Systems and Security Analyst

Join Southern Colorado’s premier imaging team, Colorado Springs Radiologists, PC/PENRAD Imaging LLC! With 6 locations along the front range and over 40 years of A+ ratings from the BBB, Colorado Springs Radiologists, PC/PENRAD Imaging LLC has a long tradition of delivering state-of-the-art imaging to our community.

We are currently looking for enthusiastic, self-motivated, career-oriented applicants to join our team.

Colorado Springs Radiologists, PC/PENRAD Imaging, LLC currently has a full time Systems and Security Analyst position available.

If you are committed to providing exceptional IT services with compassion and kindness, we are looking for you.

As a PENRAD Imaging Systems and Security Analyst, you will utilize your expertise to:

The Systems and Security Analyst plays a critical role in safeguarding the organization's information technology infrastructure. Through technical analysis, design, installation, maintenance and modification of systems and networks, this position involves both proactive and reactive measures to ensure system integrity, security, and optimal performance. The analyst will monitor systems for vulnerabilities, implement security protocols, manage user access, and respond to security incidents while maintaining efficient system operations. Working independently under project objectives and requirements, the analyst will notify director of progress and/or complications. The analyst produces innovative solutions for a variety of complex problems. This position also includes duties as the Security Officer responsible for all ongoing activities related to the availability, integrity and confidentiality of patient, provider, employee, and business information in compliance with the healthcare organization's security policies and procedures, regulations and law.

Essential Functions:

• Security Monitoring: Continuously monitors networks and systems for security breaches using security information and event management (SIEM) tools. Analyzes alerts and events to identify potential threats.

• Incident Response: Responds to security incidents by conducting thorough investigations, containing breaches, mitigating risks, and documenting findings for future reference. Reports on breaches of patient information, working in tandem with the Privacy Officer as necessary.

• System Administration: Throughout installation, configuration, maintenance, and optimization of systems and applications, ensures that all systems are running efficiently while adhering to security best practices. Manages security application software, infrastructure and third-party environments. Able to troubleshoot all Windows Servers 2016 and above, WSUS, AD, DNS, DHCP, and GP.

• Testing and Planning: Defines and coordinates the execution of testing procedures and develops test cases to serve the overall quality assurance process. Develops and implements maintenance and support procedures to comply with security best practices. Designs, tests, implements, and maintains software for delivery of security measures. Communicates and coordinates changes and downtime to users.

• Vulnerability Management: Conducts regular vulnerability assessments and penetration tests to identify weaknesses in systems and/or network architecture. Recommends and completes remediation strategies based on assessment results. Ensures systems and machines receive regular patching and updates. Communicates patching plans, according to policy, with stakeholders for review and approval.

• Access Control Management: Manage user accounts and permissions across various systems. Implement access control policies to ensure secure access to buildings and sensitive data. Regularly audits system and user accounts for password compliance, access levels and activity.

• Documentation & Reporting: Maintain comprehensive documentation regarding system configurations, workflows, security policies, incident reports, and compliance records. Prepare regular reports on security status for stakeholders. Regularly updates policies and procedures related to security and HIPAA.

• Backup & Recovery Planning: Develops and implements backup solutions as well as disaster recovery plans to ensure business continuity in case of data loss or system failures. Runs regular system and data restores.

• Training & Awareness: Develop educational materials and conduct training sessions to promote awareness of security best practices among staff members.

• Research and Development: Stays current with technological developments in software, systems and security advancements. Maintains ongoing relationships with vendors, conducting periodic evaluations and quarterly business reviews. Recommends new solutions and tools through use cases and proposals. Participates in vendor and system selection.

• Compliance Assurance: Ensure adherence to industry regulations (e.g., HIPAA). Completes yearly HIPAA and Security Risk Assessments. Requests and reviews Security Risk Assessments from third-party vendors. Regularly meets with vCISO representative to ensure best practices and compliancy is met.

• Other duties: Provides back-up desktop support to Radiologists, employees and external-facing users as needed. Responds in a timely manner to On-Call and Call-Back duties. Interfaces with radiologists, management, and staff to encourage open lines of communication between departments. Performs other reasonably related duties as assigned.

Security Officer duties:

• In association with the organization's Security Committee and Compliance Committee, develops information security policies and procedures.
• Implementation of the organization's information security policies and procedures.
• Coordinates the information security compliance activities.
• Is a member of and schedules quarterly meetings of the Security Steering Committee.
• Provides security training to the workforce, ensuring completion from every member.
• Monitors compliance with the organization's security policies and procedures among employees, contractors and other third parties.
• Creates, manages and supervises security incident response.
• Implements and monitors internal control systems to ensure that appropriate information access levels are maintained.
• Performs information security risk assessment and periodic information system activity reviews for information security processes.
• Coordinates the development of the organizations disaster recovery and business continuity plans for information systems, and tests readiness.
• Serves as an internal information security consultant to the organization working in conjunction with vCISO representation.
• Monitors advancements in information security technologies.
• Monitors changes in legislation and accreditation standards that affect information security.
• Initiates, facilitates, and promotes activities to foster information security awareness within the organization.
• Reviews all system-related information security plans throughout the organization's network and acts as a liaison to the Information Technology and Radiology Informatics Department, privacy officer, and Security and Privacy Committees.

Qualified Applicants will require:

• Education / Experience: High School diploma or GED required; bachelor’s degree or higher in a related field preferred or an equivalent combination of education and experience. Experience configuring and working in VMWare, SAN storage networks, and Citrix Systems is required. A minimum of 5 years working with information systems and security.
• Desirable or Special Qualifications or Certifications: CompTIA A+, CISSP, VMWare and Microsoft certifications.

In addition to competitive wages, vacation and sick time accrual, and holiday pay, PENRAD Imaging’s benefit package includes (for eligible employees):

• Three low-cost medical insurance options;
  
• A generous health savings account contribution for those electing the High Deductible medical plan;
• Excellent, low cost dental insurance for you and your family;
• Voluntary benefits that include vision, short-term disability, accident and critical illness insurance options;
• Life insurance and Long-Term Disability, upon meeting eligibility requirements;
• A phenomenal 401(k) plan*, which includes
  • Safe Harbor Employer Contribution
  • Non-Elective Employer Contribution and
  • A generous Employer Matching Contribution
    
    • 401(k) benefit available upon meeting eligibility requirements.

Disclaimer: The above statements are intended to describe the general nature and level of work being performed by people assigned to this job. These statements are not intended to be an exhaustive list of all responsibilities, duties and skills of personnel so classified, nor are these statements intended to create a contract of employment between the employee and Colorado Springs Radiologists, P.C.

Colorado Springs Radiologists, P.C. is an at-will employer.