drjobs Information Security Analyst

Information Security Analyst

Employer Active

1 Vacancy
drjobs

Job Alert

You will be updated with latest job alerts via email
Valid email field required
Send jobs
Send me jobs like this
drjobs

Job Alert

You will be updated with latest job alerts via email

Valid email field required
Send jobs
Job Location drjobs

Flagstaff, AZ - USA

Monthly Salary drjobs

Not Disclosed

drjobs

Salary Not Disclosed

Vacancy

1 Vacancy

Job Description

Overview

The Information Security Analyst is responsible for supporting efforts to identify and reduce information security risks. This position is a key contributor performing administrative and technical security activities in support of the NAH information security program. Reporting to the Director of Information Security the analyst will work to ensure security controls are effective and consistent with NAH strategic and operational objectives.

The ideal candidate will have a background in information security and cybersecurity desire for continuous learning possess excellent analytical skills demonstrate effective communication skills and be capable of monitoring security controls.

Responsibilities

Information Security Operations
Understand track and manage security threats and risks. This includes performing risk assessments and measuring the success and effectiveness of mitigation efforts.

Assist with the development and maintenance of policies procedures standards and guidelines and articulate best practices to employees and leadership.

Identify security risks and exposures determine the cause(s) of security violations and recommend procedures to mitigate future incidents and improve cybersecurity.

Develop techniques and procedures for conducting information security and cybersecurity risk assessments incident investigations and compliance audits.

Train users and promote security awareness and develop and maintain training materials/program.

Participate in information security program audit requests.

Participate in incident response process and escalate as appropriate.

Monitor and enforce established security controls.

Review current and emerging information security trends as they pertain to NAH information systems.

Perform Microsoft Active Directory security administration including implementation of standards management and oversight of group policy group membership and processing of user access change requests.

Administer endpoint patching utilities for deploying Microsoft and 3rd party patches to endpoints in a timely manner along with regular reporting on status and effectiveness of patching programs.

Monitor ticketing queues for response and escalation and perform daily monitoring and administration tasks for the following: Endpoint protection to ensure rapid handling of virus malware and ransomware detections Web-filtering systems including management of filtering policies and unblocking requests occasional activity investigation and reporting requests Email filtering and security systems and investigate customer questions and spam/phishing reports Log reviews Incident response Intrusion detection/prevention systems Vulnerability management program

Complete operational tasks on a daily/weekly/monthly basis as assigned.
Communication
Escalate security incidents as required and monitor progress towards resolution.

Plan and potentially conduct walkthroughs/rounding of physical facilities including network closets clinical and back-office work areas to document security issues and report findings to IT Leadership.

Foster information security awareness within the organization and provide education on information security best practice.

Partner with staff and leadership to promote cross-team collaboration and service excellence standards.

Interact with multiple levels of personnel within the organization and externally; including rounding at all service locations and in the moment security-based education with personnel.

Continuously demonstrate excellent verbal and written communication skills. Continuously demonstrate a high level of self-motivation meticulous documentation skills and excellent attention to detail.

Compliance/Safety
If required for position ensures all certifications and/or licenses are up-to-date and valid prior to expiration dates.

Completes all company mandatory modules and required job specific training in the specified time frame.

Responsible for reporting any safety related incident in a timely fashion through the Safety Event reporting tool; attends all safety related training programs; performs work in a safe manner; monitors work environment for possible safety issues and ensures others are also performing work in a safe manner.

Responsible for maintaining up-to-date knowledge of cybersecurity trends developments best practices and regulatory changes.

Stays current and complies with state and federal regulations/statutes and company policies that impact the employees area of responsibility.

Qualifications

Education
Bachelors degree in Computer Science Information Security or a related field (or equivalent experience) - Required
Certification & Licensures
Relevant security certifications (e.g. GIAC CISA CISM CISSP Security and CRISC) are a plus.
Experience
Minimum of 3 years relevant IT and/or Information Security experience - Required
Experience with network systems administration and information security.
Experience with security tools such as SIEM IDS/IPS vulnerability scanners Endpoint Detection and Response (EDR) and antimalware.
Demonstrated problem-solving capabilities.
Familiarity with network protocols operating systems (Windows and Unix) and cloud environments.
Experience or ability to develop and deliver cybersecurity awareness training.
Ability to perform Active Directory management / administration.
Demonstrated ability to apply knowledge of common security frameworks and standards (e.g. NIST ISO CIS etc.).
Knowledge of PCI DSS HIPAA HITECH and evolving security and privacy regulations.
Working knowledge of automated patching utilities (SUS SCCM Ivanti Landesk etc.) and vulnerability management utilities (Nessus OpenVAS etc.).
Experience performing risk assessments and articulating security risks to stakeholders.
Knowledge of Cloud security solutions and technologies is a plus but not required.
Strong written and verbal communication skills.
Healthcare is a rapidly changing environment and technology is integrated into almost all aspects of patient care. Computers and other electronic devices are utilized across the organization and throughout each department. Colleagues must have an understanding of computers and competence in using computers and basic software programs.

Required Experience:

IC

Employment Type

Unclear

Company Industry

Report This Job
Disclaimer: Drjobpro.com is only a platform that connects job seekers and employers. Applicants are advised to conduct their own independent research into the credentials of the prospective employer.We always make certain that our clients do not endorse any request for money payments, thus we advise against sharing any personal or bank-related information with any third party. If you suspect fraud or malpractice, please contact us via contact us page.