Cyber Security Analyst
6-month Contract - 3 Openings
JOB SUMMARY / PURPOSE
The Corporate Responsibility (CRP) Privacy and Information Security Analyst II will contribute to the organization’s mission and vision by assisting the Manager CRP, Information Security Oversight, and other CRP Analysts with the development and monitoring of the organization-wide CRP Information Security program. This individual will monitor, research, and respond to inappropriate leakage and use of confidential information. This position will focus on Data Loss Prevention in key threat vectors including: email, end points, and confidential data storage.
Required Minimum Knowledge, Skills, Abilities, and Training
- Minimum of 4+ years of experience in information services including three (3) years in systems security, including maintenance and use of security products in a distributed enterprise environment, and experience in compliance with federal security regulations.
- Minimum of two (2) years experience in healthcare or security consulting.
- Experience deploying and working with data loss prevention tools such as Symantec, McAfee, etc.
- Experience in systems security with certification, maintenance and use of security products in a distributed Microsoft Windows enterprise environment.
The CRP Privacy and Information Security Analyst II performs risk assessments and reviews to identify key corporate information security and privacy risks that affect the confidentiality, integrity and availability of electronic protected health information and other company confidential data. This individual conducts reviews of existing systems and technical processes to evaluate whether appropriate information security controls exist.
The CRP Privacy and Information Security II position requires a good understanding of the enterprise and market level business, information security and privacy practices, and information protection/security applications at the application, endpoint, server, and network infrastructure level.
This position works closely with Information Security Officers, Privacy Officers and Officials, IT Cybersecurity personnel, ITS application and network personnel at all levels of the organization. This position requires excellent verbal and written communication skills.
ESSENTIAL KEY JOB RESPONSIBILITIES
1. Provides Tier I and Tier II support to the company Data Leakage Prevention (DLP) and Information Governance (IG) Program. Monitors and resolves incidents involving confidential information within defined Service Level Agreements. Under guidance from Manager, CRP Information Security Oversight and Senior Analysts, conducts investigations and reports on inappropriate use of proprietary confidential information.
2. Exercises judgment within defined practices and policies in engaging and providing guidance to end users, business teams, and Division Information Security Officers and Division Privacy Officers regarding moderately to highly complex DLP and IG issues.
3. Prepares reports and metrics on key aspects of DLP and IG program including data in use, data in transit, and data at rest. Provides Manager, CRP Information Security Oversight with process improvements and program enhancements and, under direction, develops and documents new workflows.
4. Monitors and analyzes information from multiple applications/resources to identify information privacy and security risks and compliance gaps as related to the protection of confidential information. Prepares actionable recommendations and works with Cybersecurity, ITS, and business teams to remediate identified risks and ensure compliance with company policies and standards.
5. Works as an intermediary with Cybersecurity and ITS teams in identifying and prioritizing remediation of information security risks and compliance gaps.
6. Under the guidance of Manager CRP, Information Security Oversight and Senior Analysts, conducts privacy, information security reviews, and risk assessments/compliance reviews for major programs in coordination with ITS, Cybersecurity, and other functional groups.
7. Under the guidance of Manager CRP, Information Security Oversight and Senior Analysts, performs assessments of current security technology, authentication systems, and data loss prevention tools and evaluates against HIPAA, Federal and State Information Protection and Privacy regulations, company Cybersecurity policies/standards, and other relevant regulations pertaining to the protection of confidential information.
Health care industry experience and general understanding of HIPAA and federal security regulations preferred.
Knowledge of federal, state, and local laws and regulations regarding data protection is favorable.
Experience working in a Security Operations Center (SOC) highly desired.
Required Licensure and Certifications Certified Information Systems Security Professional (CISSP) or Certified Information Systems Auditor (CISA) required. May substitute an equivalent combination of education or experience.