Senior Information Security Analyst

Position Purpose This position is responsible for analyzing and reporting on IT infrastructures and platforms to ensure the confidentiality, availability, and integrity of data across the health system. The Sr. ISA delivers qualitative and quantitative analysis of the systems and processes supporting the health system's risk management program while managing multiple projects and maintaining technical currency with emerging security technology. The Sr. ISA helps develop and maintain security policies and procedures, as well as the education and awareness program. Nature and Scope The skills required in this position include creation, maintenance and monitoring of access control, data integrity, and data loss prevention all Renown systems, medical devices, and associated information assets. The analyst will be responsible for assisting with:

• Creation and maintenance of various department tools, which includes working with various information databases (e.g., SQL).
• Responses to audit action items that include providing supporting documentation to auditors, evaluating audit results for relevance/accuracy, and collaborating with teams to remediate audit findings.
• Creating, updating, reviewing department and organizational wide policies and procedures to adhere to industry best practices, laws, and organizational requirements.
• Responsible for organizational wide information security training and awareness to ensure employees understand the integral role they play in safeguarding the company's information assets against unauthorized use and disclosure.
• Performs risk assessments on third party vendors evaluating on security best practices and legal requirements to ensure that Renown does not inherent unacceptable risk by doing business with that vendor.
• Works alongside team members to effectively analyze and assess any new technologies and/or ideas that would be considered a security risk and therein perform evaluations and give feedback on any recommended or required remediation.
• Responsible for the direct oversight and management of incidents that would be considered a security risk including system outages, malicious cyber threats, and/or any situation where there is a loss of productivity due to system failure.
• Responsible for the development, setup, maintenance, and enforcement of identity access management and multi-factor authentication policies and procedures.
• Responsible for the implementation, maintenance and tuning of a data loss prevention program in order to assure data privacy and security is in compliance with company policies and state and federal laws.
• Responsible for vulnerability remediation and penetration testing of the Renown network to futureproof against potential exploits.
• Discover and report any systems and/or users that are not conforming to the Renown usage policy and report their findings to HR.
• Responsible for investigating, classifying, documenting, remediating, and reporting on cyber security incidents that would be considered a risk to the company.

The incumbent, under guidance of Leadership, has the authority to change, determine and/or request the available resources required to ensure the security of the data communications network, and to make decisions and recommendations relative to maintaining a secure networking environment or improving business functionality. Decisions that must be referred to the leadership include software and hardware acquisitions, personnel management, policy deviations, financial matters, and changes that could adversely impact network security performance and/or integrity. Also, under the guidance of Leadership, the cyber security analyst will be responsible for the maintenance of the identity access management and data loss prevention systems. The analyst will audit user activity to enforce compliance with regulatory and Policy requirements to mitigate risk and protect Renown Health's information assets. This position does not provide patient care. Disclaimer The foregoing description is not intended and should not be construed to be an exhaustive list of all responsibilities, skills and efforts or work conditions associated with the job. It is intended to be an accurate reflection of the general nature and level of the job. Minimum Qualifications Requirements - Required and/or

Preferred Name Description Education:

Must have working-level knowledge of the English language, including reading, writing, and speaking English. Requires B.S. or B.A. in information technology or related field. Prefer concentration in information security or cybersecurity. Experience may be substituted for education on a year-for-year basis. Prefer demonstrated ability in creating oral and written analytical reports and presentations.

Experience:

Requires 3 (three) years in cybersecurity and IT. Also requires 5 years Information technology, desktop, system administrator, or application administrator is a plus. License(s): None Certification(s): Preferred Security+, Certified Information Security Systems Professional (CISSP), Systems Security Certified Practitioner (SSCP), or Certified Information Systems Auditor (CISA). Computer /

Typing:

Must be proficient with Microsoft Office Suite, including Outlook, PowerPoint, Excel, and Word and have the ability to use the computer to complete online learning requirements for job-specific competencies, access online forms and policies, complete online benefits enrollment, etc.