Information Security - Sr. Security Analyst - 40hrs

SUMMARY Reporting to the Director of Information Security the Security Analyst Manages security mechanisms to protect computer assets against hackers, external and internal breaches, viruses, spyware and malware by establishing, enforcing and monitoring appropriate security controls, responds to security incident, investigates violations, provisioning of users accounts and recommends enhancements to mitigate risk. The Security Analyst is also an active participant in disaster preparedness and business continuity. EDUCATION and/or

EXPERIENCE REQUIRED

Education Preferred:

BA degree in Computer Science or other related degree is preferred with 3-5 years of Information security; years of experience can be substituted for degree level.

Experience Required:

Experience Preferred:

Experience with Epic and background in Healthcare is highly desired LICENSE and/or

CERTIFICATION REQUIRED

CISA or Security+ certification is a plus

KNOWLEDGE, SKILLS AND ABILITIES REQUIRED KNOWLEDGE OF

Five years of relative IT experience. System Administration and Network Security knowledge and experience Workstation, Application and Database security, experience Knowledge of principles for risk identification and analysis, Knowledge of regulatory standards such as HIPAA Privacy and Security Rule, HITECH, SOX, and PCI/DSS Experience and knowledge of Information Security Policies , Familiar with Healthcare industry security standards and compliance requirements. Experience with Healthcare systems preferred. Must have knowledge of and experience with the following: Microsoft Operating systems Windows Server, Windows XP and Windows 7 Desktop operation systems, Some database knowledge is preferred, knowledge and use of Microsoft Office Suite, Security Incident and Event Management processes and Change Control Management process

SKILLS:

Excellent Communication Skills (Oral and Written), Attention to detail Problem solving Customer focus Ability to prioritize work and multi-task effectively Process Improvement skills and experience Project Management skills Strong analytical and problem solving skills

ABILITY TO

Must also have the ability to work independently and complete task in a timely manner. Receives escalated request/tickets, analyze and troubleshoot complex security problems, and develop creative solutions using critical thinking to determine the best solution for the specific problem. Document resolved issues and solutions for reference by team members. Develop role based security profiles with department, system engineers and application analysts. Ensure that profiles provide the appropriate access to users based on their job requirements and can be re-used by others assigned to the same organizational role. Configure Active Directory settings and Identity Management functions per the overall IS and CCMC security posture and framework. Participate in the enhancement of security procedures to reduce turnaround on the various security requests. Implement new procedures that utilize parallel processes to create security accounts and leverage new technology such as Single Sign-On and Two Factor authentication and help streamline security configurations. Execute processes that disable and clean-up unused, old and expired accounts according to best security practices. Safeguards computer files by participation in and disaster preparedness and business continuity exercises; recommending improvements. Participate in the evaluation, selection and implementation of virus, malware, and other security software collaboration with Workstation Support and System Engineer teams. Participate in continuing education programs that communicate changing security practices, procedures and standards to employees, providers and team members Analyze systems for security breaches and report discrepancies to Security Leadership immediately. Document identified issues. Conduct vulnerability assessments and penetration tests on IT systems. Assess results and report any identified gaps to Security Leadership. Help IS team develop processes and procedure to comply with Corporate Compliance policies. Determines security violation and inefficiencies by actively auditing and monitoring of computer systems and accounts. Provide On-call support as required. Perform all the duties of a Security Analyst. Perform other related duties as assigned.

WORK ENVIRONMENT

Requires On-Call rotation duties