JOB SUMMARY

The Information Security Analyst is responsible for the operations, administration, and governance of the enterprise security solutions and processes.

EDUCATION

High School diploma or equivalent
Bachelor’s degree in Business, Computer Science, Management Information Systems, or related field. In lieu of degree, minimum five (5) years’ relevant experience will be considered.

EXPERIENCE

Minimum three (3) years’ experience conducting various system audits and working with external vendors, conducting information security risk assessments and/or experience related to information security, business continuity, or disaster recovery.
Knowledge of at least one (1) common information security management framework, such as HIPAA, HITRUST, ISO/IEC 27001, ITIL, NIST, COBIT, and/or ITL.
System analysis experience preferred.
Project management experience preferred.
Data testing and/or software application testing preferred.

PREFERRED SKILLS

Sailpoint
Okta

SKILLS

• Active Listening • Business Compliance • Computer Literacy • Coordinating Resources • Critical Thinking • Deductive Reasoning • Interpersonal Relationship Management • Operations Coordination • Oral Communications • Problem Sensitivity • Process Improvements • Systems Analysis • Time Management • Written Communication

SECURITY REQUIREMENTS

This position is identified as level three (3). This position must ensure the security and confidentiality of records and information to prevent substantial harm, embarrassment, inconvenience, or unfairness to any individual on whom information is maintained. The integrity of information must be maintained as outlined in the company Administrative Manual.

ADA REQUIREMENTS

2.1 General Office Worker, Semi-Active, Campus Travel - Someone who normally works in an office setting or remotely, periodically has lifting and carrying requirements up to 40 lbs and routinely travels for work within walking distance of location of primary work assignment as essential functions of the job

RESPONSIBILITIES

• Asset Security: Provides guidance and policy expertise for data security, specifically regarding data classification, data storage, data transmission, and data lifecycle. Sets baseline configurations and monitor data governance. Sets policy and enforcement on security standards, such as file permissions, encryption, cloud data security, network assets, endpoint requirements, and others. • Communication and Network Security: Provides/supports network monitoring solutions within SOC/SIEM implementation. Handles initial incident response functions. Provides limited consultation to support elements within this domain. Oversees implementation, configuration, maintenance, and changes for all network security capabilities and assets. • Identity and Access Management: Provides account security management and control across all account security systems. Manages privileged access management entitlement review/approvals. Conducts usage audits, verify removal and retired accounts, approve launcher requests, and provides end user support. Creates, modifies, deletes, and retires member accounts. Manages role entitlement process. Maintains Workday integration. Manages access management application/system updates and testing. • Performs other duties as assigned. • Security and Risk Management: Provides guidance to business partners for all information security-related issues and identified security risks. Creates, manages, and enforces information security policy. Provides oversight of framework compliance. Manages enterprise audit remediation and CAP management. Manages vulnerability management plan. Conducts anti-phishing campaigns. Conducts and manages the security awareness and training program. Manages the third party risk management program. • Security Architecture and Engineering: Ensures information security is designed with confidentiality, integrity, and access in mind. Sets security requirements. Ensures system redundancy and fault tolerance. Sets standards for mobile and web security. Ensures security of IoT devices. • Security Assessment and Testing: Provides requested evidence/artifacts for all security-related assessments/audits. Coordinates and schedule security assessments required of the Enterprise. Coordinates and ensures the quality of outside vendor-provided security assessments, risk assessments, and penetration testing of enterprise assets • Security Operations: Applies information security concepts, techniques, and best practices to support incident response plans and capabilities. Conducts and supports investigations, conducts logging and monitoring activities, securely provisions resources, tests disaster recovery plans, and addresses personnel safety and security concerns. • Software Development Security: Provides technical consultation as required. Oversees the static and dynamic scanning of internally developed software within the company and provide reports to ensure proper remediation of code vulnerabilities. Reviews SDLC documentation to ensure compliance with established company and regulatory standards as applicable. • This is an all-inclusive responsibility listing for all levels of Information Security Analyst. Incumbent is responsible for:
(Role) – Proficiency in three (3) security components:

SEGREGATION OF DUTIES

Segregation of duties will be used to ensure that errors or irregularities are prevented or detected on a timely basis by employees in the normal course of business. This position must adhere to the segregation of duties guidelines in the Administrative Manual.