Information Security Analyst

Summary: Protects computer assets by establishing and enforcing system access controls, maintaining disaster preparedness.

Position Description
MAJOR FUNCTION:

Protects computer assets by establishing and enforcing system access controls, maintaining disaster preparedness.

QUALIFICATIONS:

Education & Experience:

• Bachelor's degree, technical school certification or equivalent experience in Information Technology required.
• At least 5 years' experience working within complex system environments (e.g. directory services, email, VPNs, heterogeneous desktop and mobile operating system) or at least 2 years of information security specific experience.
• HIPAA compliance experience preferred.
• System administration experience on currently supported Windows and Linux operating Systems.

Certification/Licensure:

• Security certification SEC+ preferred CEH preferred.

Knowledge & Skills:

• Working knowledge of all aspects of Infrastructure technology, including networking, servers, storage, logging, and security appliances; hands-on experience would be preferred.
• Solid understanding of standard business processes including Change Management, Problem Management, Work Prioritization, Quality Assurance, and Continuous Improvement best practices.
• Self-motivated to be well informed of emerging security products, services, and standards with the goal of recommending appropriate tech and processes that move forward the continuous improvement.
• Strong knowledge of policies, procedures, audits, and risk management
• Skilled in information technology, including operating systems, networking, application architecture, and malware prevention controls.
• Software programming skills (C/C++, Java, .Net, Python, etc.).
• Ability to train and present to small and large audiences or has the interest in learning to train and present.
• Understanding of enterprise security technologies including DLP, antivirus, vulnerability and patch management, IPS, and email protection gateways.
• Strong verbal and written communication skills.
• Establishes system controls by developing framework for controls and levels of access; recommending improvements.
• Maintains access by providing information, resources, and technical support.
• Ensures authorized access by investigating improper access; revoking access; reporting violations; monitoring information requests by new programming; recommending improvements.
• Safeguards computer files by performing regular backups; developing procedures for source code management and disaster preparedness; recommending improvements.
• Develops security awareness by providing orientation, educational programs, and on-
• going communication.
• Updates job knowledge by participating in educational opportunities; reading professional
• publications; maintaining personal networks; participating in professional organizations.
• Accomplishes information systems and organization mission by completing related results as needed.
• Provides support to the Security Administrators, PC Technicians, and the IS Support
• Center with Security projects and problem resolution.
• Participate in security related audits, assessments, and tabletop exercises.
• Work directly with Managed Service Providers on projects and incident resolution.
• Provides secure data transfer solutions for customers, including but not limited to secure FTP, encrypted USB devices, and encrypted email.
• Provides end-user security awareness training (GEO, department meetings, etc.).
• Assists with security incident handling, audits, and investigations.
• Responsible for standard support of security solutions including daily system checks.
• Work with Information Security Manager and ISA II to test and evaluate new technology.
• Responsible for system configuration changes based on playbooks to support our workforce requirements while meeting security standards. Examples include firewall rule creation, email gateway rules, DLP rules, etc.
• Responsible for properly utilizing the customer service software and adhering to all policies and procedures related to the sue of the software.
• Adheres to IS business practices.

Education: Bachelors

Skills and work experience:

Working within complex system environments (e.g. directory services, email, VPNs, heterogeneous desktop and mobile operating system) or at least 2 years of information security specific (5 years)

HIPAA compliance experience

System administration experience on currently supported Windows and Linux operating Systems

Salary range from 69-87K