Information Security Analyst

About The Position

Requirements

• Bachelor's degree in IT, Cybersecurity, Computer Science, or a related field (a Master’s degree may substitute for 2 years of experience).
• 8 years of professional-level IT experience, with at least 3 years specifically performing information security functions in a healthcare environment.
• Current CISSP, CISM, or CEH (Certified Ethical Hacker) certification is required.
• Strong understanding of firewalls, proxies, SIEM, antivirus, and IDPS concepts, along with proficiency in virtualization and Windows-based systems.
• In-depth knowledge of HIPAA and FISCAM security guidelines and a working knowledge of frameworks such as NIST, ISO 27001, or COBIT.
• Candidate must reside in the state of California.
• Must be a US Citizen or Green Card holder.

Responsibilities

• Security Monitoring & Investigation: Monitor computer networks for security issues, lead the investigation of breaches in collaboration with the Information Security Manager, and document damage assessments.
• Compliance & Auditing: Assess the efficacy of existing measures to ensure they meet HIPAA and FISCAM security standards; conduct proactive system vulnerability audits and manage annual penetration testing with vendors.
• Solution Implementation: Participate in the evaluation, design, and implementation of new security solutions, including firewalls and data encryption programs, to protect the organization's computer networks from cyber-attacks.
• Risk Advisory: Analyze software and systems requirements to provide objective advice on security risks and develop clear remediation options for management and senior ITS staff.
• Policy & Documentation: Assist with the development of security policies, procedures, and standards; maintain comprehensive documentation of computer security procedures and tests.
• Training & Phishing Defense: Develop high-impact training materials and presentations to educate the organization on data security, including frequent training on how to detect and avoid phishing attempts.