Type: Full Time Employee
# of Openings: 1
We are seeking a IT Security Analyst for our IT Security group. The IT Security Analyst works with the Director of Security in supporting the overall IT Security program and is responsible for monitoring, managing and closing compliance issues while also ensuring that internal systems are compliant with security standards. In carrying out these functions, the Analyst responsibilities include the identification, evaluation and interpretation of regulatory and statutory security requirements, control deficiencies and information security risks. Additionally, the role is responsible for helping develop teammates, coordinating between IT groups, and providing Compliance and Risk minded judgments for new initiatives. The Analyst will help to solve complex problems through innovative and strategic thinking to align projects with the greater goals of Information Technology and the organization.
Accountabilities / Responsibilities
This position is primarily responsible for:
- Analyze management and technical controls to ensure that specific security and compliance requirements are met through the verification of documented processes, procedures and standards in order to validate maintenance of secure configurations.
- Track enterprise compliance across multiple security frameworks including HIPAA, SOX, and PCI maintain up-to-date records of requirements and corresponding mitigating controls, and recommending remediation actions where needed
- Monitor third-party risk assessments and assist in performing internal risk assessments.
- Collaborate on critical IT projects to ensure that security policy/risk issues are addressed throughout the project life cycle.
- Develop key performance metrics to track and ensure compliance with established policies and standards.
- Support development of security processes and procedures and support service-level agreements to ensure that security controls are managed and maintained.
- Participate in the development of security user awareness training for cyber security and privacy awareness
- Monitoring and advising on information security issues related to internal systems to ensure that security controls for the company are appropriate and operating as intended.
- Coordinating and executing IT security projects as directed.
- Assisting business units in identifying security requirements by using risk based and business impact assessments.
- Communicating with internal and external partners to enhance security awareness.
- Coordinating responses to information security incidents, and escalating as necessary.
- Developing, publishing and reviewing Information Security policies, procedures, standards and guidelines based on knowledge of best practices and compliance requirements.
- Collaborating with internal partners to manage security vulnerabilities.
- Adhering to company values at all times.
- Perform other related duties as assigned
This position is primarily responsible for, or having knowledge of:
- Common Information Security management/compliance frameworks, such as HIPAA, SOX, PCI, and NIST frameworks.
- Assessing and/or managing assessment of compliance and security gaps, providing remediation recommendations based on cost and other pertinent factors.
- Participating in cross functional Computer Security Incident Response Team (CSIRT) in the resolution of security related incidents.
- Security-related systems and applications, especially mainstream OS's (e.g. Microsoft Windows and Linux), network security appliances, identity and access management (IAM) systems, anti-malware solutions, automated policy compliance and desktop security tools.
- Network infrastructure, including routers, switches, firewalls and associated network protocols and concepts.
- Strong verbal and written communication skills
- Participating in cross-functional teams
- Translating business requirements into control objectives
- Information risk concepts and principles, as a means of relating business needs to security controls.
- DLP, email encryption, MAM, asset management, VMS, SIEM, IAM and other IT Security solutions is highly preferred.
- Bachelor's degree in information technology or related field required
- Five (5) to Eight (8) years of related experience
- Certified Information Systems Security Professional (CISSP, Certified Information Systems Auditor (CISA) and/or Certified Information Security Manager (CISM) certification or similar certification preferred
- Experience with Information Security management/compliance frameworks, such as HIPAA, SOX, PCI, and NIST frameworks.
- Ability to travel 10-15% both locally and non-locally
- Proactive, decisive, action-oriented individual
- Strong written and verbal communication skills
- Excellent interpersonal, leadership, collaboration, facilitation and negotiation skills
- Able to clearly explain technical issues in a way that nontechnical people can understand
- Ability to be broadly focused and manage multiple efforts concurrently
- Ability to work effectively with all levels of the organization; including staff, business stakeholders, and all levels of management, up to and including the CEO
We value Diversity, Inclusion, and Belonging at Surgical Care Affiliates: SCA is an Equal Employment Opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex (including pregnancy), age, national origin, disability and genetic information, or any other characteristic protected by law.
UnitedHealth Group is a drug - free workplace. Candidates are required to pass a drug test before beginning employment.
#DP #SCA #SurgicalCareAffiliates
SCA, a leader in the outpatient surgery industry, strategically partners with health plans, medical groups and health systems across the country to develop and optimize surgical facilities. SCA operates more than 210 surgical facilities, including ambulatory surgery centers and surgical hospitals, in partnership with approximately 7,500 physicians. For more information on SCA, visit www.scasurgery.com.
Surgical Care Affiliates