Information Security Analyst II

GENERAL STATEMENT OF RESPONSIBILITY: Support the confidentiality, integrity, and availability of information under CRL’s control by developing, documenting, assessing, and executing security controls in partnership with system and network administrators under the standards set in CRL’s Corporate Compliance program.

Essential Functions:

·         Responsible for access management administration and support of multiple complex computer applications, directories and domains that encompass user lifecycle management (onboarding, transfers, offboarding, access reviews) and access to IT resources.

·         Remote access management, administration and configuration.

·         Train new hires and seasoned employees on security best practices, policies and procedures.

·         Configure and administer Privileged User Management system.

·         Promote awareness of applicable security standards, policy, and best practices across the enterprise.

·         Use a teaching/education approach to help users understand their risks and better protect information and systems.

·         Maintain relationship with badge access vendor, manage door access for employees and maintain systems to support campus access; including data center access.

·         Perform security assessments and vendor audits and complete documentation necessary to validate compliance with security requirements.

·         Use systems to monitor password compliance and address concerns when identified. Review and take appropriate action on EDR detections and incidents.

·         Analyze Microsoft Azure and M365 security and compliance findings and perform resolution planning.

·         Assist in User Behavior Analytics and File System Integrity monitoring and provide determinations of risk and steps to improve user and file security.

·         Analyze Application Vulnerabilities and perform resolution planning.

·         Utilize Environment Vulnerability System for analysis of new and existing vulnerabilities, compliance findings and perform resolution planning.

·         Perform DLP Analysis and provide recommendations for policy changes.

·         Assist with communication, implementation, and analysis of compliance to security policies, standards, and procedures.

·         Incident Response and event management, including Incident remediation, lessons learned, and process improvement.

·         Develop and run tabletop exercises to promote readiness of incident response.

·         Internal customer service related to access requests, troubleshooting, and problem resolution.

·         Administer and maintain Emergency Notification System.

·         Continuously improve skills and remain current on job-specific technical knowledge, and department projects through research, training courses, workshops, and other available training resources.

·         Maintain and protect the confidentiality of all CRL, CRL subsidiaries, legal entities and client information.

·         Be able to comply with all applicable federal, state, and local safety and health regulations that would apply to this job.

·         Keep work area neat and clean. Other duties as assigned.

Job Qualifications:

Education: Bachelor’s Degree in Information Systems, Computer Science, Information Security or a related technical discipline, or the equivalent combination of education, professional training or work experience.

Experience:

·         3 years of IT security or information security experience with ability to engage with internal customers and management.

Skills & Abilities:

·         Knowledge of regulatory/legal compliance procedures, industry best practices and frameworks related to HIPAA.

·         Experience with antivirus, detection and response systems.

·         Exposure to Microsoft Azure and M365 Security and Compliance.

·         Experience working with vulnerability monitoring platforms and understanding environment security and stability risks when proposing resolutions.

·         Experience with Application vulnerability monitoring.

·         Understanding of DLP systems and policies.

·         Strong work ethic, problem solving skills, customer service orientation, and proven dependability.

·         Good communication skills; well-developed interpersonal skills, teamwork, and collaboration attributes.

·         Creative problem-solving, analytical, and organizational skills.

·         Self-motivation and ability to successfully complete projects and provide support with little supervision.

·         Assist in drafting and revising deliverables including reports, correspondence, presentations, policies, and procedures.

·         Excellent writing and editing skills with the ability to construct well-founded, clear, and concise analyses and recommendations.

·         Strong attention to detail and analytical skills.

·         Ability to interpret complex information, solve problems, and manage multiple tasks.

·         Ability to be at work and on time

·         Ability and judgment to interact and communicate appropriately with other employees, clients and management

PHYSICAL REQUIREMENTS: The physical demands described here are representative of those that must be met to successfully perform the essential functions of this job. Reasonable accommodations may be available to enable qualified individuals with disabilities to perform the essential functions.

The following physical attributes are required for this position:

·         Sitting for extended lengths of time

·         Close vision requirements due to computer work

·         Repetitive use of hands, fingers, wrists, and elbows for operating a computer and telephone

·         Light lifting, up to 10 pounds

EQUIPMENT: Personal computers, midrange systems, and communications equipment.

OTHER: Overtime and weekend work as necessary according to workload and/or projects; occasional travel is required; this is an “on-call” position requiring the use of wireless phone for after-hours contact.

The employer shall, in its discretion, modify or adjust this position to meet the company’s changing needs.

This job description is not a contract and may be adjusted as deemed appropriate in the employer’s sole discretion.

·         denotes essential job function

 

An Equal Opportunity Employer

Pay Range: $55,000 - $120,000

Benefits for Full Time Employees:

• Medical, Dental, Vision
• Life/AD&D
• Supplemental Life/AD&D
• Section 125 FSA Plan
• 401(k)
• Short and Long-Term Disability
• Paid Time Off
• Holidays
• Tuition Reimbursement