Perform internal information security assessment work, including leading or conducting information technologyaudit projects to ensure operating security controls and or procedures are in accordance with established Gundersen Health System Information Security Policies and Standards. Assists with the creation and maintenance of information security policies, guideline and procedures. Monitors and reports on a wide range of information security related events and activities to protect the confidentiality, integrity and availability of Gundersen Health System’s assets. Responds to computer security incidents as a member of the Information Security Incidence Response team.
Manage and analyze monitoring data on a day-to-day basis for various security related events and activities via a number of information security systems and tools. Detect any unauthorized attempts to access the system. Collaborate with the technical services team and cross-functional departments to remediate securityrisks.
Administration of security toolsets; handle vulnerability scans; assist in working with external security vendors and Gundersen Health System technical systems team in defining the scope of internal and external vulnerability scans and penetration tests. Performs periodic reviews of firewall rules; conducts comprehensive risk assessments of various security controls. Detect any unauthorized attempts to access the system.
Create specific protocols that audit file changes such as updates, deletion, additions and moving.
Penetration testing and monitoring of current technology assets.
Prevent intrusions using current security hardware and software.
Proactively assess potential items of risk and opportunities of vulnerability in the Gundersen Health System network.
Monitors and provides consultation on projects in a manner that promotes information security best practices and ensures compliance to all information security policies and procedures; performs regular information security assessments. Assists in the evaluation of hardware and software products to ensure compliance to information security policies can be adhered to.
Develops and maintains all information security documents and implement recommended solution. Trains all employees on processes related to the Gundersen Health System information security program.
Identify security breaches and take action to stop and prevent them.
Conducts routine information securityrisk assessments; identifies and tracks risk mitigation plans through completion. Interview employees to assess current security procedures and identify gaps that require remediation and/or mitigation.
Provides first level security incident response for incidents reported by monitoring systems; coordinates with all Information Systems departments and teams to gather all data and resolve issues or develop an action plan. Perform root cause analysis.
Performs other job-related responsibilities as requested.
Scope of the Job Age Specific Population Served Nonage Specific (N/A)
OSHA Category Category III - No employees in this job title have a reasonably anticipated risk of occupational exposure to blood and/or other potentially infectious materials. Position Qualifications Education and Experience: Required Bachelor's degree in Computer Science
or related field Desired
Work Experience: Required 3-4 years in network infrastructure and/or system administration working primarily with Microsoft technologies. Desired 2 years experience with common security management frameworks, i.e., NIST, SANS, CSC.