I.T Security Analyst Level 2

OVERVIEW/GENERAL PURPOSE OF POSITION

The IT Security Analyst monitors and reports on security status using various security tools combined with analytic methods that correlate across systems to provide actionable information to IT and executive management on status and emerging threats.  The position also contributes to the information security policy maintenance assists with design of security policy education, training, and awareness activities monitors compliance. with Company security policies, regulatory requirements, and applicable laws coordinates assessment, investigation, and reporting of security incidents.  The position will work collaboratively with IT security custodians, Support Services, Application Development, Compliance, Facilities, Human Resources, Operations, and Client resources to monitor, assess, and fine-tune business continuity and disaster recovery programs.  The position will take the lead role in managing and assessing third party vendors, tracking and coordinating risk remediation, coordinate and assess network and application penetration tests, vulnerability and other risk assessment reviews to maintain, HITRUST, SOC1 Type 2, HIPAA Security Rule, and PCI compliance.

ESSENTIAL DUTIES AND RESPONSIBILITIES

• Responsible for administering risk management, threat management, and security monitoring tools.         
• Monitor and consult on information security issues related to Company and 3rd parties, and workflow to ensure security controls are appropriate and operating as intended.
• Lead and oversee Vendor and third party risk assessments.
• Coordinate and track remediation efforts across the enterprise and associated risk exposure.  
• Lead and oversee execution of IT security projects for the Company.    
• Participate in internal SOC, HIPAA, PCI, ISO, and HITRUST risk assessments.
• Coordinate and manage responses to information security incidents.
• Assist in the development and upkeep of Information Security policies, procedures, standards and guidelines based on research, knowledge of best practices and compliance requirements.
• Conduct data classification assessment and security audits, and manage remediation plans.
• Perform security management functions by taking actions to mitigate risks, recommending security strategies, and ensuring controls are implemented and functional.
• Provide security governance by serving as oversight to ensure risks are adequately mitigated, and by aligning security strategies with business objectives and regulatory requirements. 
• Interact with IT, Compliance, Facilities, HR and Operations management, legal counsel, safety and security, and law enforcement agencies to manage security vulnerabilities.
• Promote user security awareness.
• Conduct security research in keeping abreast of latest security issues, technologies, and trends.
• Prepare security documentation, including Company notifications and Intranet web content contribute to Information Security Bulletin on Pulse community website 
• Contribute to weekly Security dashboard and management report to include the Company risk register, threat detections, compliance gaps, vulnerability exposures, and remediation activity tracker.
• Conduct periodic client-specific and enterprise service continuity/recovery testing.
• Actively participate in security and information protection communities, groups, and networks.         

EDUCATION AND EXPERIENCE

• Bachelor’s degree in Computer Science, MIS, or a related field
• Intermediate or advanced certification from (ISC)2, ISACA or GIAC, earned or eligible
• Security+ Certification
• CISSP strongly recommended
• Minimum of four or more (4+) years of progressive experience in enterprise computing and information security, including complex Internet, computing, network, data, information, facilities, and human capital management technology and security issues, covering the following areas:
• Security policy development, security education and awareness programs. 
• Network penetration testing, vulnerability assessments (network, system, application and web).
• Risk assessment and analysis, and compliance testing.
• Administration of security, threat management and monitoring tools and toolkits.

Employer questions

Your application will include the following questions:

How many years' experience do you have as an Information Technology Security Analyst?

Which of the following Relational Database Management Systems (RDBMS) are you experienced with?

How many years' experience do you have in event management?

Summary of role requirements:

• Flexible hours available
• More than 4 years of relevant work experience required for this role
• Working rights required for this role