Security Compliance Analyst
The Information Security Analyst is responsible for supporting and improving the information security governance, risk, and compliance function.
Develops, implements, and ensures compliance of policies to protect the confidentiality, integrity, and availability of the organization's data. Identifies information risk, recommends appropriate risk treatment plans, and facilitates and monitors risk remediation tasks. Provides security training and promotes security awareness across the organization. Captures and documents results of control testing and facilitates and supports audit activities.
· Management of IT security and IT risk (e.g., data systems, network and/or web) across the enterprise.
· Monitoring and advising on information security issues relating to the systems to ensure the internal security controls for the organization are appropriate and operating as intended.
· Participate in the planning, design and implementation of enterprise security architecture.
· Serve as project manager/lead within IT security projects.
· Developing policies, procedures, and standards that meet existing and newly developed policy and regulatory requirements such as HIPAA, HiTRUST and PCI.
· Creating, managing, and maintaining IT security awareness and risk/training curriculum.
· Planning, coordinating, managing, or performing both internal and external security assessments.
· Verifying the security of third-party vendors and collaborating with them to meet security requirements
· Coordinating with users to facilitate the implementation of all information security policies and development of information security standards and procedures.
· Defining and documenting relevant information security principles, practices and delivers timely reports on relevant information security metrics.
· Any other duties as required
· Microsoft SCCM
· WinMagic for encryption
· Fortiguard firewall
· Forticlient for malware and certain DLP functions
· FireEye and Barracuda for email security
· Knowledge of Microsoft AD
· Tenable Nessus vulnerability management
· Typically, seven (7) or more years of information security or compliance experience.
· Experience administering IT security controls in an organization.
· Knowledge of technical infrastructure, networks, databases and systems in relation to IT Security and IT Risk.
· Experience with IPS/IDS and SIEM technologies.
· Certified Information Systems Security Professional (CISSP), or related certification.
· Prior experience working within a health service organization preferred.
· Strong communication skills with the ability to influence across multiple levels and departments.
· Experience with information security in Cloud environments (SaaS, PaaS, IaaS) preferred.
Bachelor's degree, Information Systems, Computer Science, Information Security or related field; or equivalent work experience.