Information Security Analyst - Remote
Northern Arizona Healthcare
Full time
Healthcare
United States
Hiring from: United States
The Information Security Analyst is responsible for supporting efforts to identify and reduce information security risks. This position is a key contributor performing administrative and technical security activities in support of the NAH information security program. Reporting to the Director of Information Security, the analyst will work to ensure security controls are effective and consistent with NAH strategic and operational objectives.
The ideal candidate will have a background in information security and cybersecurity, desire for continuous learning, possess excellent analytical skills, demonstrate effective communication skills, and be capable of monitoring security controls.
Responsibilities
Information Security Operations
Understand, track and manage security threats and risks. This includes performing risk assessments and measuring the success and effectiveness of mitigation efforts.
Assist with the development and maintenance of policies, procedures, standards, and guidelines and articulate best practices to employees and leadership.
Identify security risks and exposures, determine the cause(s) of security violations, and recommend procedures to mitigate future incidents and improve cybersecurity.
Develop techniques and procedures for conducting information security and cybersecurity risk assessments, incident investigations, and compliance audits.
Train users and promote security awareness and develop and maintain training materials/program.
Participate in information security program audit requests.
Participate in incident response process and escalate, as appropriate.
Monitor and enforce established security controls.
Review current and emerging information security trends, as they pertain to NAH information systems.
Perform Microsoft Active Directory security administration including implementation of standards, management and oversight of group policy, group membership, and processing of user access change requests.
Administer endpoint patching utilities for deploying Microsoft and 3rd party patches to endpoints in a timely manner, along with regular reporting on status and effectiveness of patching programs.
Monitor ticketing queues for response and escalation and perform daily monitoring and administration tasks for the following: Endpoint protection to ensure rapid handling of virus, malware, and ransomware detections Web-filtering systems including management of filtering policies and unblocking requests, occasional activity investigation and reporting requests Email filtering and security systems and investigate customer questions and spam/phishing reports Log reviews Incident response Intrusion detection/prevention systems Vulnerability management program
Complete operational tasks on a daily/weekly/monthly basis, as assigned.
Communication
Escalate security incidents as required and monitor progress towards resolution.
Plan and potentially conduct walkthroughs/rounding of physical facilities including network closets, clinical, and back-office work areas to document security issues and report findings to IT Leadership.
Foster information security awareness within the organization and provide education on information security best practice.
Partner with staff and leadership to promote cross-team collaboration and service excellence standards.
Interact with multiple levels of personnel within the organization and externally; including rounding at all service locations and in the moment security-based education with personnel.
Continuously demonstrate excellent verbal and written communication skills. Continuously demonstrate a high level of self-motivation, meticulous documentation skills, and excellent attention to detail.
Compliance/Safety
If required for position, ensures all certifications and/or licenses are up-to-date and valid prior to expiration dates.
Completes all company mandatory modules and required job specific training in the specified time frame.
Responsible for reporting any safety related incident in a timely fashion through the Safety Event reporting tool; attends all safety related training programs; performs work in a safe manner; monitors work environment for possible safety issues and ensures others are also performing work in a safe manner.
Responsible for maintaining up-to-date knowledge of cybersecurity trends, developments, best practices and regulatory changes.
Stays current and complies with state and federal regulations/statutes and company policies that impact the employee's area of responsibility.
Qualifications
Education
Bachelor's degree in Computer Science, Information Security, or a related field (or equivalent experience) - Required
Certification & Licensures
Relevant security certifications (e.g., GIAC, CISA, CISM, CISSP, Security+ and CRISC) are a plus.
Experience
Minimum of 3 years relevant IT and/or Information Security experience - Required
Experience with network, systems administration, and information security.
Experience with security tools, such as SIEM, IDS/IPS, vulnerability scanners, Endpoint Detection and Response (EDR), and antimalware.
Demonstrated problem-solving capabilities.
Familiarity with network protocols, operating systems (Windows and Unix), and cloud environments.
Experience or ability to develop and deliver cybersecurity awareness training.
Ability to perform Active Directory management / administration.
Demonstrated ability to apply knowledge of common security frameworks and standards (e.g., NIST, ISO, CIS, etc.).
Knowledge of PCI DSS, HIPAA, HITECH and evolving security and privacy regulations.
Working knowledge of automated patching utilities (SUS, SCCM, Ivanti, Landesk, etc.) and vulnerability management utilities (Nessus, OpenVAS, etc.).
Experience performing risk assessments and articulating security risks to stakeholders.
Knowledge of Cloud security solutions and technologies is a plus, but not required.
Strong written and verbal communication skills.
Healthcare is a rapidly changing environment and technology is integrated into almost all aspects of patient care. Computers and other electronic devices are utilized across the organization and throughout each department. Colleagues must have an understanding of computers, and competence in using computers and basic software programs.
The ideal candidate will have a background in information security and cybersecurity, desire for continuous learning, possess excellent analytical skills, demonstrate effective communication skills, and be capable of monitoring security controls.
