IT Security Analyst III

Department/Unit:

Information Systems & Services

Work Shift:

Day (United States of America)

Salary Range:

$71,612.39 - $110,999.20

The Information Security Analyst is a member of the information security team and works closely with the other members of the team to develop and implement a comprehensive information security program. This includes defining security policies, processes and standards. The Information Security Analyst works to select and deploy technical controls to meet specific security requirements, and defines processes and standards to ensure that security configurations are maintained.

The Information Security Analyst – Level III will perform as a recognized information security subject matter expert within the organization. The Level III analyst will attend working team meetings for various information security projects, or general IT projects of which information security is a significant concern. They will play a strong role in analyzing security and workflow challenges and participating in group analysis and discussion.

Typical responsibilities include:

• Effectively use desktop computer applications such as the Microsoft Office suite
• Perform duties in support of such information security principles as confidentiality, integrity and availability
• Application of the fundamentals of project management, and experience with creating and managing project plans, including budgeting and resource allocation
• Assist in the implementation of data access security measures by identifying, analyzing and resolving security and system alerts
• Maintain security identity access system by provisioning or de-provisioning users within various system applications
• Monitor and respond to alerts generated by the Security Information Event Management (SIEM) system
• Perform analysis of data security metrics for management reporting
• Collaborate on critical IT projects to ensure that security issues are addressed throughout the project life cycle
• Develop security processes and procedures and support service-level agreements (SLAs) to assure that security controls are managed and maintained
• Research, evaluate, and recommend information-security-related systems, including contributing to the development of business cases for security investments
• Perform information technology control and vulnerability assessments to identify control weaknesses and assess the effectiveness of existing controls, and recommend remedial action
• Provide support and analysis during and after a security incident
• Assist security colleagues and IT staff in the resolution of reported security incidents
• Participate in security investigations and compliance reviews as requested by internal or external auditors
• Provide oversight and management of audit finding remediation, including generating requirements for full remediation; providing feedback and suggestions on managerial responses to findings; and tracking progress and providing status and updates to the enterprise compliance team for reporting purposes
• Support e-discovery processes to include identification, collection, preservation and processing of data
• Assist in the development of security policies and standards
• Research and assess new threats and security alerts and recommend remedial actions
  
  

Supervision

• This is a non-managerial role, however individuals in this role may be expected to supervise small to medium projects, project teams, or technical processes
  
  

Contact with others

• Frequent communication within Information Technology and across Albany Med
  
  

Other

• Provide on-call, extended weekday and weekend support for on-site and off-site locations, as warranted by critical business requirements
• Maintain confidentiality by using and communicating information only as needed to perform one’s duties
• Perform at or above the Information Technology performance standards
• Fulfill department requirements in terms of providing work coverage and administration notification during periods of absence (personnel illness, vacation, education, etc.)
  
  

Complete other duties or assignments as designated by management

Thank you for your interest in Albany Medical Center!

Albany Medical is an equal opportunity employer.

This role may require access to information considered sensitive to Albany Medical Center, its patients, affiliates, and partners, including but not limited to HIPAA Protected Health Information and other information regulated by Federal and New York State statutes. Workforce members are expected to ensure that:

Access to information is based on a “need to know” and is the minimum necessary to properly perform assigned duties. Use or disclosure shall not exceed the minimum amount of information needed to accomplish an intended purpose. Reasonable efforts, consistent with Albany Med Center policies and standards, shall be made to ensure that information is adequately protected from unauthorized access and modification.