Receive alerts when this company posts new jobs.
Information Security Analyst III
Exempt or Non-ExemptExempt
Individuals within the Information Security job family are responsible for working with users and operating units to ensure the confidentiality, integrity and availability of information assets (regardless of form or format) and associated physical resources under the authority of HMSA. This is achieved through the implementation of an Information Security Program that includes appropriate policies, standards, processes, procedures, guidelines, and technical safeguards.
Individuals serve as a check point for all security requirements affecting HMSA's physical, computer, and network environment and provide professional services on all Information Security related matters for internal, external and business partner use of HMSA's information assets. They work with IT technical staff to ensure the security of IT services and capabilities available to all users.
They maintain and deploy the Information Security Policy, Standards, Processes and Procedures (user and technical) and perform security awareness education and other activities that ensure that members of the workforce understand and comply with security policies and other controls. Evaluation activities are also performed to assess the effectiveness of each security control. Individuals conduct risk assessments to determine situations where deviation from security requirements may be acceptable. In addition, they develop metrics reports to communicate the effectiveness of security controls to the Security Official and Senior Management.
Individuals support maintaining a secure environment by performing compliance required vulnerability assessments, access usage monitoring, and reviewing system logs for attempted intrusions or unauthorized activity for IT Security staff. They also provide consulting services to the operating departments and IS projects to ensure that applicable security controls are defined and implemented in accordance with security requirements. Individuals also respond to incidents to mitigate the risk of any policy violations or system intrusions or unauthorized activity. Forensic and other tools are utilized, as necessary, to investigate and document reported incidents. They also utilize tools such as content filtering, intrusion detection, and equipment scanning tools to detect and prevent unauthorized activity.
- Bachelor Degree and 7 years of relevant IT experience; or an equivalent combination of education and relevant work experience.
- Experience in leading teams.
- Strong written and verbal communications skills.
- Strong research & business case development skills.
- Strong project management skills.
- Strong customer service skills.
- Advanced knowledge and implementation capability of security best practices and technology and demonstrate in-depth proficiency in the application of information security practices.
- Strong knowledge of operating systems, architecture and various software and hardware products.
- Strong technical and troubleshooting skills.
- Leadership skill.
- Knowledgeable in state and federal laws, licensing regulations and similar regulatory requirements related to information security and patient confidentiality.
- Good working knowledge of Microsoft Office applications.
- Training or certifications from Security and/or Auditing organizations (CISSP, CISA, etc.).
Duties and Responsibilities
- Security Controls Evaluation:
- Leads others in ensuring compliance with prescribed security controls.
- Reviews and makes recommendations regarding requests (waivers) for security technology or practices that deviate from established architecture and technology standards.
- Leads others in researching, reporting, and responding to information security events and incidents at all levels of the organization. Recommends remedial action for information security events and incidents.
- Leads others in analyzing components of the Information Security Program to identify weaknesses and develop opportunities for improvement (evaluation process).
- Leads others in developing security requirements regarding firewall maintenance and rule setting, intrusion detection, filter creation and e-mail scanning, as well as, appropriate encryption requirements and requirements for other security solutions. Plans major changes to security controls and coordinates changes with IT or impacted operating units.
- Monitors and tracks cyber security incident response team (CIRT) advisories, security relevant technical bulletins, and other security advisories and information, and prescribes appropriate remediation activities.
- Leads team members in reviewing cyber security threats and system log activity for IT Security staff.
- Reviews problem tickets, security incidents and waivers to identify recurring problems. Identifies training needs or potential changes to security controls.
- Monitors and tracks cyber security threat intelligence sources, investigate what threats are applicable to HMSA environment and share threat intelligence with appropriate departments internally
- Support security control improvement and audit compliance activities.
- Participates in the development of long-term infrastructure technology strategy and plans for the organization.
- Provides consultation for the design of solutions for the secure implementation of communications, network, platforms and business applications.
- Provides technical expertise and explains security capabilities and requirements.
- Researches and evaluates software/hardware products and industry trends related to information security.
- Participates in or leads project planning and requirements efforts, and creates action plans, for multiple projects related to security solutions.
- May define staff schedules and prioritize work.
- Mentors less experienced security staff.
- Leads team members in the development of the organization's information security policy & procedures and updating the policy & procedures as HMSA's business objectives, security environment and technology base evolve.
- Provides policy & procedure interpretation and clarification and technical information security guidance to managers, data owners, project leads, application development teams, system operators and users.
- Provides consultation to IS teams regarding security requirements and provides recommendations that support the business. Provides advice on security capabilities.
- Establishes components of the security awareness program and leads teams in developing the requirements, methods and vehicles for security awareness delivery.
- Leads team members in collecting and analyzing metrics to measure and report the effectiveness of security solutions.
- Works with management to ensure institutional conformance with legal, ethical, accreditation, licensure, certification, and other administrative requirements regarding information security.
- Leads the development of special security certifications, reports and maintenance plans required to meet the compliance and audit standards and requirements related to information security that are found in Federal and State laws, and Healthcare industry.