Sr. Information Security Analyst

About The Position

Requirements

• Bachelor's Degree from an accredited college or university.
• Three (3) years working as a privacy-security compliance specialist, information security specialist, or information technology auditor.
• Seven (7) years working as a privacy-security compliance specialist, information security specialist, or information technology auditor.

Nice To Haves

• Bachelor's Degree in Information Technology, Information Security, or related field(s) of study from an accredited college or university; and
• Two (2) years working as a privacy-security compliance specialist, information security specialist, or information technology auditor in a healthcare environment.
• One (1) year in a senior or team lead role.
• One (or more) of the following certifications:
• Certified Information Systems Security Professional (CISSP)
• Certified Information Security Manager (CISM)
• CompTIA Security+
• CompTIA Cybersecurity Analyst (CySA+)
• CompTIA Advanced Security Practitioner (CASP+)
• SANS GIAC Security Essentials (GSEC)
• Certified in Risk and Information Security Controls (CRISC)

Responsibilities

• Controls the addition and modification of user identifiers, user credentials, or other object identifiers. Perform access reviews of network and application user accounts.
• Performs tests on backup media for information integrity, as necessary.
• Coordinates cybersecurity incident response activities with interested personnel and affected parties. Responds to triage alerts from security systems in a timely manner. Periodically test the cybersecurity incident response plan and related procedures.
• Compiles event logs from Security Incident Event Manager (SIEM) and other components into a system-wide, time-correlated audit trail. Establish and maintain logging and monitoring operations. Identify potential cybersecurity events in SIEM and audit logs. Include incident alert thresholds in continuous security alert monitoring procedures. Monitor systems for inappropriate usage and other security violations. Review SIEM event logs, Intrusion Detection System reports, security incident tracking reports, vulnerability scan reports, and other security logs regularly.
• Establishes and maintains a data security awareness program. Evaluates the effectiveness of end-user information security training via email phishing and other campaigns. Provide end-user information security training via multiple platforms (newsletters, videos, in-person discussion, et. al.). Conduct periodic phishing simulations of the workforce.
• Develops and monitors key performance indicators (KPIs) to ensure the effectiveness of the information security program. Develops, implements, and maintains information security standards, policies, and procedures in accordance with established information security governance frameworks and regulations (NIST, HIPAA, et. al.).
• Job description is not an all-inclusive list of duties and may be subject to change with or without notice. Staff are expected to perform other duties as assigned.
• Must be able to complete all job duties and functions of the role with or without assistive/adaptive devices, and/or reasonable accommodations.
• Work environments may differ based on job functions and location. Work is subject to schedule changes and/or variable work hours.