Information Security Analyst

PURPOSE

This Resource is a member of the Information Security team and secures enterprise information by determining security requirements; designing, implementing, and administering appropriate security systems and controls; preparing necessary security standards, policies, and procedures; evaluating and overseeing IT business continuity and disaster recovery (BC/DR) efforts; mentoring IT and business team members in security best practices. The role collaborates with stakeholders and leadership across the organization to achieve the functional requirements of business initiatives.

Essential Job Functions And Duties

Works with UHH business, IT, Health Insurance Portability and Accountability Act (HIPAA) privacy team, and Nevada Health Solutions (NHS) to identify security solutions to best mitigate and or remediate information security and privacy risks

Components Of This Activity Include

Defines & Creates

• Translates customer expectations into actionable security requirements in balance with information and cyber security standards
• Participates in the development and implementation of security plans to ensure confidentiality and integrity, and availability specifically of ePHI, in the encryption, transmission, storage, maintenance, and destruction of data
• Defines enterprise level security policies and actively enforces these procedures
  
  

Assesses & Remediates

• Evaluates enterprise security posture, providing status and reporting to CIO and leadership of organization’s security team
• Conducts gap analysis in existing and future architectures, recommending changes or enhancements
• Manages vulnerability analyses, configuration hygiene, risk assessments, internal auditing, and oversees associated remediation activities
• Tracks audit findings, provides guidance on remediation efforts, ensuring appropriate mitigation actions completed
  
  

Monitors & Administers

• Evaluates and ensures baseline security configurations for systems and networks are appropriately applied
• Identifies, quantifies and communicates current and emerging security threats
• Ensures continuous compliance with HIPAA, NIST, CIS, CIS-RAM
  
  

Reports

• Collaborates with team members on security policy, provides input to standards and implementation strategies, and ensures compliance with industry-recognized cybersecurity standards
• Monitor reporting the security status of all Fund systems, such as antivirus protection console, and others
• Compiles and communicates system security reports, providing summarization, analysis, and data trends
  
  

Collaborates

• Assists in driving corrective measures for response to cybersecurity vulnerabilities and incidents, conducting and managing forensics activities as required
• Assists with information security incidents, reports findings to HIPAA privacy department as necessary, and provides remedial education to help prevent reoccurrence
• Partners with HIPAA Privacy team to best ensure compliance with regulatory requirements
• Sets goals and achieve measurable results
• Contributes ideas to plans and achieving department goals
• Demonstrates the Fund’s Diversity and Inclusion (D&I) principles in their conduct at work and contributes to a safe inclusive culture with equitable opportunities for success and career growth
• Exemplifies the Fund’s BETTER Values in contributing to a respectful, trusting, and engaged culture of diversity and inclusion
• Performs other duties as assigned within the scope of requirements of the job
• Performs Essential Job Functions and Duties with or without reasonable accommodation
  
  

Essential Qualifications

Years of Experience and Knowledge

• Minimum of 3 years of hands-on information security analysis and network/systems security experience
• At least 2 years of systems integration and operations experience strongly preferred
• Demonstrates understanding and experience by creating and enforcing controls based on industry standard security and frameworks, such as
• HIPAA, HITECH
• NIST 800-series
• Center for Internet Security (CIS) series
• Proficient at Security Analysis, including the following domains
• Security and Risk Management
• Asset Security
• Communications and Network Security
• Identity and Access Management (IAM)
• Business Continuity/Disaster Recovery Planning, Implementation, and Testing
• Security Assessment and Testing
• Security Operations
• Possess strong critical thinking and analytical skills
• Extensive experience managing Windows security, mobile device and endpoint security; experience and knowledge managing security for Mac OS X and Linux systems
• Advanced knowledge of information security principles and practices, including security risk assessment standards, risk assessment methodologies, and vulnerability assessment
• Experience with network and computer forensics, malware analysis and prevention
  
  

Education, Licenses, and Certifications

• Bachelor’s Degree in computer-related field is strongly preferred
• One or more relevant industry certifications preferred (CISSP, CISM, CIS SEC-400)
  
  

Skills And Abilities

• Proven ability to communicate and present (both verbally and in writing) to various audiences, including committees, large groups, managers, and executive leadership
• Requires ability to interpret highly technical written information, break down complex data and concepts, and effectively communicate verbally and in writing to non-I.T. personnel
• Display leadership and team-building skills, including ability to lead projects, expertly reference knowledge bases, and provide guidelines to communicate security objectives
• Strong ability to produce consistent positive results with minimal direction and supervision
• Intermediate level knowledge of Microsoft Office, including Visio and Project
  
  

Salary range for this position: Salary $93,900 - 117,300. Actual base salary may vary based upon, but not limited to: relevant experience, qualifications, expertise, certifications, licenses, education or equivalent work experience, time in role, peer and market data, prior performance, business sector, and geographic location.

Work Schedule (may vary to meet business needs): Monday~Friday, 7.5 hours per day (37.5 hours per week) with the potential to be a hybrid work-from-home arrangement.

We reward great work with great benefits, including but not limited to: Medical, Dental, Vision, Paid Time-Off (PTO), Paid Holidays, 401(k), Pension, Short- & Long-term Disability, Life, AD&D, Flexible Spending Accounts (healthcare & dependent care), Commuter Transit, Tuition Assistance, and Employee Assistance Program (EAP).