Information Security Analyst

Your Opportunity 

As an Information Security Analyst, you play a critical role in protecting Vytalize from adverse events and developing incident response capabilities. Responsibilities involve assessing risks, identifying control weakness, conducting access reviews for the technology ecosystem, conducting awareness and training in accordance with the awareness and training program, monitoring vulnerability and software patching processes, assisting with incident response and disaster recovery planning and exercises.   Assisting and coordinating the information security assessments and audit. 

Incident Response  

• Assist in the development, maintenance, and test of the incident response plans to effectively address and mitigate security breaches or compliance violations. 
• Assist in the test of the business continuity plans and disaster recovery plan to effectively sustain business process and to effectively restore the operability of a system, application, or infrastructure to effectively restore the operability of a system, application, or infrastructure during and after a cyber incident disruption. 
• Coordinating and leading efforts to detect, analyze, and respond to security incidents and breaches. 

Identity and Access Management  

• Conduct both logical and physical access reviews for all information systems and physical security systems to identify non-compliance with the information security policies. 
• Summarize the access review and submit tickets for any corrective actions. 
• Monitor and track tickets to ensure timely completion. 
• Develop identity and access management procedures for the all the information systems and physical security systems to provide consistent processes. 

Risk Assessment and Audits  

• Maintain the cyber security risk register with the risks, risk ratings, risk mitigation strategies and action plans. 
• Prepare and distribute regular reports to management and stakeholders summarizing risk assessments, compliance status, risk treatments plans, and recommendations for improvement. 
• Assist with data gathering and coordination with the various teams for audits and risk assessments.  
• Regularly test the controls implemented to identify controls weaknesses or modifications. 

Training and Awareness 

• Conduct regular simulated phishing exercises to educate and detect malicious emails and other malicious events.   
• Schedule and conduct training to educate workforce members regarding cyber security best practices, regulatory compliance and other cyber security requirements. 
• Monitor the training campaigns to demonstrate the effectiveness of the training program and improve phishing detection and response. 

Vulnerability Management 

• Monitor remediation of the vulnerability assessment findings, including penetration test, application security test, and internal and external vulnerability scans.  
• Communication vulnerability assessment remediation and risks with IT and information security team members. 

Collaboration and Communication 

•  Collaborate with cross-functional teams 
• Communicate security risks, issues, and recommendations to senior management and stakeholders, advocating for investments in cybersecurity and risk mitigation initiatives. 

Qualifications  

• Work experience in healthcare information security field. 
• Previous Health Information Technology (HIT) experience implementing controls to meet federal security and privacy regulations. 
• 3+ years of relevant work experience in IT security in a complex enterprise environment, preferred 
• Demonstrated knowledge of information technology processes, risks, infrastructure, and information security. 
• Experience with incident response and vulnerability management. 
• Knowledge of Health Insurance Portability and Accountability Act (HIPAA), Health Information Technology for Economic and Clinical Health (HITECH), and Payment Card Industry Data Security Standards (PCI DSS). 
• Experience with information security assessments and audits. 
• Strong written and verbal communication skills 
• Ability to articulate complex issues to both technical and non-technical stakeholders. 
• Effective collaboration with stakeholders across departments and affiliated organizations. 
• Ability to analyze complex security issues and develop effective solutions. 
• Knowledge of security frameworks, cyber threats, and technology trends. 
• Detailed oriented 
• Preferred expertise in security assessment methodologies. 
• Ability to work effectively in a complex enterprise environment. 

Please note at no time during our screening, interview, or selection process do we ask for additional personal information (beyond your resume) or account/financial information. We will also never ask for you to purchase anything; nor will we ever interview you via text message.