Responsibilities
Information Security Operations
Understand, track and manage security threats and risks. This includes performing risk assessments and measuring the success and effectiveness of mitigation efforts.
Assist with the development and maintenance of policies, procedures, standards, and guidelines and articulate best practices to employees and leadership.
Identify security risks and exposures, determine the cause(s) of security violations, and recommend procedures to mitigate future incidents and improve cybersecurity.
Develop techniques and procedures for conducting information security and cybersecurity risk assessments, incident investigations, and compliance audits.
Train users and promote security awareness and develop and maintain training materials/program.
Participate in information security program audit requests.
Participate in incident response process and escalate, as appropriate.
Monitor and enforce established security controls.
Review current and emerging information security trends, as they pertain to NAH information systems.
Perform Microsoft Active Directory security administration including implementation of standards, management and oversight of group policy, group membership, and processing of user access change requests.
Administer endpoint patching utilities for deploying Microsoft and 3rd party patches to endpoints in a timely manner, along with regular reporting on status and effectiveness of patching programs.
Monitor ticketing queues for response and escalation and perform daily monitoring and administration tasks for the following: Endpoint protection to ensure rapid handling of virus, malware, and ransomware detections Web-filtering systems including management of filtering policies and unblocking requests, occasional activity investigation and reporting requests Email filtering and security systems and investigate customer questions and spam/phishing reports Log reviews Incident response Intrusion detection/prevention systems Vulnerability management program
Complete operational tasks on a daily/weekly/monthly basis, as assigned.
Communication
Escalate security incidents as required and monitor progress towards resolution.
Plan and potentially conduct walkthroughs/rounding of physical facilities including network closets, clinical, and back-office work areas to document security issues and report findings to IT Leadership.
Foster information security awareness within the organization and provide education on information security best practice.
Partner with staff and leadership to promote cross-team collaboration and service excellence standards.
Interact with multiple levels of personnel within the organization and externally; including rounding at all service locations and in the moment security-based education with personnel.
Continuously demonstrate excellent verbal and written communication skills. Continuously demonstrate a high level of self-motivation, meticulous documentation skills, and excellent attention to detail.
Compliance/Safety
If required for position, ensures all certifications and/or licenses are up-to-date and valid prior to expiration dates.
Completes all company mandatory modules and required job specific training in the specified time frame.
Responsible for reporting any safety related incident in a timely fashion through the Safety Event reporting tool; attends all safety related training programs; performs work in a safe manner; monitors work environment for possible safety issues and ensures others are also performing work in a safe manner.
Responsible for maintaining up-to-date knowledge of cybersecurity trends, developments, best practices and regulatory changes.
Stays current and complies with state and federal regulations/statutes and company policies that impact the employee's area of responsibility.
Qualifications
Education
Bachelor's degree in Computer Science, Information Security, or a related field (or equivalent experience) - Required
Certification & Licensures
Relevant security certifications (e.g., GIAC, CISA, CISM, CISSP, Security+ and CRISC) are a plus.
Experience
Minimum of 3 years relevant IT and/or Information Security experience - Required
Experience with network, systems administration, and information security.
Experience with security tools, such as SIEM, IDS/IPS, vulnerability scanners, Endpoint Detection and Response (EDR), and antimalware.
Demonstrated problem-solving capabilities.
Familiarity with network protocols, operating systems (Windows and Unix), and cloud environments.
Experience or ability to develop and deliver cybersecurity awareness training.
Ability to perform Active Directory management / administration.
Demonstrated ability to apply knowledge of common security frameworks and standards (e.g., NIST, ISO, CIS, etc.).
Knowledge of PCI DSS, HIPAA, HITECH and evolving security and privacy regulations.
Working knowledge of automated patching utilities (SUS, SCCM, Ivanti, Landesk, etc.) and vulnerability management utilities (Nessus, OpenVAS, etc.).
Experience performing risk assessments and articulating security risks to stakeholders.
Knowledge of Cloud security solutions and technologies is a plus, but not required.
Strong written and verbal communication skills.
Healthcare is a rapidly changing environment and technology is integrated into almost all aspects of patient care. Computers and other electronic devices are utilized across the organization and throughout each department. Colleagues must have an understanding of computers, and competence in using computers and basic software programs.
How to apply
To apply for this job you need to authorize on our website. If you don't have an account yet, please register.
Post a resumeSimilar jobs
Who are we? CheckingIn is a wellness and reconnection tool for Indigenous communities. We offer an app where community members can root deeper within themselves and their community. We create content with, and for them that focuses on reconnection and...
Healthcare
Canada
Hiring from: Canada
Are you ready to achieve long-term success by promoting highly sought-after products on a global scale? This is performance based only . Looking for an Assistant who is looking to pivot in their career towards personal development. If you have...
Healthcare
United States
Hiring from: United States
Lensa is the leading career site for job seekers at every stage of their career. Our client, Autism Speaks, is seeking professionals. Apply via Lensa today! Autism Speaks is seeking an Events Intern for the Summer semester! This is a...
Healthcare
United States
Hiring from: United States