IS Data Security Analyst

• Assist in recommending, managing and administering application vulnerability assessment tool(s).
• Assist with interpreted results of assessment report from the tool.
• Coordinate with third party application providers to access their secure development practices.
• Access application vulnerabilities of third-party applications and manage their remediation working with the providers.
• Assist with maintaining a regiment of application vulnerability assessments and management of critical applications.
• Coordinate application security assessments of both internal and external application developer/providers including M365 environment.
• Provide assessment /audit support.
• Identify, analyze, monitor and minimize areas of risk that pertain to application security.
• Assess the organization’s security measures, such as firewalls, anti-virus software and passwords, to identify any weak points that might make information systems vulnerable to attack.
• Assist in performing security risk assessments and may carry out simulated attacks to test the efficiency of security measures.
• Assist in prioritizing security coverage to ensure that strategically important data, such as commercial information or personal data, receives the highest levels of protection.
• Provide assistance to staff, explaining security risks and promoting good practices, such as using strong passwords and protecting data when they use mobile devices outside the office.
• Set up procedures and automated processes to monitor the status of computers and networks.
• Analyze reports generated by the monitoring system to identify trends that might indicate a future risk.
• Must stay abreast of emerging and changing security standards, regulations and requirements.
• Assist and provide consultation/assessment of security risks for all new applications and perform technical security assessments.
• Assist with design, presentation and administering integrated technology solutions architecture, strategies, policies and standards.
• Recommend changes in existing products or services that result in cost reductions or increased end-user productivity and enhance overall data security.
• Ensure system availability, scalability, security and other system performance goals are met in coordination with ITD resources.
•  Help to lead complex systems integration(s) projects through demonstrated ability to achieve deliverables on time and on budget. (Integrations of existing security Platforms for intel sharing and response.)
• Provide guidance and assist ITD division network and systems administrators with the development of network, server and endpoint configuration guidelines.

Complexity of Work:

• Understanding of networking/distributed computing environment concepts.
• Requires familiarity with complex domain structures, user authentication mechanisms and cryptography.
• Has in-depth knowledge of intrusion detection and data correlation.
• Practical knowledge of network topology and the underlying OSI model. 
• Understands principles of client/server configuration.
• Excellent knowledge of security technology and strong analytical skills.
• Strong analytical, administrative, presentation, and project management skills are required.
• Must have strong communication skills (both written and verbal) and the ability to work independently.

Work Experience:

• High School Diploma/GED: A minimum of 5 years of Information, Clinical or Financial Systems experience required, including directing, planning and scheduling a major information system project, with at least 5 years of Cyber Security required.
• Bachelor’s Degree: A minimum of 3 years of Information, Cyber Security, Clinical or Financial Systems experience required, including directing, planning and scheduling a major information system project, with at least 5 years of Cyber Security required.
• Both Bachelor’s Degree and High School Diploma/GED: Experience in providing specialized technical expertise and support to clients, IT management, and staff in risk assessments, implementation and operational aspects of Cybersecurity procedures and products required.

Physical Requirements:

• Requires the ability to sit and be stationary for prolonged periods of time, normal or corrected vision and manual dexterity sufficient to perform work on a personal computer.
• Requires the ability to walk to various locations throughout the organization and to function in a stressful environment.