Receive alerts when this company posts new jobs.
Information Security Analyst I
Exempt or Non-ExemptExempt
Individuals within the Information Security job family are responsible for working with users and operating units to ensure the confidentiality, integrity and availability of information assets and associated physical resources under the authority of HMSA. This is achieved through the implementation of an Information Security Program that includes appropriate policies, standards, processes, procedures, guidelines, and technical safeguards.
Individuals serve as a check point for all security requirements affecting HMSA's physical, computer, and network environment and provide professional services on all Information Security related matters for internal, external and business partner use of HMSA's information assets.
They continuously improve, maintain and deploy the Information Security Policy, Standards, Processes and Procedures and perform security awareness education and other activities that ensure that members of the workforce understand and comply with security policies and other controls. Evaluation activities are also performed to assess the effectiveness of each security control. Individuals conduct risk assessments to determine situations where deviation from security requirements may be acceptable. In addition, they develop metrics reports to communicate the effectiveness of security controls to the Security Official and Senior Management.
Individuals in this role provide consulting services to the operating departments and IS projects to ensure that applicable security controls are defined and implemented in accordance with security requirements. Individuals also respond to incidents to mitigate the risk of any policy violations or system intrusions or unauthorized activity.
- Bachelor's Degree and 3 years of relevant IT experience; or an equivalent combination of education and relevant work experience.
- Strong written and verbal communications skills.
- Strong customer service skills.
- Strong process and project management skills.
- Good working knowledge of Microsoft Office applications
- Basic understanding and implementation capability of security best practices and technology and demonstrate proficiency in the application of information security practices.
Duties and Responsibilities
The Information Security Analyst is responsible for assisting with the development, maintenance and support of the Information Security Program. Individuals in this role typically work on one or more simple to moderately complex projects / systems / issues related to information security at a time. This role requires minimal to sometimes moderate assistance in completing their assignments. Responsibilities include, but may not be limited to, the following:
- Policy, Procedure and Guideline Development and Security Awareness Activity:
- Participates in the development of the organization's information security policy & procedures and updates the policy & procedures as HMSA's business objectives, security environment and technology base evolve.
- Provides policy & procedure interpretation and clarification and technical information security guidance to managers, data owners, project leads, application development teams, system operators and users.
- Provides consultation to IS teams regarding security requirements and provides recommendations that support the business. Explains security capabilities.
- Participates in the development and implementation of the security awareness program.
- Collects metrics information to measure and report the effectiveness of security solutions
- Reviews and makes recommendations regarding requests (waivers) for security technology or practices that deviate from established architecture and technology standards.
- Researches, reports, and responds to information security events and incidents at all levels of the organization.
- Participates in activities that analyze components of the Information Security Program to identify weaknesses and develop opportunities for improvement (evaluation process).
- Participates in development of security requirements regarding firewall maintenance and rule setting, intrusion detection, filter creation and e-mail scanning, as well as, appropriate encryption requirements and requirements for other security solutions.
- Participates in monitoring and tracking of cyber security incident response team (CIRT) advisories, security relevant technical bulletins, and other security advisories and information.
- Participates in reviews of system log activity for IT Security staff activities.
- Develops special security certifications, reports and maintenance plans required to meet the compliance and audit standards and requirements of Federal, State, and Healthcare industry.
- Performs other duties as assigned by the management.