Job Description

IT SECURITY ANALYST

RESPONSIBILITIES:

• Implement enterprise wide security plans
• Establish and maintain system controls by developing framework 
• Create and update policies associated with HIPAA and PCI DSS requirements. 
• Plan, design, implement and maintain IT Governance, Risk & Compliance initiatives 
• Develop orientation, educational programs, and on-going communication on security
• Conduct network monitoring and intrusion detection analysis 
• Facilitate the design and execution of vulnerability assessments, penetration tests
• Prepare documentation, files and requested information for audits 
• Maintain Risk register
• Maintain data security and information confidentiality 
• Conduct forensics analysis to determine the source of threats and malicious activity
• Participate in the on-call rotation to support technical issues and end user support

REQUIREMENTS: 

• Working experience conducting change management in an IT environment 
• Several years in a healthcare environment, strong understanding of HIPAA and HITECH requirements. 
• Experience supporting or conducting audits within a regulated environment 
• Experience building and maintaining an enterprise-wide security program 
• Strong understanding or IT risk management and ITIL best practices
• Experience utilizing tools to conduct forensic analysis 
• Next Generation Firewall concepts: Palo Alto, Cisco ASA 
• Experience with Intrusion Prevention Systems 
• Application Firewall administration 
• Internet security applications such as Websense, Zscaler 
• Knowledge of Email encryption systems 
• Vulnerability management system administration 
• Endpoint Admission Control: Cisco ISE, NAP 
• Antivirus administration 
• Knowledge of VPN technologies 
• Experience utilizing tools to validate the extent of known attacks 
• Knowledge of Microsoft-centric products and technology: Active Directory, Exchange, SQL 
• Experience working with networking technologies 
• Experience handling, organizing, tracking, and reporting on user support incidents 
• Experience working with Active Directory, DHCP, DNS, and Group Policy 
• Understanding of the operational procedures in a medical setting 
• Understanding of Change Control software