Security Analyst is involved in the implementation of new security solutions, participation in the creation and maintenance of policies, standards, baselines, guidelines and procedures, as well as conducting vulnerability audits and assessments. Security Analyst is expected to be fully aware of the enterprise’s security goals as established by its stated policies, procedures, and guidelines, and to actively work towards upholding those goals. This position reports directly to the Chief Security Officer.
- Define and maintain enterprise security policies, standards, baselines, guidelines, and procedures.
Conduct gap and risk assessments for existing processes to ensure compliance with established controls.
Participate in the planning, design, and execution of the enterprise Business Continuity Plan and Disaster Recovery Plan.
Define, perform, analyze, and report on information security metrics to demonstrate control effectiveness and compliance.
Perform third-party vendor assessments to identify potential threats and risks and make recommendations to mitigate any risks uncovered.
Interact and maintain relationships with client and third-party vendor security departments.
Work with the Development group through the entire application SDLC to provide data/information, security expertise, and review solutions to established controls.
Assist the Quality Assurance department in test procedure development and reporting the effectiveness of security-related controls.
Develop and conduct training for general and role-based security awareness.
Configuration, administration, and analysis of end-user access controls, user profiles, application account configuration, and other similar information security controls.
Maintain up-to-date detailed knowledge of the security industry including awareness of new or revised security solutions, improved security processes, and the development of new attacks and threat vectors.
Conducting corporate incident investigations and reporting findings to appropriate management.
Help to ensure compliance with applicable industry rules and company policies.
Work independently to complete special/ad hoc projects.
- Bachelor’s degree in an IT-related field and 3+ years of security-related work experience.
- Experience with security policies, procedures, and best practices.
- An entry-level information security certification such as GIAC, SSCP, or similar is required.
- Working technical knowledge of Microsoft operating systems, relational databases, intrusion detection, and network monitoring
- Experience with a programming language such as Java or C#.
- Familiarity with software development best practices.
- Good written, oral, and interpersonal communication skills.
- Ability to present ideas in business-friendly and user-friendly language.
- Highly self-motivated and directed.
- Team-oriented and skilled in working within a collaborative environment.
- Proven analytical and problem-solving abilities.
- CISSP or equivalent certifications are desirable.
- Experience within the healthcare industry with exposure to HIPAA and HITECH.
- Strong understanding and experience in auditing SQL Server databases.
Please note this job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee for this job. Duties, responsibilities and activities may change at any time with or without notice.