The Associate IT Security Analyst supports IT Department, JHAH IT leads, cloud environment, business lines and employees with governance, compliance and communication of JHAH's information security policies, procedures and standards. The IT Security Analyst functions as the focal point for information security compliance activities.
The candidate will create, manage and maintain user security awareness training, provides on-call support as required, co-administers key applications assisting the IT System Engineer and provides assistance for security related incident response, provides security positioning statements and consultation as it relates to company and SaaS/IaaS/PaaS environment for RFP s, collaborate with IT management, legal department, safety and security, and law enforcement agencies to manage security vulnerabilities and manage security tools, hardware and vulnerabilities scanning tools to ensure they meet compliance requirements
JHAH IT leads, Team members, Supervisors and JHAH managers and administrators
• Monitor and assess JHAH business continuity program and disaster recovery program;
• Assist with network penetration tests, application vulnerability assessment scans and risk assessment reviews;
• Develop policies and procedures which enable agreed upon best security practices in the organization;
• Coordinate and administer documentation for security processes and procedures for the department and company;
• Maintain oversight of the compliance management program;
• Enforce standards responding promptly to detect offenses, developing corrective action;
• Coordinate responses to information security incidents;
• Coordinate and execute IT security projects; and
• Conduct company-wide data classification assessment and security audits and manage remediation plans.
Additional Duties, as may be required
• Responsible for determining security requirements by evaluating business strategies and requirements; researching information security standards; conducting system security and vulnerability analyses and risk assessments; studying architecture/platform; identifying integration issues; preparing cost estimates.
• Responsible for planning security systems by evaluating network and security technologies; developing requirements for Applications, local area networks (LANs), wide area networks (WANs), virtual private networks (VPNs), routers, firewalls, and related security and network devices; designs public key infrastructures (PKIs), including use of certification authorities (CAs) and digital signatures as well as hardware and software; adhering to industry standards.
• Responsible for maintaining security by monitoring and ensuring compliance to standards, policies, and procedures; conducting incident response analyses; developing and conducting training programs.
• Responsible for monitoring the security environment; identifying security gaps; evaluating and implementing enhancements
• Design of overarching global security framework, operating model and strategy including related policies and processes
• Implement IT Security policies in accordance with applicable laws, standards and regulations
• Communicate framework, strategy and policies to all relevant internal and external parties
Bachelor s degree in a computer/IT field.
• Up to 5 years of experience with exposure to general system administration;
• Experience and knowledge in securing technical platforms is preferred;
• Experience and knowledge of IT systems/data security as it relates to the cloud environment is preferred
• Understanding of regulations and best practices for technical deployments in a cloud/datacenter environment and healthcare industry is preferred
• Experience and knowledge in secure server and workstation deployment and support.
Certifications/Other requirements as applicable
• General understanding of networking and telecommunications;
• Ability to learn quickly and maintain a diverse workload in a fast-paced environment; and
• Proficiency with Word, Excel, PowerPoint, Microsoft Project, and Visio. Knowledge of information security standards (e.g., ISO 27001/27002, etc.), rules and regulations related to information security and data confidentiality (e.g., HIPAA, HITECH, HITRUST, Etc.);
• Strong communication skills (written, verbal, and listening);
• Security Certifications such as Security+, CISSP, GIAC, and others are desirable;
• Healthcare IT experience is a plus;
• Excellent troubleshooting skills, SAP skills desirable; and
• This position requires some weekend and evening assignments as well as availability during off-hours for participation in scheduled and unscheduled activities.