Information Security - Sr. Security Analyst - 40hrs

About The Position

Requirements

• Five years of relative IT experience.
• System Administration and Network Security knowledge and experience.
• Workstation, Application and Database security, experience.
• Knowledge of principles for risk identification and analysis.
• Knowledge of regulatory standards such as HIPAA Privacy and Security Rule, HITECH, SOX, and PCI/DSS.
• Experience and knowledge of Information Security Policies.
• Familiar with Healthcare industry security standards and compliance requirements.
• Must have knowledge of and experience with the following: Microsoft Operating systems Windows Server, Windows XP and Windows 7 Desktop operation systems.
• Some database knowledge is preferred.
• Knowledge and use of Microsoft Office Suite.
• Security Incident and Event Management processes and Change Control Management process.
• Excellent Communication Skills (Oral and Written).
• Attention to detail.
• Problem solving.
• Customer focus.
• Ability to prioritize work and multi-task effectively.
• Process Improvement skills and experience.
• Project Management skills.
• Strong analytical and problem solving skills.
• Ability to work independently and complete tasks in a timely manner.

Nice To Haves

• BA degree in Computer Science or other related degree is preferred.
• Experience with Epic and background in Healthcare is highly desired.
• CISA or Security+ certification is a plus.

Responsibilities

• Receives escalated requests/tickets, analyzes and troubleshoots complex security problems, and develops creative solutions using critical thinking to determine the best solution for the specific problem.
• Documents resolved issues and solutions for reference by team members.
• Develops role-based security profiles with department, system engineers, and application analysts.
• Ensures that profiles provide the appropriate access to users based on their job requirements and can be re-used by others assigned to the same organizational role.
• Configures Active Directory settings and Identity Management functions per the overall IS and CCMC security posture and framework.
• Participates in the enhancement of security procedures to reduce turnaround on the various security requests.
• Implements new procedures that utilize parallel processes to create security accounts and leverage new technology such as Single Sign-On and Two Factor authentication and helps streamline security configurations.
• Executes processes that disable and clean-up unused, old, and expired accounts according to best security practices.
• Safeguards computer files by participating in disaster preparedness and business continuity exercises; recommending improvements.
• Participates in the evaluation, selection, and implementation of virus, malware, and other security software in collaboration with Workstation Support and System Engineer teams.
• Participates in continuing education programs that communicate changing security practices, procedures, and standards to employees, providers, and team members.
• Analyzes systems for security breaches and reports discrepancies to Security Leadership immediately.
• Documents identified issues.
• Conducts vulnerability assessments and penetration tests on IT systems.
• Assesses results and reports any identified gaps to Security Leadership.
• Helps IS team develop processes and procedures to comply with Corporate Compliance policies.
• Determines security violations and inefficiencies by actively auditing and monitoring of computer systems and accounts.
• Provides On-call support as required.
• Performs all the duties of a Security Analyst.
• Performs other related duties as assigned.