Cyber Security Analyst/Administrator

Job Description

Title: IT Cyber Security Analyst/Administrator

JOB SUMMARY:

The IT Cyber Security Analyst/Administrator will work with IHCS and CMS organizations to identify and prioritize security risks, and help drive governance/compliance initiatives. This requires diving deep into nuanced, technical issues. This role is very fast-paced and dynamic, so strong time management and organizational skills are vital for success. The ideal candidate is intrinsically motivated and loves to stay up-to-date on the fast-paced security world, new SaaS technology, our evolving IT technical and systems environment, and healthcare regulatory requirements.

The individual in this role work closely with the Manager, InfoSec. Governance, Security, and Compliance all aspects of the end-to-end management of security risks and other governance-based compliance initiatives.

Essential Functions

• Continuously improve, strengthen and scale the company’s security and compliance program in coordination with internal and external teams and partners, prioritizing strategies that focus on improving quality and mitigating risks.
• Assist in the end-to-end management of security-related risks including risk identification, analysis, mitigation and reporting to management on a periodic basis (i.e. monthly, quarterly and etc.).
• Aggregate and track security risks across various business units, security domains, and asset categories
• Review network and application security logs to identify any non-standard environment usage or behavior.
• Utilize IT incident management procedures to determine risk exposure and take necessary actions to quickly address a potential issue.
• Assist in managing, configuring, troubleshooting, or implementing security tools and solutions such as SIEM, IAM, DLP, MDM, etc.
• Review system security configurations to ensure alignment with company security policies and best practices for Windows, Linux, Active Directory, GPOs, Office 365, Azure, AWS, etc.
• Perform vulnerability scans and detection across the environment.
• Facilitate Application User Access Reviews in accordance with defined IT policies and procedures
• Assist in the identification, documentation, and recommendation of policies, standards, guidelines, and procedures to assure the confidentiality, integrity, and availability of the IT environment.
• Collaborate with individuals from IT, Application Development, Compliance and Business Operations in in order to improve and implement new processes that will further grow the foundation of the Security program.
• Develop a subject matter expertise for one or multiple assigned cybersecurity technology stacks (e.g., identity and access management, network intrusion detection and prevention, host based security tools)
• Participate in the vendor risk management process including review of vendor HIPAAA and ePHI security controls.
• Work on HIPAA Gap remediation initiatives and action items.
• Maintain and promote security awareness platform training, campaigns, phishing and other user awareness activities.
• Evaluate and work closely with technical IT personnel to implement technical security solutions and evaluate changes to risk and effect of risk mitigation strategies.
• Clearly communicate information security principles and practices to technical and non-technical audiences both in writing and verbally.
  
  

Minimum Qualifications

• 1-2+ years of experience in security compliance, IT audit, information security, or other relevant fields
• BA/BS degree in Information Systems, Math, Business, Computer Science, Information Security or a related field
• Ability to work closely with IT, technical engineers, and developers to evaluate, suggest and document controls and procedures to strengthen the companies cyber security posture
• General knowledge of HIPAA/HITECH, SOC2 framework/compliance standard
• Familiarity with cloud security concepts for SaaS systems
• Previous technical or hands-on experience managing, configuring, troubleshooting systems and solutions.
• The ability to communicate sophisticated topics (both written and verbal) in a clear and concise manner to a variety of audiences
• Highly organized and able to balance multiple projects simultaneously
• Emotionally intelligent, motivated, and a friendly demeanor
• A desire to learn and adapt quickly