Cyber Security Analyst I - IM Security

Summary:

The Cyber Security Analyst I is responsible for the review and implementation of IT Governance, Risk and Compliance (GRC) aspects of the business. This position will work closely with business stakeholders and junior Cyber Analysts during contract negotiations and will conduct Vendor Risk Assessments (VRA) and Application Risk Assessments (ARA) using industry NIST/ISO best practices. This position should have a strong understanding of Security Governance frameworks/standards such as HIPAA, PCI/DSS, NIST and ISO. Additionally, the ability to work with structure policies and procedures along with keeping such documents current is critical. Further, this position requires exceptional customer service skills with the ability to communicate with many internal/external customers at different levels within the organizational hierarchy. The Cyber Security Analyst II is also responsible for supporting the business goals and objectives for the Department, the Information Management Organization, and the organization as a whole.

Responsibilities:

• Review Contracts– Identify and classify Information Security Risks.
• Perform Vendor Risk Assessments– work with business stakeholders to classify and mitigate identified security risks.
• Provide daily support of Business Stakeholders as assigned by the Security Assurance ticketing system and peer reviews of other Cyber Team Members work.
• Research and understand emerging information security threats and vulnerabilities
• Perform “other” risk assessments under the guidance of the Director of Information Security; such as HIPAA, PCI/DSS, etc...
• Assist with the selection and implementation of tools which enforce or monitor compliance with information security policies, standards and requirements
• Provide after hours coverage for security event monitoring and incident response.
• Teamwork– Maintains and demonstrates the ability to work well on assigned tasks through actions and job performance. Collaborates with and assists IM leaders, directors and staff in the fulfillment of corporate objectives and goals. Communication: Follows approved mechanisms to document and report on all incidents/events. Escalates issues appropriately. Assist in the development of the security plan.

Requirements:

Education/Skills:

• Bachelor’s degree in Computer Science, Information Systems, Business Management or related field preferred

Experience:

• 3+ Years working in a Security Assurance role – Healthcare Experience a Plus.

Licenses, Registrations, or Certifications:

• CISA, CISM, CISSP, PMP or similar (preferred)

Work Schedule:

8AM - 5PM Monday-Friday

Work Type:

Full Time