Senior Information Security Analyst

Job Description

Job Description

Community health is about more than just vaccines and checkups. It’s about giving people the resources they need to live their best lives.

At Neighborhood, this is our vision. A community where everyone is healthy and happy. We’re with you every step of the way, with the care you need for each of life’s chapters.

At Neighborhood, we are Better Together.

As a private, non-profit 501(C) (3) community health organization, we serve over 506,563 medical, dental, and behavioral health visits from more than 96,867 people annually.

We do this in pursuit of our mission to improve the health and happiness of the communities we serve by providing quality care to all, regardless of situation or circumstance.

We have been doing this since 1969 and it is our employees that make this mission a reality. Regardless of the role, our team focuses on being compassionate, having integrity, being professional, always collaborating, and consistently going above and beyond.

If that sounds like an organization you want to be a part of, we would love to have you.

The role of a Senior Information Security Analyst is to provide the highest level of expertise to the organization in the realm of information risk management and cyber defense.

The individual is a key resource for crafting policy, standards, process, controls, and consulting on IT system design. In addition the Sr ISA will service as the subject matter expert and consultant in the definition and management of standards, processes, and reporting that is part of the data security program.

The Sr ISA will work with various technical and non-technical stakeholders on the most challenging arenas of organizational risk.

The Individual will be an active participant in the crafting and maintenance of incident management processes and playbooks, while also staying aware of the latest changes in cyber threats and use that knowledge to inform process change within the data security program.

Senior Information Security Analysts serve as a leader on the Neighborhood Healthcare cybersecurity team and in the IT department supporting initiatives that protect the confidentiality, integrity, and availability of information systems and assets including data.

The individual will be a willing spokesperson in developing and maturing data protection strategies, policy, standards, and projects that support the Neighborhood Healthcare vision.

Responsibilities

• Lead the design of, and provide highest internal escalation support for, organizational security platforms and technologies.
• Lead design of the security of the organization's information and information assets.
• Lead process design and activities for IT audit.
• Optimize security related processes and continuous improvement efforts for security controls.
• Coach and mentor junior staff related to cybersecurity within the IT department.
• Perform the most difficult risk assessments.
• Lead Information security activities with representatives from different parts of the organization with relevant roles and job functions.
• Be an example of information security awareness to others in the organization.
• Lead communication with appropriate contacts with relevant authorities.
• Lead the coordination with appropriate contacts such as special interest groups or other specialist security forums and professional associations.
• Lead the identification of risks to the organization's information and information assets from business processes involving external parties and implement appropriate controls.
• Lead the addressing of security requirements after giving customers access to the organization's information or assets.
• Communicate and model the importance of organizational Information Technology policies, protocols, standards, and procedures.
• Support the Mission, Vision and Values of Neighborhood Healthcare.
• Embrace and supports the Performance Improvement philosophy of Neighborhood Healthcare with a focus on IT & Cybersecurity.
• Promote personal and patient safety.
• Be an example of effective customer service / interpersonal skills at all times.
• Perform other duties and responsibilities as assigned.

Relationship Management

• Under the general supervision of CISO or CIO. A working relationship with all Information Systems staff as well as compliance and regulatory departments must be maintained.
• A professional working relationship with staff from all organizational departments, other regional healthcare facilities, and hardware vendors must be maintained.

No managerial or supervisory responsibility.

Qualifications

Education / Experience

Must have one of the following :

• Associates degree with minimum 6 years relevant experience (preferably cyber defense / IT / business or healthcare emphasis)
• Bachelor’s degree with minimum 4 years relevant experience (preferably cyber defense / IT / business or healthcare emphasis)
• Experience in cybersecurity or risk management required
• Experience in information technology (IT)
• Experience in healthcare preferred

Certifications

• CISSP or HCISPP certification or equivalent and in good standing - required
• Certification related to the duties and responsibilities specified, - required ( including but not limited to CCSA, CCSE, CCNA, CCNP, CISA, HCISPP, MCSE, MCITP, and SANS GIAC)
• ITIL V3 Foundation preferred
• Other IT related professional certification preferred

Additional Qualifications (Knowledge, Skills and Abilities)

• Intermediate to Advanced knowledge of Microsoft Windows, and Office 365 -required
• Intermediate knowledge of Active Directory, PowerShell, Linux - required
• Accurately record process and work-related information to meet auditing requirements required.
• Familiar with regulatory and legal security standards and requirements such as HIPAA, HiTech, PCI DSS and Sarbanes-Oxley required
• Knowledgeable of cybersecurity frameworks including HITRUST CSF, NIST CSF, MITRE ATT&CK required o Knowledgeable of trusted cybersecurity resources such as CIS and OWASP - required
• Strong working knowledge cybersecurity concepts, methodologies and technologies including but not limited to virtual private networks;
• fire walls / routers / switches ; content filtering; intrusion detection / prevention systems (IDS / IPS) TCP / IP ports, DNS, DHCP, antimalware;

encryption / authentication ; vulnerability management - required

• Excellent verbal and written communication skills, including superior composition, typing and proofreading skills
• Ability to interpret a variety of instructions in written, oral, diagram, or schedule form
• Ability to successfully manage multiple tasks simultaneously
• Excellent planning and organizational ability
• Ability to work as part of a team as well as independently
• Ability to work with highly confidential information in a professional and ethical manner

Salary range : $110,700-$135,800 annually, depending on experience.