Information Security Analyst II (Security / Identity Access Management (IAM) Analyst)

Minimum Education

Bachelor's Degree Bachelor's degree in a computer science, math, engineering, or another relevant discipline or equivalent training and work experience (Required)

Minimum Work Experience

3 years of experience in cybersecurity with a focus on vulnerability management, cybersecurity operations, analysis, forensics and/or investigations (Required)

Required Skills/Knowledge

Some demonstrated ability to apply key cybersecurity practices, controls, and frameworks

Excellent written and verbal communication and presentation skills; interpersonal and collaborative skills; and the ability to communicate information risk-related concepts to technical as well as nontechnical audiences

Understanding and some application of practices associated with cybersecurity auditing, compliance, and policy

Understanding of and some application of key practices associated with risk assessment, vulnerability management, penetration testing, and threat identification.

Understanding and some application of controls and practices associated with access management, active directory, privileged account management, and authentication

Understanding and some application of key practices associated with incident response, risk remediation, business continuity, disaster recovery, and cyber operations.

Functional Accountabilities

Cyber Analysis

• Responsible for tasks involved in the identification, documentation, and reporting of cyber risks
• Execute tasking for development and documentation of cybersecurity policies, standards, and procedures.
• Engage directly with other CNH business units to ensure security of assets, applications, and data
• Responsible for the documentation of procedures associated with managing access to CNH systems, data, and other assets
• Engages in tasks associated with cybersecurity incidents, as required
  
  

Organizational Accountabilities

Organizational Commitment/Identification

• Anticipate and responds to customer needs; follows up until needs are met
  
  

Teamwork/Communication

• Demonstrate collaborative and respectful behavior
• Partner with all team members to achieve goals
• Receptive to others’ ideas and opinions
  
  

Performance Improvement/Problem-solving

• Contribute to a positive work environment
• Demonstrate flexibility and willingness to change
• Identify opportunities to improve clinical and administrative processes
• Make appropriate decisions, using sound judgment
  
  

Cost Management/Financial Responsibility

• Use resources efficiently
• Search for less costly ways of doing things
  
  

Safety

• Speak up when team members appear to exhibit unsafe behavior or performance
• Continuously validate and verify information needed for decision making or documentation
• Stop in the face of uncertainty and takes time to resolve the situation
• Demonstrate accurate, clear and timely verbal and written communication
• Actively promote safety for patients, families, visitors and co-workers
• Attend carefully to important details - practicing Stop, Think, Act and Review in order to self-check behavior and performance
  
  

The Information Security Analyst II, Workday is responsible for configuring, maintaining, and advising on security within the Workday application. This includes managing domain security policies, roles, and role assignments within Sailpoint for identity and access management. The analyst will coordinate with vendors, ensure compliance with divisional and data security policies, and participate in report reviews to maintain security and data privacy standards. The Information Security Analyst II supports the InfoSec mission of securing the patient experience. This position executes tasks associated with analysis and remediation of information security risks that could lead to compromise of Children's National systems. Individuals in this position will execute tasks including the cataloging of risks, identification and remediation of vulnerabilities, role and identity definition and management, securing of data, and establishment of policies and standards.