SUMMARY:

The IT Security Analyst is responsible for assessing information risk and facilitates remediation of identified vulnerabilities across the organization including network, systems and applications. Is responsible for coordination of IT and HIPAA audits, and the creation and maintenance of relevant policies and procedures. Is responsible for assuring that information created, acquired or maintained by the healthcare system and its authorized users, is used in accordance with its intended purpose, and protecting information and its infrastructure from external or internal threats.

EDUCATION:

• Bachelor’s Degree in Related Field or Education equivalent experience: Minimum of two (2) years in IT Security.

• Provisions electronic accounts for healthcare workers, creating or ensuring different security levels, giving different credentials to users according to their clearance levels.

• Helps with the development of information security policies, standards and practices to ensure systems are securely operated and supports compliance with regulatory requirements.

• Helps with the implementation of a variety of hardware and software solutions that ensure data protection.
• Installs software applications that filter network traffic to avoid unwanted intrusions.
• Helps with ongoing risk assessment program targeting information security and privacy matters; recommends methods for vulnerability detection and remediation and oversee vulnerability testing. Identifies risks by role, software, information type and other categories and defines acceptable and mitigation strategies. Documents and communicates policies, queries, vulnerabilities and current state.
• Escalates security issues with designated leadership, proposes innovative solutions to these issues, establish update schedules, and configure scripts to make processes faster during deployments.
• Helps construct security infrastructure.
• Assists with security checks in the infrastructure that helps deter hackers, spyware, and other malware from being installed in a computer.
• Monitors technologies and communications against information security policies and procedures to ensure compliance.
• Monitors company anti-virus software, mitigates end point infection, and communicates any suspected critical malware events to management.
• Work closely with other IT teams to report suspected security incidents.
• Helps with monitoring company networks to identify unauthorized use and potential security breaches from both internal and external sources environment.
• Helps with security awareness by providing orientation, educational programs, and on-going communication.
• Accomplishes information systems and organization mission by completing related results as needed.
• Keeps abreast of pertinent federal, and state regulations and laws and Tift Regional Health System, Inc. (“TRHS”) policies as they presently exist and as they change or are modified.
• Understands and adheres to: TRHS’ compliance standards as they appear in TRHS’s Corporate Compliance Policy, Code of Conduct and Conflict of Interest Policy; and HIPAA and TRHS policies regarding privacy and security of protected health information.
• Demonstrates the ability to perform tasks that meet the age-specific requirements of the persons, patients, vendors, and staff that the employee is charged to interact with as required by the position.
• Offers suggestions on ways to improve operations of department and reduce costs.
• Attends all mandatory education programs.
• Improves self-knowledge through voluntarily attending continuing education/certification classes.
• Maintains required competency levels as identified in written exams, skills checklists, skills labs, annual safety and health requirements as well as service excellence education hours requirements.
• Cross-trains in order to better assist co-workers and to provide maximum efficiency in the department.
• Volunteers/participates on hospital committees, functions, and department projects.
• Manages resources effectively.
• Reports equipment in need of repair in order to extend life of equipment and removes malfunctioning equipment out of service with timely reporting to the appropriate personnel.
• Makes good use of time so as to not create needless overtime.