Information Security Analyst I

Primary City/State:

Phoenix, Arizona

Department Name:

IT Threat & Vulnerability Mgmt

Work Shift:

Day

Job Category:

Information Technology

Find your Voice, Passion, & Purpose

POSITION SUMMARY
This position is responsible for implementation of information security policies, standards, and procedures on all organizational information systems.  This position is also responsible for auditing user access, security logs and user permissions.  Duties include developing security processes, participating in security investigations, and maintaining documentation.  This position supports and maintains the information security infrastructure, including both applications and networking components. This position performs ticket focused tactical incident support, monitors Security Operation Center (SOC) communications and audits Information Technology (IT) controls. Performs all functions according to established policies, procedures, regulatory and accreditation requirements, as well as applicable professional standards.

CORE FUNCTIONS
1. Conducts and participates in security reviews, evaluations, and risk assessments, assisting in the development and implementation of appropriate recommendations.  Participates in the handling of security incidents, recoveries, breaches, intrusions, and system abuses.

2.  Analyzes the company's information security architecture, including hardware and software components, with the objective of standardizing security throughout company’s infrastructure.  Maintains Information Security controlled applications/systems, updating and monitoring for compliance.

3.  Evaluates and assists in the development of security policies and procedures.  Evaluates security risk assessments of new systems and upgrades to determine impact to Information Security/Risk Management and the enterprise.

4.  Provides technical expertise and support for security software, including operational aspects of the software.  Participates in, and on occasion, leads information security projects, including the development of project scope requirements, budgeting, and project planning.

5.  Provides guidance, direction, and oversight for compliance with all federal, state, and local mandated information security laws, rules, and guidelines. Remain current with the latest industry technical information.

6.  Performs audits of users’ system access and work areas.  Performs audits of endpoint security controls.  Mitigates any issues with systems that are not in compliance.  Monitors anti-virus/malware systems, DLP, encryption, network logs, and users’ Internet access.

7. Participates in problem resolution and incident support. Investigates security incidents that may negatively impact the company (including hacking attempts, intrusions, virus infections, mishandling of information, and other security threats); provide support during large incidents and investigations; participate in threat hunting activities.

8. Monitors Service Operations Center (SOC) communications from Information Security applications.

MINIMUM QUALIFICATIONS

• Associates degree in Information Security, Computer Information Systems, or another relevant field, or have equivalent education and experience.

• One (1) year of relevant experience of any combination of IT, Information Security, Compliance, or Risk Management experience.

• Certification in one of the following areas within in one year of entering the position: Certified Information Systems Security Professional (CISSP), Systems Security Certified Practitioner (SSCP), HealthCare Information Security & Privacy Practitioner (HCISSP), Payment Card Industry - Internal Security Assessor (PCI-ISA), CompTIA Security+, HIPAA Security, Information Security Technology Fundamentals, Internet Security or ITAA Information Security Awareness.

• Must demonstrate general knowledge of information technology and healthcare.

• Needs experience in small scale project planning and reporting either individually or in a team.

• Requires communication and presentation skills to engage technical and non-technical audiences.

• Requires ability to communicate and interact across facilities and at various levels. As is typical in this industry, variable shifts and hours and carrying/responding to cell phone may be required.

PREFERRED QUALIFICATIONS

• Palo Alto and endpoint product experience

• Firewalls, Network-based Intrusion Prevention System (NIPS), and web filter experience

• Vulnerability scanning and patch management experience

• Security Information and Event Management (SIEM) experience

• Windows & Linux experience

• HIPAA, PCI-DSS, or previous healthcare experience

• Security+, GIAC Security Essentials (GSEC), Associate of (ISC)2, CompTIA A+ and/or Network+ certification and training

• Additional related education and/or experience.  

 

EEO Statement:

EEO/Female/Minority/Disability/Veterans

Our organization supports a drug-free work environment.

Privacy Policy:

Privacy Policy