The Sr. IT Security Analyst is responsible for assessing information risk and facilitates remediation of identified vulnerabilities for IT security and risk across the enterprise.
Assesses information risk and facilitates remediation of identified vulnerabilities with the Telecare network, systems, and applications. Reports on findings and recommendations for corrective action. Performs vulnerability assessments as assigned utilizing IT security tools and methodologies.
Performs assessments of the IT security/risk posture within the network, systems, and software applications, in addition to assessments within the Vendor Management Program. Identifies opportunities to reduce risk and documents remediation options regarding acceptance or mitigation of risk scenarios. Facilitates and monitors the performance of risk remediation tasks, changes related to risk mitigation & reports on findings. Maintains oversight of IT and vendors regarding the security maintenance of their systems and applications. Provides regular status reports, including outstanding issues. The IT Security/Risk Analyst assists in all IT audits, risk assessments, and regulatory compliance.
This Position will have a dotted line reporting relationship to the Telecare Privacy and Security Officer.
Responsibilities (including but not limited to)
- Management of IT security and risk (e.g., data systems, network and/or web) across the enterprise. This includes Data Loss Prevention, Advanced Threat Detection, Identity Access Management, End Point Security, and Forensic Analysis.
- IT Security incident management and response.
- Address questions from internal and external audits and examinations.
- Provide guidance and best practice recommendations for IT security policies, procedures, and standards that meet regulatory requirements including HIPAA and PCI.
- Facilitate IT security/risk training curriculum for the enterprise.
- Serve as project manager/lead within IT security projects.
- Promote awareness of applicable regulatory standards, upstream risks, and industry best practices across Telecare.
- Lead IT architecture securityrisk assessments and solutioning.
- Bachelor’s Degree, Information Systems, Computer Science, Information Security or related field required.
- 7+ years of IT security or information securityexperience with a proven ability to engage with Senior Management, clinicians, and other professionals.
- 4+ years of experience conducting IT compliance assessments (HIPAA, PCI, etc.).
- 4+ years of experience in administering IT security controls in an organization.
- Knowledge of technical infrastructure, networks, databases and systems in relation to IT Security and IT Risk.
- Experience with IPS/IDS and SIEM technologies.
- Certified Information Systems Security Professional (CISSP), or related certification.
- Prior experienceworking within the healthcare industry preferred.
- Prior experienceworking with regulatory agencies including OCR and CMSpreferred.
- Project management skills preferred. Windows workstation and server administration experience.
- Hands on experience with Azure and Office 365 securitypreferred.
- Prior experience performing security reviews and risk assessments preferred.