IT Compliance and Security Analyst

Position Title:
IT Compliance and Security Analyst (Full-time Non-exempt)

Wholl You Report to: Senior Director of Information Technology

Job Description

The IT Compliance and Security Analyst works closely with both the Compliance and IT departments to strengthen security controls mitigate risk and ensure alignment with privacy and security standards. This role collaborates across departments to identify control gaps support audits and maintain policies procedures and technologies that protect the organizations networks systems applications and data. Acting as a trusted partner to business units the analyst ensures that privacy and security controls are effective and aligned with industrys best practices. Additionally the role supports day-to-day security operations by monitoring alerts tools and activities and works alongside the Security Officer to help maintain the overall integrity of the organizations security posture.

Key Responsibilities:

Security Monitoring & Analysis:

• Monitor network activity and perform intrusion detection analysis using tools such as IDS/IPS firewalls and Managed Detection & Response (MDR) services.
  

Audit Logging & Monitoring:Ensure that audit logging and monitoring activities are performed according to establishedtimeframes including but not limited to:

• IDS/IPS alerts

• Application firewall alerts

• Malware detection

• Vulnerability scans and related alerts

• File integrity monitoring (FIM)

• Rogue wireless network alerts

• System health alerts

• Exploit attempt alerts

• Access and privilege reviews

• Administrator and operator activity logs

• Message transmission logs
  
• System application and server activity logs

Audit & Compliance Participation:Support and activelyparticipate in internal and external audits compliance reviews and regulatory initiatives such as:

• HITRUST Certification

• SOC 1 and SOC 2 audits

• Business Continuity and Disaster Recovery planning

• Privacy and security policy evaluations

• Effectiveness assessments and continuous improvement efforts

Security Standards & Communication:

• Maintain up-to-date knowledge of external audit requirements and security control standards. Communicate updates across departments and ensure shared responsibility for audit and compliance activities.

Vulnerability Management:

• Conducting internal and external vulnerability scans and penetration testing

• Documenting and tracking remediation efforts

• Monitoring threat intelligence sources for emerging vulnerabilities and patches

• Taking a risk-based approach to assess and prioritize remediation

• Recommending mitigation strategies to appropriate stakeholders

Security Incident Response:
Serve as the initial point of contact for evaluating and triaging security incidents. Conduct technical investigations perform root cause analyses and coordinate with stakeholders to implement corrective actions.

Risk Assessments:
Participate in enterprise risk assessments including vendor and third-party risk evaluations. Support security reviews of entities that connect with or transmit PHI/PII through Vimlys systems.

Security Tool Evaluation:
Collaborate with the Senior Director of Information Security IT and Compliance teams to assess and improve security tools configurations policies and procedures.

Security Training:
Ensure that security training content is current comprehensive and aligned with Vimlys environment controls and industrys best practices.

Additional Duties:
Perform other duties and responsibilities as assigned.

Qualifications:

• BA/BS degree in computer engineering or related field OR equivalent work experience in information technology

• Knowledge of information security standards and the importance of information security ensuring ongoing mission critical business functions

• Knowledge of information risk concepts and principles and relating business needs to security controls
  
• Knowledge of the principles practices theories and concepts of information security related to network workstations servers and applications.
  
• CISA CIA CISM or CISSP certification or similar program that enhances the expertise necessary to be successful for this position.

What Will Help You Excel:

• High level of integrity and determination to act in the best interest of Vimly regardless of popularity of position

• Alignment with Vimlys core values fundamentals and strategic goals

• Demonstrates and maintains a high degree of professionalism

• Supports and acts in accordance with
  the Vimlys customer service standards

• Excellent interpersonal and communication skills to foster cooperation amongst business partners

• Cross functional and departmental collaboration skills

• Demonstrated project management analytical and problem-solving ability

• Ability to work independently with minimal daily direction from manager

• Adaptable flexible works well under pressure and able to work well under ambiguity

• Self-starter multitasker and follows through on tasks

• Driven by results and able to quickly conquer the learning curve

• Strong attention to detail

Required Experience:

Manager