Information Security Analyst (Governance, Risk, & Compliance)

The Doctors Company is currently seeking an Information Security Analyst. This is a hybrid opportunity based in East Lansing, MI.

Position Mission

The Information Security Analyst works closely with management and senior security team, analyst will assist team to complete tasks designed to ensure the confidentiality, integrity, and availability of the organization's systems and informational assets.  Support incident response and forensics efforts for all security related investigations, including collecting logs, documenting response steps, and collecting critical evidence.   Assist in security risk management processes, including security assessments for both internal and 3rd party systems and software.  Assist in compliance auditing internal systems against baseline configuration requirements and adherence to TDC Security Policy.  Works with project teams to assist with security related deliverables of limited complexity in a supporting role.  Assists management team with developing and maintaining information security policies and procedures and tracking compliance throughout the organization.  Role requires analyst to maintain security certifications to demonstrate command of knowledge in the security industry and to maintain up to date knowledge of security threats, vulnerabilities, exploits, and trends in the security environment and their impact to the IT systems. Work is closely managed.

Qualifications

• Associate degree (2 years college) or equivalent educational experience; and an expressed interest in Cybersecurity, Secure Systems Engineering and/or IT Governance Can substitute degree with additional certification from list below.
• One or more of the following certifications are required (2 w/o Associated Degree):
  • CEH: Certified Ethical Hacker
  • CompTIA Security
  • CompTIA Network
  • CompTIA Linux
  • (ISC)2 Associate (or higher)
  • GSEC: SANS GIAC Security Essentials.
  • CRISC: Certified in Risk and Information Systems Control
  • CIPP/US: Certified Information Privacy Professional/US
  • CISM: Certified Information Security Manager
  • CISA: Certified Information System Auditor
  • CISSP: Certified Information Systems Security Professional
  • CCNA: Cisco Certified Network Associate Security
  • CCNP: Cisco Certified Network Professional Security
  • C|HFI: Computer Hacking Forensics Investigator
  • Similar entry level certifications which cover cyber security may be leveraged.
• Demonstrated desire to complete future certifications in cybersecurity or other IT fields is required.
• Knowledge of enterprise identity management systems such as Active Directory, Azure Active Directory.
• Knowledge of Identity Management Lifecycle.
• Knowledge of managing and securing Microsoft Windows or Linux Operating Systems.
• Knowledge of NTFS file system permissions management and model.
• Knowledge of networking, routing, switching and firewalls.
• Knowledge of security, vulnerability, exploits, forensics, incident response.
• Knowledge of virtualization technologies, including VMware, desirable.
• Relevant background in programming in either PowerShell, Batch or Bash Shell
• Knowledge of relevant IT industry concepts, practices, standards and procedures.
• Ability to prioritize multiple projects and meet deadlines.
• Excellent oral and written communication skills.
• Ability to work with diverse personalities.
• Ability to read, analyze and interpret general business periodicals, professional journals, technical procedures, or governmental regulations.
• Ability to write comprehensive reports, business correspondence, and technical procedure manuals.
• Ability to effectively present information and respond to questions from groups of managers, clients, customers, and the general public.
• Ability to calculate figures and amounts such as discounts, interest, commissions, proportions, percentages.
• Ability to define problems, collect data, establish facts, and draw valid conclusions. Ability to interpret an extensive variety of technical instructions in mathematical or diagram form and deal with several abstract and set variables.
• (2 - 5 ) years’ experience supporting technical environments required. Experience may include servers, networking, telephonic, and/or storage systems.
• (2 - 5 ) years’ experience building, administrating, and monitoring systems in a multi-site network environment with more than 500 users preferred.
• Ability to be on-call to support security incident response scenarios that may occur outside of standard business hours.
• Willingness to occasionally work outside of business hours to support project teams and perform assigned system maintenance tasks in order to minimize business interruptions.

Salary Range: $82,328 - $101,670

Responsibilities

Identity and Access Management

• Leverage and maintains identity and access management systems, workflows, and policies designed to provision and decommission user and system accounts. 
• Following the principle of least privilege, grant individual users and departments access to applications, data, or networks.

Monitoring and Operations of Security Systems

• Responsibilities also include proactively monitoring the health of security systems, analyzing and troubleshooting system issues as they occur, documenting system designs, data flows, standard operating procedures, and system health validation documents. 
• Monitoring and responds to real-time security system alerts and service tickets to protects against unauthorized access, modification, or destruction of corporate data and systems.. 

 Vulnerability and Patch Management

• Assist in vulnerability identification and remediation on systems and configurations within all internal and external systems. 
• Assist in the installation of security patching on operating systems and applications, including application health and security posture validations.
• Assist in developing secure configuration designs leveraging vendor best practice recommendations for all internal and external systems.

Project Management & Execution

• Work with project teams on advanced, technical projects or business issues, requiring ability to learn state-of-the-art security infrastructure and best practices.
• Perform basic project management tasks such as task decomposition, basic time and cost estimating, scheduling, and basic reporting skills.

Security Risk Management

• Participate in risk management process, including cyber security assessments of both internal platforms, software, and 3rd party cloud systems.
• Work with team to present security findings to business partners and provide security requirements and recommendations for secure implementations

Compliance and Audit Management

• Review organizations adherence to TDC cybersecurity policies and defined standards. 
• Prepare audit reports describing any deficiencies or configuration issues identified during an audit.

Other Duties As Assigned

• Available for all duties, accepts delegated tasks readily and completes assigned duties as directed.

Salary Range: $87,171 - $101,700

Compensation varies based on skills, knowledge, and education. We consider factors such as specialized skills, depth of knowledge in the field, and educational background to ensure fair and competitive pay.

Benefits

We offer competitive compensation, incentive bonus plans, outstanding career opportunities, an exceptional work environment, and an impressive benefits package, which starts with medical, family and bereavement leave; same-sex domestic partner benefits; short- and long-term disability programs; and an employee assistance program. There's more: 

• Health, dental, and vision insurance
• Health care tax-free spending accounts with a company match
• 401(k) and Roth IRA with company match, as well as catch-up plans for both
• Vacation days, sick days, and paid personal days each calendar year (with vacation increases based on length of service)
• Paid holidays each calendar year
• Life and travel insurance
• Tax-free commuter benefits
• In-person and online learning opportunities
• Cross-function career opportunities
• Business casual work environment
• Time off to volunteer
• Matching donations to qualifying nonprofit organizations
• Company-sponsored participation at non-profit events

About The Doctors Company

The Doctors Company is the nation’s largest physician-owned medical malpractice insurer. Founded and led by physicians, we are committed to advancing, protecting, and rewarding the practice of good medicine.

The Doctors Company is proud to be Certified™ by Great Place to Work®.

Salary : $82,328 - $101,670