these plans is initiated, the ITSA will serve as a resource to Company leadership and will facilitate execution of the plan.
This job profile is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee. Other duties, responsibilities and activities may change or be assigned at any time with or without notice.
To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
• Bachelor's degree in Computer Science or equivalent with at least 3 years’ experience in an IT information security role.
• Master’s Degree in cybersecurity or related field preferred.
• CISSP Certification
Qualifications and Experience
• Must have 3 years of relevant experience in a similar role.
• Strategic level knowledge of laws and regulations related to healthcare information security.
• Working knowledge of server controls, firewalls, and IT infrastructure.
• Demonstrated ability to define and implement log auditing and monitoring processes designed to identify anomalous activity indicative of an external penetration or internal malicious actor.
• Demonstrated ability to communicate to leadership via reports and presentations as needed.
• Experience with IT information security training and documentation.
• Strong leadership and communication skills (clear and concise), strong business acumen combined with solid analytical/problem solving skills
• Demonstrated experience in contracting and managing external vendors and technical teams (including offshore resources)
• Fast learner, adaptable to work in a dynamic and fast paced work environment.
• Ability to work independently and multi-task / managing multiple projects (or components) simultaneously, comfortable with fast pace and ambiguity
Proficient in Microsoft Office applications, with intermediate CRM (preferably Salesforce), BI/DWH tech and concepts, ERP, Data Integration, SW Development, and .Net/Java platforms. Advanced Database Technologies skills.
Certificates and Licenses:
• Security+ or equivalent