Sr IT Security Analyst

Summary:
Reporting to the Chief Information Security Officer, the Senior Security Analyst has responsibility for assessing information risk, reporting on and facilitating remediation of identified vulnerabilities for IT security and IT risk across the health system.

Manages the continuous protection of systems and information assets by contributing to or leading teams in the execution and implementation of information security defense improvements involving architecture, processes, tools and automation.
Assists in establishing, reviewing and maintaining security related policies, plans, processes and procedures to contribute toward the protection of critical business functions from disruption due to system failure or unavailability and to ensure enterprise applications have appropriate protections in place.
Collaborates with IT staff to monitor the security posture of all networked systems and leads efforts to take appropriate steps to quickly deal with any identified vulnerabilities.

Provides network and security expertise and guidance for all aspects of information assurance.

Maintains a high level of technical expertise on server/network hardware and software and appropriate security tools.

Assists in the selection, evaluation, and implementation of information system security infrastructure and strategic and operational planning.

Supports efforts to meet HIPAA and PCI requirements utilizing established security framework, leading/contributing efforts toward assessment completion and action plan follow though.
Performs duties in compliance with and accordance to organizational policies and procedures, regulatory requirements and sound business practices.

Responsibilities:
(50%)*

Lead and/or contribute to security and access management planning meetings, project teams, and workgroups as required.

Refine and improve security management practices.

Develop and maintain policies, procedures and standards that meet existing and newly developed policy and regulatory requirements including HIPAA, HITECH and PCI.

Assist with maintenance and execution of the security incident response plans and processes.

(35%)*

Report, review, and audit adherence to established security policies and standards for assigned areas.

Work with internal and external audit teams to deliver timely responses to data collection requests and address questions for audits and examinations.

Perform vulnerability assessments as assigned utilizing IT security tools and methodologies.

Facilitate and monitor the performance of risk remediation tasks, changes related to risk mitigation and report on findings.

(10%)*

Manage access privileges to systems, applications and functions for assigned areas of responsibility.

Serve as an escalation point for the IT Service Center, End User Device Support, and Server/Infrastructure teams for security-related incidents.

Provide weekly project status reports, including outstanding issues.

Deploy critical security updates to system workstations and servers utilizing patch management software.

Develop and maintain metrics to measure and regularly report on security posture, including progress in areas such as patch management.

(5%)*

Provide in-depth gathering, analysis and interpretation of data from IT systems as needed to aid in investigations of security-related incidents.

OTHER DUTIES AND RESPONSIBILITIES
Following security best practices, monitors system capacity, availability and performance and makes recommendations for improvements.

Investigates opportunities and develops proposals to take advantage of system and network security technologies that best meet needs of the organization.

Leads and participates in teams to implement projects throughout the organization.

Leads troubleshooting and problem solving efforts for a range of IT technical issues involving security.

Consults with users, IT staff and others on system issues and capabilities and other areas within expertise.

Develops, maintains and tests incident response plans against a variety of scenarios.

Develops and implements security strategies appropriate to application tier and user needs.

Working with system administrators and vendors, analyze, recommend, plan and provision appropriate types of security technology to meet requirements.

Ensures that security options are properly configured, well documented, tested and successfully executed to maximize the overall benefit for the organization.

Adheres to Change Management standards.

Participates in call rotation for IT security when required.

Required Education:
Bachelors Degree

Other Information:
(50%)*

Lead and/or contribute to security and access management planning meetings, project teams, and workgroups as required.

Refine and improve security management practices.

Develop and maintain policies, procedures and standards that meet existing and newly developed policy and regulatory requirements including HIPAA, HITECH and PCI.

Assist with maintenance and execution of the security incident response plans and processes.

(35%)*

Report, review, and audit adherence to established security policies and standards for assigned areas.

Work with internal and external audit teams to deliver timely responses to data collection requests and address questions for audits and examinations.

Perform vulnerability assessments as assigned utilizing IT security tools and methodologies.

Facilitate and monitor the performance of risk remediation tasks, changes related to risk mitigation and report on findings.

(10%)*

Manage access privileges to systems, applications and functions for assigned areas of responsibility.

Serve as an escalation point for the IT Service Center, End User Device Support, and Server/Infrastructure teams for security-related incidents.

Provide weekly project status reports, including outstanding issues.

Deploy critical security updates to system workstations and servers utilizing patch management software.

Develop and maintain metrics to measure and regularly report on security posture, including progress in areas such as patch management.

(5%)*

Provide in-depth gathering, analysis and interpretation of data from IT systems as needed to aid in investigations of security-related incidents.

OTHER DUTIES AND RESPONSIBILITIES
Following security best practices, monitors system capacity, availability and performance and makes recommendations for improvements.

Investigates opportunities and develops proposals to take advantage of system and network security technologies that best meet needs of the organization.

Leads and participates in teams to implement projects throughout the organization.

Leads troubleshooting and problem solving efforts for a range of IT technical issues involving security.

Consults with users, IT staff and others on system issues and capabilities and other areas within expertise.

Develops, maintains and tests incident response plans against a variety of scenarios.

Develops and implements security strategies appropriate to application tier and user needs.

Working with system administrators and vendors, analyze, recommend, plan and provision appropriate types of security technology to meet requirements.

Ensures that security options are properly configured, well documented, tested and successfully executed to maximize the overall benefit for the organization.

Adheres to Change Management standards.

Participates in call rotation for IT security when required.

#J-18808-Ljbffr