Information Security Analyst - FT, Days

• Supports security awareness training to organization employees. Administer Security Awareness Training Program (research and update content, rollout, employee training participation verification, reporting on hosted LMS). Provides on-demand targeted security training supporting key initiatives. 10%

• Supports vulnerability management program to ensure vulnerabilities across the enterprise are identified and remediated. Vulnerabilities to include common infrastructure systems and services, third party platforms, vendor managed medical systems, hosted web-services and software development code vulnerabilities. Reviews and verify security patch processes to ensure all patches are applied to within policy guidelines. 15%

• Supports Governance Risk and Compliance platform. Ensure risk is accurately tracked across the enterprise. Document, review and maintain controls, control activities, conduct control mapping across multiple frameworks and regulatory requirements.10%

• Supports third party risk and compliance assessment engagements. Perform internal system/platform risk assessments and audits. Responsible for answering security compliance assessment questionnaires and RFP's. 10%

• 5Supports Information Security Program to ensure enterprise level framework including defining, implementing and enforcing policies, standards and practices to protect the business, information and resources. 10%

• Assist with the implementation and management of an incident response plan and reporting process to address security breaches, and respond to alleged policy violations or complaints. Participate on the incident response team to contain, and investigate incidents then prepare a plan to prevent future similar incidents. 10%

• Assists with development of information security reports and metrics for staff, management and executive presentations.10%

• Assists with the development of security standards, policies and procedures and best practices for the organization.10%

• Stays current on all regulations, laws, security frameworks and certifications. Research the latest information technology (IT) security trends and threats. 10%

• Assist technical staff to support security efforts as directed by management. 10%

Supervisory/Management Responsibilities

This is a non-management job that will report to a supervisor, manager, director or executive.

Minimum Requirements

• Bachelor's Degree - Computer Science, Information Security or business with technical experience.

• 5 years - Combined equivalent technical and information security.

In lieu of

In Lieu of the education and experience requirements noted above, a combination of acceptable experience, education and certifications will be considered.

Required Certifications, Registrations, Licenses

• One or more certifications CISSP, CISA, CISM, CRISC, Security+ - Preferred.

Knowledge, Skills or Abilities

• Basic computer skills including spreadsheets, databases and date entry.

• Understanding of multiple regulatory requirements and frameworks (ex. NIST, ISO, PCI DSS, HIPAA, GDPR, CCPA).

• Understanding of certifications SOC 1 and 2, Hitrust and ISO 27001.