Shirley Ryan Abilitylab - Chicago, IL
posted 3 days ago
Full-time - Mid Level
Chicago, IL
Social Assistance
About the position
The IT Security Analyst plays a crucial role in the IT Security Operations team at Shirley Ryan AbilityLab, focusing on delivering a comprehensive information security program to protect valuable information assets. This position requires a proactive approach to managing and monitoring security controls in a demanding healthcare environment, ensuring compliance with security standards and frameworks while collaborating with various IT teams.
Responsibilities
- Perform administration relevant to security operations for all on-premises, hosted, and cloud infrastructure, storage, applications, systems, and networks.
- Conduct continuous monitoring of security solutions including antivirus, encryption, endpoint detection and response, SIEM, privileged access management, vulnerability management, threat intelligence, DLP, and intrusion detection & prevention.
- Identify security incidents during monitoring and collaborate with teams to execute incident response procedures for containment and eradication.
- Provide emergency, after-hours, and weekend support on a rotational basis for priority issues outside normal business hours.
- Execute and propose improvements to documentation and procedures related to security practices and processes.
- Assist in conducting security awareness training and phishing simulations as needed.
- Provide direction and collaborate with teams on operational security items related to identity and access management.
- Work closely with IT, business units, and vendors to ensure new systems and processes meet security requirements.
- Evaluate vendor security assessments and coordinate internal and external security audits, assisting in the development of post-audit mitigation plans.
- Build relationships within SRAlab and among partners to improve IT Security Operations effectiveness.
Requirements
- A minimum of five (5) years progressive experience in Information Technology, with at least three (3) years in systems security administration, systems audit, or security compliance.
- Hands-on experience with security solutions such as antivirus, SIEM, encryption, endpoint detection and response, DLP, intrusion detection & prevention, systems patching, vulnerability management, and threat intelligence.
- Advanced knowledge of security configurations and monitoring for Microsoft Active Directory, Windows and Linux OS, AWS/Azure cloud, logging and monitoring, user access, and network communication protocols.
- Understanding of information security concepts, protocols, industry best practices, and regulatory requirements.
Nice-to-haves
- Certifications in information security (e.g., CISSP, CISM, CEH)
- Experience with healthcare information security compliance standards (e.g., HIPAA)
- Familiarity with security frameworks such as NIST, ISO 27001, or COBIT.
Benefits
- Health insurance coverage
- 401k retirement savings plan
- Paid holidays and vacation time
- Professional development opportunities
- Flexible scheduling options
