The IT Security Analyst monitors and reports on security status using various security tools combined with analytic methods that correlate across systems to provide actionable information to IT and executive management on status and emerging threats. The position also contributes to the information security policy maintenance; assists with design of security policy education, training, and awareness activities; monitors compliance with Company security policies, regulatory requirements, and applicable laws; coordinates assessment, investigation, and reporting of security incidents. The position will work collaboratively with IT security custodians, Support Services, Application Development, Compliance Office, Facilities, Human Resources, Operations, and Client resources to monitor, assess, and fine-tune business continuity and disaster recovery programs; coordinate and assess risk assessments of third party vendors, coordinate and assess network and application penetration tests, vulnerability and risk assessment reviews to maintain, SOX, HITRUST, HIPAA Security Rule, and PCI compliance.
Essential Duties and Responsibilities

• Responsible for administering risk management, threat management, and security monitoring tools.
• Monitor and consult on information security issues related to Company and 3 rd parties, and workflow to ensure security controls are appropriate and operating as intended.
• Lead and oversee execution of IT security projects for the Company.
• Participate in internal SOX, SOC, HIPAA, PCI, ISO, and HITRUST risk assessments.
• Coordinate and manage responses to information security incidents.
• Assist in the development and upkeep of Information Security policies, procedures, standards and guidelines based on research, knowledge of best practices and compliance requirements.
• Conduct data classification assessment and security audits, and manage remediation plans.
• Perform security management functions by taking actions to mitigate risks, recommending security strategies, and ensuring controls are implemented and functional.
• Provide security governance by serving as oversight to ensure risks are adequately mitigated, and by aligning security strategies with business objectives and regulatory requirements.
• Interact with IT, Compliance, Facilities, HR and Operations management, legal counsel, safety and security, and law enforcement agencies to manage security vulnerabilities.
• Promote user security awareness.
• Conduct security research in keeping abreast of latest security issues, technologies, and trends.
• Prepare security documentation, including Company notifications and Intranet web content; contribute to Information Security Bulletin on Pulse community website
• Contribute to weekly Security dashboard and management report to include the Company risk register, threat detections, compliance gaps, vulnerability exposures, and remediation activity tracker.
• Conduct periodic client-specific and enterprise service continuity/recovery testing.
• Actively participate in security and information protection communities, groups, and networks.

Other Duties and Responsibilities

• Responsible for compliance with all federal, state and local laws, rules and regulations affecting Company.
• Responsible for participating in quality assurance, compliance and in-service and continuing education activities as requested by Company.
• Responsible for performing other duties and responsibilities as required.

Requirements
Knowledge, Skills, and Abilities:

• Specific systems knowledge :
  • Microsoft operating systems, Active Directory security
  • Linux/Unix operating systems
  • Centralized anti-malware protection and system hardening
  • Cisco networking products (routers, switches, firewalls, UCS)
  • Data extraction and analytics, Excel formulas and pivot tables, CSV file manipulation
  • Database security controls: MS SQL, MySQL, Oracle, Informix, and/or Postgresql
  • Cloud security controls for Azure and Amazon Web Services
• General subject knowledge:
  • ITIL framework (change, incident, problem, configuration, asset, and service level management)
  • Project management methodologies
  • Information security standards and frameworks, rules and regulations related to information security and data protection (e.g. HIPAA, SOX, PCI, NIST, ISO, COBIT, etc.);
  • Principles for risk identification and analysis of desktops, servers, applications, databases, networks, and facilities.
• IT Security skills:
  • Secure application coding practices, IIS web technology
  • Ethical hacking practices
  • Remote access technology
  • Encryption best practices
  • Security Incident and Event Management
  • Intrusion detection and prevention
  • File Integrity Monitoring
  • Data Loss Prevention
  • Computer forensic investigation practices
  • VoIP security
  • Endpoint Detection and Response
• Essential abilities:
  • Strong analytical and problem solving capabilities.
  • Excellent communication (oral, written, presentation), interpersonal and consultative skills.