Information Security Analyst

About the position

This Resource is a member of the Information Security team and secures enterprise information by determining security requirements; designing, implementing, and administering appropriate security systems and controls; preparing necessary security standards, policies, and procedures; evaluating and overseeing IT business continuity and disaster recovery (BC/DR) efforts; mentoring IT and business team members in security best practices. The role collaborates with stakeholders and leadership across the organization to achieve the functional requirements of business initiatives.

Responsibilities

• Works with UHH business, IT, HIPAA privacy team, and NHS to identify security solutions to mitigate and remediate information security and privacy risks.
• Translates customer expectations into actionable security requirements in balance with information and cyber security standards.
• Participates in the development and implementation of security plans to ensure confidentiality, integrity, and availability of ePHI.
• Defines enterprise level security policies and actively enforces these procedures.
• Evaluates enterprise security posture, providing status and reporting to CIO and leadership.
• Conducts gap analysis in existing and future architectures, recommending changes or enhancements.
• Manages vulnerability analyses, configuration hygiene, risk assessments, internal auditing, and oversees associated remediation activities.
• Tracks audit findings, provides guidance on remediation efforts, ensuring appropriate mitigation actions are completed.
• Evaluates and ensures baseline security configurations for systems and networks are appropriately applied.
• Identifies, quantifies, and communicates current and emerging security threats.
• Ensures continuous compliance with HIPAA, NIST, CIS, CIS-RAM.
• Collaborates with team members on security policy, provides input to standards and implementation strategies.
• Monitors reporting the security status of all Fund systems.
• Compiles and communicates system security reports, providing summarization, analysis, and data trends.
• Assists in driving corrective measures for response to cybersecurity vulnerabilities and incidents.
• Assists with information security incidents, reports findings to HIPAA privacy department, and provides remedial education.
• Partners with HIPAA Privacy team to ensure compliance with regulatory requirements.
• Sets goals and achieves measurable results.
• Contributes ideas to plans and achieving department goals.
• Demonstrates the Fund's Diversity and Inclusion (D&I) principles in their conduct at work.
• Performs other duties as assigned within the scope of requirements of the job.

Requirements

• Minimum of 3 years of hands-on information security analysis and network/systems security experience.
• At least 2 years of systems integration and operations experience strongly preferred.
• Demonstrates understanding and experience by creating and enforcing controls based on industry standard security and frameworks.
• Proficient at Security Analysis, including Security and Risk Management, Asset Security, Communications and Network Security, Identity and Access Management (IAM), Business Continuity/Disaster Recovery Planning, Implementation, and Testing, Security Assessment and Testing, Security Operations.
• Possess strong critical thinking and analytical skills.
• Extensive experience managing Windows security, mobile device and endpoint security; experience managing security for Mac OS X and Linux systems.
• Advanced knowledge of information security principles and practices, including security risk assessment standards, risk assessment methodologies, and vulnerability assessment.
• Experience with network and computer forensics, malware analysis and prevention.

Nice-to-haves

• Bachelor's Degree in computer-related field is strongly preferred.
• One or more relevant industry certifications preferred (CISSP, CISM, CIS SEC-400).

Benefits

• Medical
• Dental
• Vision
• Paid Time-Off (PTO)
• Paid Holidays
• 401(k)
• Pension
• Short- & Long-term Disability
• Life
• AD&D
• Flexible Spending Accounts (healthcare & dependent care)
• Commuter Transit
• Tuition Assistance
• Employee Assistance Program (EAP)