The Information Security Analyst supports the IT Security Manager, business lines and employees with governance, compliance and communication of MedData information security policies, procedures and standards. The IT Security Analyst functions as the focal point for information security compliance activities. Working with Information Technology team, this position will monitor/assess MedData’s business continuity program, review security logs, application vulnerability assessment scans and risk assessment reviews.
ESSENTIAL DUTIES AND RESPONSIBILITIES
- Develop policies and procedures which enable agreed upon best security practices in the organization. The IT Security Analyst coordinates and administers documentation for security processes and procedures for department and company.
- Enforcement of standards, responding promptly to detected offenses, developing corrective action, and reporting findings to the IT Security Manager.
- Work closely with Infrastructure team to assess security ramifications with all IT projects.
- Coordinate response to information security incidents.
- Coordinate and execute IT security projects.
- Conduct company-wide data classification assessment and security audits and manage remediation plans.
- Create, manage and maintain user security awareness training.
- Provides on-call support as required, co-administers key applications assisting the IT Systems Engineers and provides assistance for security related incident response.
- Provides security positioning statements and consultation as it relates to company requirements.
- Maintain awareness of HIPAA/SOX/PCI controls and regulations which affect MedData’s infrastructure and participate in change management procedures and protocols. Serve as a point of contact for internal and external auditors for evidence collection and remediation planning.
- Assist with mitigation of known vulnerabilities identified from vulnerability (Qualys) scans.
- Other duties as assigned.
QUALIFICATIONS AND REQUIREMENTS
To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the knowledge, skill, and/or ability required.
- Bachelor's degree from a four-year college or university; and five years related experience and/or training; or equivalent combination of education and experience. Security+, CISSP, CISM, GSEC and MCTS certifications a plus.
- Strong technical and practical experience in 3 or more areas of the security program: Application Security, Information Protection, Endpoint Management, Physical Protections, Awareness and Training, Risk Management, Threat Mitigation, Identity and Access Management, Incident Response, and Network Security.
- Strong technical knowledge of security protocols including but not limited to:
- LDAP and Active Directory Services
- Federation and Single Sign on
- Microsoft SQL Server, including SQL 2012 and above.
- Sharepoint Server and IIS
- SSL/TLS, IPSec, PKI
- Strong working knowledge of System and Application Monitoring tools such as Solarwinds, Idera SCM and Qualys.
- Extensive application support experience with entitlement reviews on access controls for backend applications and browser based applications.
- Healthcare and Finance sector knowledge preferred
- Ability to conduct and direct research into IT issues and products.
- Keen attention to detail with proven analytical, evaluative, and problem solving abilities.
- Ability to effectively communicate both in writing and verbally.
- Ability to multi-task; excellent organizational and planning skills required.
- Other duties as assigned.
The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
While performing the duties of this job, the employee is frequently required to sit; use hands to finger, handle, or feel; and reach with hands and arms. The employee is occasionally required to stand and walk and must occasionally lift and/or move up to 50 pounds.
The duties listed above are intended only as illustrations of the various types of work that may be performed. The omission of specific statements of duties does not exclude them from the position if the work is similar, related, or a logical assignment to the position.
This job description is to serve as a guide but no way is it to be considered a comprehensive list of task, duties and responsibilities that will be required by the employee.
To join our team of 2,000 employees and growing, please apply directly to this posting.
MedData is an equal opportunity employer.