Security Analyst

Job Description

Our client is looking for a Security Analyst to join their Team! The Security Analyst will support working within the information security to aide in the support of governance, risk, and compliance initiatives and perform risk responses, acceptance or mitigation, for Management and external Client inquiries that properly illustrates how the organization is enforcing established security controls to properly illustrate data protection and risk management. The analyst will also ensure compliance with the policies and procedures necessary to ensure the security of information system assets and to protect them from intentional or inadvertent access, disclosure, or destruction in accordance with company policies and external requirements such as HIPAA, HITRUST, SSAE-18 and PCI. The analyst will coordinate security awareness efforts for the organization.

Responsibilities in this role include:

• Analyze vulnerability assessment data to identify technical risks to the organization
• Support the identification and impact classification for new vulnerabilities identified in the environment
• Execute and support vulnerability assessments, penetration testing and social engineering activities
• Provide the Information Security and IT Security team information on the emerging cyber threat landscape, including threat actor tactics, techniques, and procedures
• Support IS in achieving the vision and strategic objectives of the function
• Support leadership to identify capability gaps in vulnerability management services
• Conduct analysis and aggregation of vulnerability data from various sources
• Manage and utilize IS tools such as DLP, Code scanner, external security profile, etc. to analyze gaps in security controls
• Participate in the IT SDLC program to ensure that security is included in project by default and by design
• Develop strong working relationships with other departments and potentially clients across the organization to ensure a high degree of security compliance client satisfaction
• Brief IS leadership on vulnerability assessment results and potential risks
• Continue self-development of knowledge, skills and abilities to better support execution of the Information Security (IS) function

Top skills you need to have:

• Bachelor’s degree computer science, IT or equivalent
• 5 years of experience in IT or IS
• Experience with major standards such as: SOC 1-2, ISO 27001/2, PCI DSS, HITRUST, SANS, NIST
• Demonstrated experience in implementing compliance frameworks for financial services organization or organizations with similar information security needs and requirements
• Familiarity and understanding of broad range of IT hardware and software products
• Strong project management skills
• Excellent presentation, verbal communication, and written skills
• Excellent analytical and problem-solving skills
• Experience managing typical enterprise security and intrusion detection systems
• Ability to work in a collaborative environment across business and technology teams

Preferred:

• Certified Information Systems Security Profession (CISSP), PCI DSS, Certified HIPAA Privacy Security Expert (CHPSE), Certified Information Security manager (CISM), Global Information Assurance Certification (GIAC), or related.
• Experience or knowledge with healthcare or health insurance
• Knowledge of CMS and HIPAA related vendor requirements
• Working knowledge of Security SDLC tools