Information Technology Security & Compliance Specialist (Full-time Hybrid, Morrisville, NC Based)

Information Technology Security & Compliance Specialist (Full-time Hybrid, Morrisville, NC Based) Under general supervision of the Supervisor of Network Security the IT Security & Compliance Specialist monitors and responds to IT security incidents and communicates unresolved security exposures, misuse, or noncompliance to appropriate Alliance staff. The position will also ensure IT security complies with federal, state, regulatory, customer and industry requirements, participates in investigations of suspected information security misuse, and analyzes application security needs based on the sensitivity or proprietary nature of the data and ensuring that all systems are utilized for Alliance-approved purposes only.

This is a full-time hybrid opportunity. Selected candidate must be available to report onsite to the Alliance Office in Morrisville 2 day per week for business meetings as needed. Selected candidate must reside in North Carolina.

Responsibilities & DutiesMonitor, Investigate, and Remediate cyber security incidents

• Monitor computer networks for security issues.
• Review system alerts and logs
• Investigate IT security and other cyber security incidents
• Identify and mitigate network vulnerabilities and communicate how to avoid them
• Remediate detected vulnerabilities to maintain a high-security standards
• Assist in the development of improved security measures and operate software to protect systems and information infrastructure
• Document security incidents, assess the severity, and report on remediation
• Perform scheduled maintenance audit checklist to include Security Systems (IDS, Firewalls, VPN), Anti-Malware Systems, Email Security, Log management, UBA, User account management, password management and endpoint management
• Deploy security patchePerform system security testing
• Perform tests to uncover network vulnerabilities and remediateAssist in developing IT security best practices
• Research security enhancements and make recommendations to management
• Assist in Development of company-wide best practices for IT securityAssist in Audits
• Assist in providing and maintaining evidence for security, state, financial and compliance auditsAssist IT Personnel with security management
• Provide resource assistance in the implementation of security best practices for business continuity planning, risk management, and disaster planning to senior level management and IT specialists to assist agency's development and maintenance of appropriate business continuity, risk management, and disaster plans
• Assist colleagues with installs of security software and understanding information security management
• Provide Tier 2 supportMinimum RequirementsEducation & ExperienceGraduation from a Community College or Technical School in an information technology related field and four (4) or more years of progressively responsible work experience in an information systems department, preferably in a healthcare or managed care environment which provided the opportunity to gain the knowledge and skills required to perform the duties of the position,ORBachelor's Degree in an information technology related field and two (2) or more years of progressively responsible work experience in an information systems department and network security, preferably in healthcare or managed care, which provided the opportunity to gain the knowledge and skills required to perform the duties of the position.

Knowledge, Skills, & Abilities

• Extensive knowledge of security program development and management
• Extensive technical knowledge of mainstream operating systems and a wide range of security technologies, such as network security appliances, identity and access management systems, cryptography, anti-malware solutions, automated policy compliance, and desktop security tools
• Extensive knowledge of needs assessments development and preparation of administrative reports
• Extensive knowledge of Cybersecurity risk and mitigation strategies
• Substantial knowledge in developing, documenting, and maintaining security policies, processes, and procedures and standards, strategic planning, implementation, and maintenance of information security programs
• Substantial knowledge of technical, substantive, and methodological issues and theories to direct technical staff
• Knowledge of and experience with computer network vulnerability testing and techniques
• Knowledge of HIPAA Administrative, Physical and Technical requirements
• Knowledge of and experience with firewalls, proxies, SIEM, antivirus, and IDPS concepts
• Knowledge of and experience with patch management with the ability to deploy patches in a timely manner while understanding business impact
• Skilled in the use of SharePoint, MS Word, Excel, PowerPoint, Outlook, and other productivity software
• Ability to provide security expertise and consulting
• Ability to plan, implement, and maintain strategic information security program inclusive of information security policies, regulations, standards, and procedures
• Ability to provide technical support and leadership on complex projects
• Ability to integrate other work specialties to achieve solutions to problems of high complexity
• Ability to recommend information technology security and privacy solutions to address complex and emerging information security and privacy issues
• Ability to work with network/system controls by understanding network architecture tiers and incorporate these principles into proposed system designs
• Ability to provide information security solutions to reduce information security and privacy risks
• Ability to provide security best practice recommendations as required by federal and state regulatory requirements
• Ability to provide security expertise and consulting to committees, boards, and lower-level technical analyst/specialist on a regular basis and to design information security awareness training programs
• Ability to provide guidance to legal, risk management, audit, compliance, and external entities on the resolution of information security issuesEmployment for this position is contingent upon a satisfactory background check and credit check, which will be performed after acceptance of an offer of employment and prior to the employee's start date.

Salary Range$81,873 - $104,388/AnnuallyExact compensation will be determined based on the candidate's education, experience, external market data and consideration of internal equity.

An excellent fringe benefit package accompanies the salary, which includes:

• Medical, Dental, Vision, Life, Long and Short Term Disability
• Generous retirement savings plan
• Flexible work schedules including hybrid/remote options
• Paid time off including vacation, sick leave, holiday, management leave
• Dress flexibility