Receive alerts when this company posts new jobs.
Information Security Analyst II
Exempt or Non-ExemptExempt
Individuals within the Information Security job family are responsible for working with users and operating units to ensure the confidentiality, integrity and availability of information assets (regardless of form or format) and associated physical resources under the authority of HMSA. This is achieved through the implementation of an Information Security Program that includes appropriate policies, standards, processes, procedures, guidelines, and technical safeguards.
Individuals serve as a check point for all security requirements affecting HMSA's physical, computer, and network environment and provide professional services on all Information Security related matters for internal, external and business partner use of HMSA's information assets. They work with IT technical staff to ensure the security of IT services and capabilities available to all users.
They maintain and deploy the Information Security Policy, Standards, Processes and Procedures (user and technical) and perform security awareness education and other activities that ensure that members of the workforce understand and comply with security policies and other controls. Evaluation activities are also performed to assess the effectiveness of each security control. Individuals conduct risk assessments to determine situations where deviation from security requirements may be acceptable. In addition, they develop metrics reports to communicate the effectiveness of security controls to the Security Official and Senior Management.
Individuals support maintaining a secure environment by performing security control assessments and compliance monitoring. They also provide consulting services to the operating departments and IS projects to ensure that applicable security controls are defined and implemented in accordance with security requirements. Individuals also respond to incidents to mitigate the risk of any policy violations or system intrusions or unauthorized activity.
- Bachelor Degree and 5 years of relevant IT experience; or an equivalent combination of education and relevant work experience.
- Strong written and verbal communications skills.
- Strong customer service skills.
- Good working knowledge of Microsoft Office applications.
- Strong knowledge of operating systems, architecture and various software and hardware products.
- Good technical and troubleshooting skills.
- Intermediate understanding and implementation capability of security best practices and technology and demonstrate proficiency in the application of information security practices.
Duties and Responsibilities
The Information Security Analyst is responsible for the development, maintenance and support of the Information Security Program. Individuals in this role typically work on one or more projects/systems/issues of significant complexity related to information security at a time, sometimes as a project lead. Responsibilities include, but may not be limited to, the following:
- Security Controls Management:
- Evaluates compliance with prescribed security controls.
- Reviews and makes recommendations regarding requests (waivers) for security technology or practices that deviate from established architecture and technology standards.
- Researches, reports, and responds to information security events and incidents at all levels of the organization.
- Analyzes components of the Information Security Program to identify weaknesses and develop opportunities for improvement (evaluation process).
- Develops security requirements regarding firewall maintenance and rule setting, intrusion detection, filter creation and e-mail scanning, as well as, appropriate encryption requirements and requirements for other security solutions.
- Monitors and tracks cyber security incident response team (CIRT) advisories, security relevant technical bulletins, and other security advisories and information, and recommends appropriate remediation activities.
- Reviews system log activity for IT Security staff.
- Support security control improvement and audit compliance activities.
- Develops the organization's information security policy & procedures and updates the policy & procedures as HMSA's business objectives, security environment and technology base evolve.
- Provides policy & procedure interpretation and clarification and technical information security guidance to managers, data owners, project leads, application development teams, system operators and users.
- Provides consultation to IS teams regarding security requirements and provides recommendations that support the business. Explains security capabilities.
- Develops and implements the security awareness program.
- Collects and analyzes metrics to measure and report the effectiveness of security solutions.
- May participate in the development of long-term infrastructure technology strategy and plans for the organization.
- Provides consultation for the design of solutions for the secure implementation of communications, network, platforms and business applications.
- Provides technical expertise and explains security capabilities and requirements.
- Researches and evaluates software/hardware products and industry trends related to information security.
- Participates in project planning and requirements efforts for multiple projects, of moderate complexity, related to security solutions.
- May participate as a project lead.
- Mentors less experienced security staff.
- Develops special security certifications, reports and maintenance plans required to meet the compliance and audit standards and requirements of Federal, State, and Healthcare industry.
- Performs other duties as assigned by the Information Protection Manager.