Information Security Analyst
Information Security Analyst
GoHealth has an ambitious mission: to improve the health care system in America. Achieving this mission relies on hiring and developing great people, which is why our team is our top priority. We encourage employees to do their best work through innovation and risk taking. Our environment is fun yet constructive, thanks to leaders whose doors are always open. And most importantly, we’ll never stop investing in you and your career.
Job Description
The Information Security Analyst will help support GoHealth’s Information Security program and help provide day to day management, support and hands-on execution of our security initiatives. In this role, he or she will help implement and coordinate the security efforts across the company.
Responsibilities:
- Develop and implement effective policies and practices to protect sensitive customer data and corporate assets.
- Ensure compliance with security standards, governmental regulations and company policies through development and management of training programs and periodic security audits.
- Provide input in assessing and evaluating information security risks and monitor compliance with security standards and appropriate policies.
- Keep abreast of security incidents and assist in issue management during significant information security incidents. Convene the necessary incident response teams for the purpose of addressing and investigating security incidences that arise.
- Examine impacts of new technologies on the company’s overall information security. Help establish processes to review implementation of new technologies to ensure security compliance.
- Evangelize security within the company and provide security advice and guidance to all departments.
- Provide accurate and timely reporting on all project deliverables.
- Manage all partner and customer security needs during the RFP process, technical due diligence, or as part of ongoing interactions.
- Assist in internal and external audits to ensure adequate controls are in place to support ISO 27001 and HITRUST compliance certifications.
- BS or MS in Computer Science, Information Systems or related field.
- Professional certifications such as SSCP, CISSP, CISM or CISA
- Experience with HIPAA , HITRUST , ISO 27001 , PCI-DSS , SOC2 reporting or SOX compliance is a strong plus.
- Knowledge of network-based and system-level attacks and mitigation methods, as well as knowledge of application level attacks; especially web applications and their mitigation methods.
- Must be an excellent communicator who can effectively work with all management teams and articulate security-related concepts to a broad range of technical and non-technical staff.
- Should have experience conducting and/or assisting with formal audits in support of an Information Security Management System or certifications.
- Experience with business continuity planning, auditing, and risk management, as well as third-party security management.
- Must be able to effectively evaluate security and compliance requirements, understand their impact on the business, and design creative security solutions that are not disruptive to the business.
- Minimum of 1-2 years of directly supporting an information security management program.
- Minimum of 3 years of cumulative experience in at least two security specific domains.
- 3-5 years of prior experience in a hands-on IT operational role such as network or systems engineering is a nice-to-have.