Information Security Analyst

The role and responsibilities are to plan and execute the development of Information Systems security solutions in response to business requirements that include network, cyber, physical and facility security technologies, policies, plans, processes and procedures, tools and systems. Lead internal audits of key processes, technologies, and integrations to ensure they meet regulatory and company requirements.

This position involves understanding and taking steps to mitigate the risks associated with collecting, storing and transmitting data in a business setting. Implementing security measures that help prevent security breaches and analyzing any breeches that do occur.

ESSENTIAL JOB DUTIES AND RESPONSIBILITIES:

• Development and maintaining the Information Security Program for Best Doctors and its affiliates
• Development and testing of Disaster Recovery/Business Continuity plans
• Analyze IT system specifications to assess security risks
• Design and implement safety measures
• Manage physical and logical security system access
• Install, configure, and upgrade security software
• Inspect software and firmware of hardware and systems for vulnerable points of access
• Monitor network activity to identify issues early and communicate them to IT teams
• Collaborate with the IT Team on privacy breaches and malware threats
• Perform code security vulnerability assessments
• Serve as a security expert and conduct training when needed
• Identify necessary Incident Response actions needed to mitigate threats.
• Serve as a resource for security and compliance activities with a focus on assessing security risk and assisting in formulating a prioritized approach to addressing the identified risk(s). Individual will also support other organizational compliance and security efforts including application risk assessments, server and application scanning, etc.
• Confer with project and/or cross-functional teams through strong communication. Set priorities, balances workload and resources available while driving project execution.
• Engage with technology and business partners to ensure compliance with required assessments per company policy/standards; perform quality assurance validation of issues and assessments prior to closure or completion.
• Assist in testing and reporting the effectiveness of IT security controls.
• Coordination of Pen. Testing and action items management
• Lead audit response activities to address IPS issues identified by Internal Audit or external auditors
• Conduct gap analyses for existing processes, as needed and to ensure identified gaps are addressed.
• Participate in major IT/special projects as an internal security & compliance consultant to provide direction, review and support by bringing an awareness and focus on security, compliance or regulatory concerns.
• Continually update knowledge of security, compliance, and regulatory issues that will impact FirstService Residential by keeping current with trends and issues in the industry, including current and evolving technologies.
• Reviews detailed reports on the vulnerabilities of systems and helps prioritize an approach to address the gaps via industry standard practices. Will be expected to utilize NIST, ITIL or other practice methodologies to assess our operations.

DESIRED MINIMUM QUALIFICATIONS:

Education and Experience:

• Showed an ability to collaborate with other functional areas and across business units.
• Ability to plan and communicate effectively with a multicultural team
• Develop effective project plans independently as well as collaborating with cross-functional
  teams.
• Experience in DOS, Cyber Security, and Information Technology project management.
• Experience with SEIM tools
• Experience with AWS, Azure, of GCP preferred
• Prior audit experience in a healthcare setting preferred
• Experience with global platforms spanning multiple regulatory jurisdictions is preferred
• Excellent time management skills
• Positive attitude
• Ability to work and effectively communicate as a team player
• BS or BA degree in a related field or equivalent work experience
• Requires a minimum of 5 years of related security experience or equivalent industry certifications
• Completion of security certifications (CISSP, GCIA, GCIH, GREM, CEH, CIH, CISA, or CISM) is preferred
• Strong communication, influence, and leadership skills
• Strong organizational skills with the ability to multitask in a fast-paced environment and manage multiple deadlines and priorities
• Ability to perform after-hours work and to be on-call during information security testing when needed
• Participate in, or lead testing, evaluation, upgrade, and implementation of new and existing security applications to address emerging threats and vulnerabilities
• A growing interest in information security, data privacy, or information technology auditing
• Possess excellent oral and written communication skills to prepare audit reports and discuss audit findings and recommendations with management
• Demonstrate strong problem-solving abilities and will be capable of proactively finding solutions to various problems and issues
• Bilingual (English and Spanish), both written and spoken required.
• Written and oral communication skills
• Strong team-oriented interpersonal skills
• Strong analytical skills
• On-call availability and ability to work under pressure
• Keep current with Security trends and issues in the IT industry, including current and evolving security technologies