Information Security Analyst III

GENERAL STATEMENT OF RESPONSIBILITY:  Support the confidentiality, integrity, and availability of information under CRL’s control by developing, documenting, assessing, and executing security controls in partnership with system and network administrators under the standards set in CRL’s Corporate Compliance program.

ESSENTIAL FUNCTIONS: 

• Administer Information Security systems; assess information risk, and identifying and remediating vulnerabilities for IT security across the enterprise.
• Incident Response and event management, including Incident remediation, lessons learned, and process improvement.
• Remote access management, administration and configuration.
• Internal customer service related to access requests, troubleshooting, and problem resolution.
• Promote awareness of applicable security standards, policy, and best practices across the enterprise.
• Monitoring, evaluating, and maintaining IT security compliance projects.
• Protect critical information assets from internal and external threats and vulnerabilities.
• Ability to configure, tune, and monitor SIEM, IDS, or IPS systems to reduce false-positives.
• Administer and maintain Emergency Notification System.
• Continuously improve skills and remain current on job-specific technical knowledge, and department projects through research, training courses, workshops, and other available training resources.
• Maintain and protect the confidentiality of all CRL, CRL subsidiaries, legal entities and client information.
• Be able to comply with all applicable federal, state, and local safety and health regulations that would apply to this job.
• Keep work area neat and clean.

Other duties as assigned.

JOB QUALIFICATIONS:

EDUCATION:  Bachelor’s Degree in Information Systems, Computer Science, Information Security or a related technical discipline, or the equivalent combination of education, professional training or work experience.

EXPERIENCE: 

• 3 years of IT security or information security experience with ability to engage with internal customers and management.
• 2 years of experience conducting incident response remediation.

SKILLS & ABILITIES: 

• Knowledge of regulatory/legal compliance procedures, industry best practices and frameworks related to HIPAA.
• Experience with IPS/IDS, SIEM technologies, internet monitoring, and data loss prevention.
• Project management skills or experience working within Information Security project implementations.
• Strong work ethic, problem solving skills, customer service orientation, and proven dependability.
• Good communication skills; well-developed interpersonal skills, teamwork, and collaboration attributes.
• Creative problem-solving, analytical, and organizational skills.
• Self-motivation and ability to successfully complete projects and provide support with little supervision.
• Ability to analyze legal or regulatory requirements.
• Assist in drafting and revising deliverables including reports, correspondence, presentations, policies, and procedures.
• Excellent writing and editing skills with the ability to construct well-founded, clear, and concise analyses and recommendations.
• Strong attention to detail and analytical skills.
• Ability to interpret complex information, solve problems, and manage multiple tasks.
• Ability to be at work and on time
• Ability and judgment to interact and communicate appropriately with other employees, clients and management

PHYSICAL REQUIREMENTS:  The physical demands described here are representative of those that must be met to successfully perform the essential functions of this job. Reasonable accommodations may be available to enable qualified individuals with disabilities to perform the essential functions.

The following physical attributes are required for this position:

• Sitting for extended lengths of time
• Close vision requirements due to computer work
• Repetitive use of hands, fingers, wrists, and elbows for operating a computer and telephone
• Light lifting, up to 10 pounds

EQUIPMENT:  Personal computers, midrange systems, and communications equipment.

OTHER:  Overtime and weekend work as necessary according to workload and/or projects; occasional travel is required; this is an “on-call” position requiring the use of wireless phone for after-hours contact. 

The employer shall, in its discretion, modify or adjust this position to meet the company’s changing needs.

This job description is not a contract and may be adjusted as deemed appropriate in the employer’s sole discretion.

• denotes essential job function

An Equal Opportunity Employer

Pay Range: $60,000 - $140,000

Benefits for Full Time Employees:

• Medical, Dental, Vision
• Life/AD&D
• Supplemental Life/AD&D
• Section 125 FSA Plan
• 401(k)
• Short and Long-Term Disability
• Paid Time Off
• Holidays
• Tuition Reimbursement