The Security Analyst, Sr. establishes and performs procedures necessary to ensure the security of information systems assets and to protect them from intentional or inadvertent access or destruction in accordance with company policies and external requirements such as HIPAA, DHCS, OIG and other relevant regulatory requirements. This role is responsible for the creation, maintenance and oversight of the enterprise-wide security program. Furthermore, the position is responsible for conducting comprehensive analysis of information security systems and applications in order to enhance information security and drive strategic solutions. This position will also sit on various project teams to ensure that application security is embedded within the systems development lifecycle. The Security Analyst, Sr. is a technologist but understands the critical balance between technology and security. 

POSITION RESPONSIBILITIES:

• Performs vulnerability assessments and penetration tests of technology platforms and provides internal customers with recommendations and analysis of key risks, metrics, and remediation plans.
• Conducts security audits and performs risk assessment of internal systems and facilities against established standards in order to engage in threat modeling and to identify best practices and configuration standards for technology platforms.
• Works and confers with business and IS management to understand business and data access needs, security violations to establish action plans, determine priorities and provide project oversight as needed.
• Directs and leads project teams in response to vulnerability alerts and ensures application, system, and network compliance with vulnerability mitigation requirements as well as the implementation of security measures to meet corporate security policies and external regulations (e.g., HIPAA and OIG).
• Utilizes formal and informal written communication methods (e.g., emails, newsletters, PowerPoint presentations, executive updates, task lists, updates) to communicate updates and findings; and facilitates project meetings and presentations to all types of diverse audiences (e.g., senior management, customers, technical staff).
• Documents computer security and emergency measures policies, procedures, and trains users and promotes enterprise wide security awareness to ensure system security and to improve business efficiency.
• Monitors use of data files and regulates access to safeguard information in computer files.
• Develops security plans to safeguard computer files against accidental or unauthorized modification, destruction, or disclosure and to meet emergency BCP/DR needs; works with staff and outside vendors as needed to create and implement plans.
• Evaluates information to determine compliance with standards - uses relevant information and individual judgment to determine whether events, processes, and new security technology complies with laws, regulations, or standards; weighs business needs against security concerns.
• Heads up efforts for all internal and external audit remediation efforts/activities as it relates to security.
• Other projects and duties as assigned.

Required Skills

• Maintain expert level knowledge of the tools and processes required by the role and serve as a technical lead in your area of expertise.
• Function well in large-scale, complex, cross-functional/platform environments.
• Maintain strong individual performance and research with advanced analytical and critical thinking skills while also sharing knowledge, coaching, and mentoring others.
• Communicate clearly and concisely, both verbally and in writing, including utilizing excellent interpersonal and customer service skills.
• Make judgment calls in the presence of competing priorities and incomplete data.
• Maintain the highest levels of trust, reliability, and dependability, considering the extremely sensitive and confidential nature of the investigative work involved in this role.
• Utilize and access computer and appropriate software (e.g. Microsoft Office; Word, Excel, PowerPoint) and job-specific systems to produce correspondence, charts, spreadsheets, and/or other information applicable to the position assignment.

Required Experience

EXPERIENCE & EDUCATION:

• Bachelor's degree in Management Information Systems, Computer Science, Engineering, and/or equivalent work experience is required.
• Advanced Security Certifications required.  Acceptable security certifications include: CISSP, CISA, CISM, HCISPP, CRISC.
• 7 years of information technology experience is required.

KNOWLEDGE OF:

• Windows Server administration.
• Microsoft Exchange.
• Active Directory and Group Policy.
• SQL Server Administration.
• Switching, routing, VLANs, firewalls, IPS, Endpoint Protection, MDM, DLP, web filtering, load balancer, O365, and basic scripting.
• Security Framework: HITRUST, NIST, CIS, ISO27001 and strong technical and analytical skills, particularly within information security.

Grade:  O

#CB

• Maintain expert level knowledge of the tools and processes required by the role and serve as a technical lead in your area of expertise.
• Function well in large-scale, complex, cross-functional/platform environments.
• Maintain strong individual performance and research with advanced analytical and critical thinking skills while also sharing knowledge, coaching, and mentoring others.
• Communicate clearly and concisely, both verbally and in writing, including utilizing excellent interpersonal and customer service skills.
• Make judgment calls in the presence of competing priorities and incomplete data.
• Maintain the highest levels of trust, reliability, and dependability, considering the extremely sensitive and confidential nature of the investigative work involved in this role.
• Utilize and access computer and appropriate software (e.g. Microsoft Office; Word, Excel, PowerPoint) and job-specific systems to produce correspondence, charts, spreadsheets, and/or other information applicable to the position assignment.