Information Security Analyst - FT, Days

Inspire health. Serve with compassion. Be the difference. Job Summary The Information Security Analyst II assists in developing, implementing and administering plans, policies and procedures, techniques, and services ensuring ongoing compliance and security of Prisma Health information resources. Assists with risk and compliance assessments and/or audits of organizational systems, SaaS, PaaS, IaaS services and processes, assists in interpreting results, and developing and communication recommendations for improvement to management. Assists with review, development and maintenance of security policies. Assists with Third Party Risk Assessments and recommends controls and monitors the effectiveness of the controls after implementation. Provides enterprise-wide, risk-based security and continuity capabilities to meet changing internal and external threat landscapes. This includes responsibility for identifying and protecting sensitive information, detecting and responding to cyber threats, and maintaining compliance with regulatory requirements and industry standards. Provides security training and awareness delivery. Performs a security advocacy role and act as a liaison with business units for issues related to information security and ongoing compliance maintenance. Accountabilities Supports security awareness training to organization employees. Administer Security Awareness Training Program (research and update content, rollout, employee training participation verification, reporting on hosted LMS). Provides on-demand targeted security training supporting key initiatives. 10% Supports vulnerability management program to ensure vulnerabilities across the enterprise are identified and remediated. Vulnerabilities to include common infrastructure systems and services, third party platforms, vendor managed medical systems, hosted web-services and software development code vulnerabilities. Reviews and verify security patch processes to ensure all patches are applied to within policy guidelines. 15% Supports Governance Risk and Compliance platform. Ensure risk is accurately tracked across the enterprise. Document, review and maintain controls, control activities, conduct control mapping across multiple frameworks and regulatory requirements.10% Supports third party risk and compliance assessment engagements. Perform internal system/platform risk assessments and audits. Responsible for answering security compliance assessment questionnaires and RFP's. 10% 5Supports Information Security Program to ensure enterprise level framework including defining, implementing and enforcing policies, standards and practices to protect the business, information and resources. 10% Assist with the implementation and management of an incident response plan and reporting process to address security breaches, and respond to alleged policy violations or complaints. Participate on the incident response team to contain, and investigate incidents then prepare a plan to prevent future similar incidents. 10% Assists with development of information security reports and metrics for staff, management and executive presentations.10% Assists with the development of security standards, policies and procedures and best practices for the organization.10% Stays current on all regulations, laws, security frameworks and certifications. Research the latest information technology (IT) security trends and threats. 10% Assist technical staff to support security efforts as directed by management. 10% Supervisory/Management Responsibilities This is a non-management job that will report to a supervisor, manager, director or executive. Minimum Requirements Bachelor's Degree - Computer Science, Information Security or business with technical experience. 5 years - Combined equivalent technical and information security. In lieu of In Lieu of the education and experience requirements noted above, a combination of acceptable experience, education and certifications will be considered. Required Certifications, Registrations, Licenses One or more certifications CISSP, CISA, CISM, CRISC, Security - Preferred. Knowledge, Skills or Abilities Basic computer skills including spreadsheets, databases and date entry. Understanding of multiple regulatory requirements and frameworks (ex. NIST, ISO, PCI DSS, HIPAA, GDPR, CCPA). Understanding of certifications SOC 1 and 2, Hitrust and ISO 27001. Work Shift Day (United States of America) Location Greenville Memorial Med Campus Facility 7001 Corporate Department 70019411 Information Security Share your talent with us! Our vision is simple: to transform healthcare for the benefits of the communities we serve. The transformation of healthcare requires talented individuals in every role here at Prisma Health. Prisma Health is the largest not-for-profit health organization in South Carolina, serving more than 1.2 million patients annually. Our 32,000 team members are dedicated to supporting the health and well-being of you and your family. Our promise is to: Inspire health. Serve with compassion. Be the difference.