The IT Security Analyst is a member of the IT Security Operations team who works closely with the other members of the team to deliver a comprehensive information security program and safeguards Shirley Ryan AbilityLab’s valuable information assets.

The analyst works with other IT teams to effectively manage, monitor, and deploy technical controls to meet specific security requirements and follows defined processes and standards to ensure that security configurations are enforced and maintained.

In a demanding 24x7x365 healthcare environment, this position requires a high degree of initiative and hands-on technical knowledge, an up-to-date understanding of the latest security threats and technologies, familiarity with core security frameworks, commitment to ongoing and continuous security improvements as well as a professional demeanor and collaboration skill set.

The IT Security Analyst will demonstrate Shirley Ryan AbilityLab Core Attributes (Communication, Accountability, Flexibility/Adaptability, Judgment/Problem Solving, Customer Service) and Core Values (Hope, Compassion, Discovery, Collaboration, and Commitment to Excellence) while fulfilling job duties.

PRINCIPAL RESPONSIBILITIES

1. Performs administration relevant to security operations for all on-premises, hosted, and cloud infrastructure, storage, applications, systems, and networks.
2. Performs continuous monitoring of security solutions including but not limited to antivirus, encryption, endpoint detection and response, Security Incident and Event Management (SIEM), privileged access management, vulnerability management, threat intelligence, data loss prevention (DLP), and intrusion detection & prevention.
3. Identifies security incidents in the course of monitoring; collaborates with internal and external teams to execute incident response procedures related to containment and eradication; and provides guidance to internal teams to recover from such incidents.
4. Provides emergency, after-hours and weekend support on a rotational basis to respond to priority issues that occur outside of the normal business hours.
5. Executes and proposes improvements to detailed and accurate documentation and procedures related to security practices and processes. Ensures users, service delivery and systems will adhere to documented standards.
6. Assists as needed in conducting security awareness training and phishing simulations.
7. Provides direction to and collaborates with other teams regarding day-to-day operational security items relating to identity and access management as required.
8. Works closely with team members from IT, other business units, and vendors to ensure new systems, applications, subscriptions, services, and processes meet security and vulnerability management requirements.
9. Evaluates vendor security assessments, coordinates periodic internal and external security audits and assists in the development and implementation of post-audit mitigation plans.
10. Builds formal and informal relationships within SRAlab and among business partners and customers to improve the effectiveness of IT Security Operations. Collaborates with all IT teams and promotes ongoing and continuous security improvements.
11. Performs all other duties that may be assigned in the best interest of the Shirley Ryan AbilityLab.

REPORTING RELATIONSHIPS

Reports to Manager of IT Security Operations

WORKING CONDITIONS

1. Normal office environment with little or no exposure to dust or extreme temperature.

Required Skills Required Experience

1. A minimum of five (5) years progressive experience working in Information Technology with at least three (3) years of direct experience in systems security administration, systems audit, or security compliance.

2. Robust and hands-on experience with various security solutions, including antivirus, Security Incident and Event Management (SIEM), encryption, endpoint detection and response, data loss prevention (DLP), intrusion detection & prevention, systems patching, vulnerability management, and threat intelligence.

3. Advanced knowledge and understanding of security configurations and monitoring for Microsoft Active Directory Domain Services, Windows and Linux OS, AWS/Azure cloud, logging and monitoring, user access, perimeter protection principles, network communication protocols, etc.

4. Must understand information security concepts, protocols, industry best practices and strategies. Knowledge of industry regulatory requirements and experience working with internal and external security audit staff as well as remediation practices is required.

5. High degree of initiative and commitment to ongoing and continuous security improvements, a professional demeanor and collaborative spirit to execute projects and complete tasks proficiently.

6. Effective communication and meticulous documentation skills required with a strong ability to develop and present comprehensive security reports to different audiences.

7. Familiarity and knowledge of core security frameworks: HIPAA (Healthcare Insurance Portability and Accountability Act), NIST (National Institute of Standards and Technology), HITRUST (Health Information Trust Alliance), ISO 27000 Series (International Organization of Standardization), etc.

8. Healthcare environment experience and IT security certifications are a plus.

9. Skillful in delivery of superior customer service.

10. General understanding of Cerner and Financial Systems and their integration a plus.

11. Ability to transport and move PCs, printers, and related hardware weighing up to 30 pounds.

About Shirley Ryan AbilityLab

Shirley Ryan AbilityLab is the global leader in physical medicine and rehabilitation for adults and children with the most severe, complex conditions. By joining our team, you will be part of our life-changing Mission and Vision. You’ll work in a truly inclusive environment where diversity and equity are championed through words and actions. You’ll contribute to an innovative culture that is second to none, one that embraces curiosity, discovery and compassion. You’ll play a role in something that’s never been done before as we integrate science and clinical care to help patients achieve better, faster outcomes — as we Advance Human Ability, together.

The above statements are intended to describe the general nature and level of work being performed by people assigned to this classification. They are not intended to be construed as an exhaustive list of all responsibilities, duties and skills required of personnel so classified.

Shirley Ryan AbilityLab is an equal opportunity/affirmative action employer. All qualified applicants will receive consideration for employment without regard to sex, gender identity, sexual orientation, race, color, religion, national origin, disability, protected Veteran status, age, or any other characteristic protected by law.