The Information Security Analyst is responsible for supporting and improving the information security governance, risk, and compliance function.
Develops, implements, and ensures compliance of policies to protect the confidentiality, integrity, and availability of the organization's data. Identifies information risk, recommends appropriate risk treatment plans, and facilitates and monitors risk remediation tasks. Provides security training and promotes security awareness across the organization. Captures and documents results of control testing and facilitates and supports audit activities.
· Management of IT security and IT risk (e.g., data systems, network and/or web) across the enterprise.
· Monitoring and advising on information security issues relating to the systems at company to ensure the internal security controls for the organization are appropriate and operating as intended.
· Participate in the planning, design and implementation of enterprise security architecture.
· Serve as project manager/lead within IT security projects.
· Developing policies, procedures, and standards that meet existing and newly developed policy and regulatory requirements such as HIPAA, HiTRUST and PCI.
· Creating, managing, and maintaining IT security awareness and risk/training curriculum.
· Planning, coordinating, managing, or performing both internal and external security assessments.
· Verifying the security of third-party vendors and collaborating with them to meet security requirements
· Coordinating with users to facilitate the implementation of all information security policies and development of information security standards and procedures.
· Defining and documenting relevant information security principles, practices and delivers timely reports on relevant information security metrics.