Job Description – Security Analyst
Our top-notch Information Security team quickly finds and responds to real time threats. These critical thinkers have a hunger to keep ahead of new exploits and security trends. They protect the vast trove of valuable data that passes through our servers each day. As a part of Information Security team, you’ll continue to uphold our reputation for integrity in this growing and ever-changing field.
The Security Analyst performs entitlement reviews, conducts information security assessments, compliance reviews, incident response and overall cyber security posture of TCUS. While the primary focus of this position will be HIPAA security, it is not limited to HIPAA.
Implement controls and solutions to address information security issues
Support information security activities that help reduce operational IT and information security risks
Undertake entitlement reviews on a consistent basis
Keep current on federal, state and local regulations, especially related to privacy regulations such as HIPAA, GDPR, etc.
Regularly provide and modify HIPAA documentation to accommodate any/all new regulatory requirements and related updates for inclusion in Information Security and Compliance related policies, procedures, standards and guidelines.
Coordinate and communicate any changes to policies or procedures of affected departments as a result of HIPAA regulatory updates.
Create a system that tracks our HIPAA compliance for various software and services, including new and updated BAA’s for software used in HIPAA regulated areas. This system should allow review by the CISO, the IT change/software manager, and by departments that are most significantly affected by HIPAA.
Work with CISO to coordinate the development of training material to help employees understand current and new HIPAA regulation and how it will impact their organizational duties
Work with CISO to perform HIPAA compliance audits against institutionally accepted security controls.
Record and prepare reports on IT security incidents using CISOBOX, including but not limited to compromised accounts, e-mail threats, and abuse reports from various sources.
Provide first level compliance monitoring and investigations.
Assist with applications/tools including but not limited to IPS, e-mail gateway protection, and DLP tools.
Other responsibilities, as assigned by CISO.
Bachelor’s degree in computer science, or equivalent
Minimum 3 years’ relevant information security or it audit related experience
Familiarity with information security standards and industry best practices, network and security protocols, including firewalls, TCP/IP and other network administration protocols,
Administration of security tools and comfortable with performing hands on maintenance and backups, where required.
Must be detail oriented
Must be advanced with Microsoft Excel and Word.
Must have strong writing skillsets.
Must have an information security skillset with managerial mindset
Possess knowledge of HIPAA-related rules and regulations as well as administrative and organizational systems.
Maintain good (digital) citizenship.
Uphold, enforce, and abide by all institutional policies.
Must be proactive and able to juggle multiple assignments.