Cyber Security Analyst

Company Overview

#LI-Remote

Shriners Children’s is an organization that respects, supports, and values each other. We are engaged in providing excellence in patient care, embracing multi-disciplinary education, and research with global impact. We foster a learning environment that values evidenced based practice, experience, innovation, and critical thinking. Our compassion, integrity, accountability, and resilience define us as leaders in pediatric specialty care for our children and their families.

All employees are eligible for medical, dental and vision coverage on their first day! In addition, upon hire all employees are eligible for a 403(b) and Roth 403 (b) Retirement Saving Plan with matching contributions of up to 6% after one year of service. Employees in a full-time or part-time status (40+ hours per pay period) will also be eligible for paid time off, life insurance, short term and long-term disability and the Flexible Spending Account (FSA) plans. Additional benefits available to full-time and part-time employees include tuition reimbursement, home & auto, hospitalization, critical illness, pet insurance and much more! Coverage is available to employees and their qualified dependents in accordance with the plans. Benefits may vary based on state law.

Job Overview

The Cyber Security Analyst is responsible for managing service requests, monitoring and tracking security controls, detecting breaches, and mobilizing responses. The Cyber Security Analyst I will work more with senior team members and the Manager, Cyber Security, to provide support to Control Owners and Business Owners. Some examples of roles include:

• Service Delivery
• Security Analysis
• Information Security
• Information Technology
• Basic Compliance Analyst

The Cybersecurity Analyst I serves as an escalation point/subject matter expert within the cybersecurity team for issues related to their assigned role. This translates to four focus areas:

• Server Cybersecurity
• Network Cybersecurity
• Cybersecurity Monitoring
• Governance Risk and Compliance

The Cyber Security Analyst I does not implement and operate systems outside of those owned by the Cybersecurity team to allow independence when evaluating gaps. However, they must possess sufficient knowledge to give them the ability to approve and recommend control changes.

In addition, this position leads at least two simultaneous projects and/or programs, including service management, overcoming obstacles with direction from more senior team members. They may be called upon to coordinate with vendors to prepare for the annual budget and purchase order requests with the assistance of the Manager Cybersecurity. This will often require assistance from the team or manager as well as coordination with other teams such as the Server and Network Telecom team.

Responsibilities

Policies and Procedures

• Ensures that the security policies and procedures are followed to secure information at rest or in motion.
• Ensures proper reporting of information security violations, control weaknesses or potential violations to the appropriate stakeholders and documentation in the GRC System.
• Participates in the creation of standards relevant to the programs they oversee.

Program/Service Management

• Leads (based on assigned role) or participates in two or more programs. These programs can include (but are not limited to:
• Service Management
• Incident response
• Governance risk and compliance
• Data loss prevention
• Cloud security
• Third party risk management

Project Management

• Constantly delivers minor projects on time and under budget, renegotiating timelines with stakeholders.
• Develops/implements corrective action plans for resolution of problematic issues.
• Provides general guidance on how to avoid or deal with similar situations in the future.
• Effectively communicates with stakeholders.
• Provides sufficient documentation and inclusion of capabilities to facilitate a smooth transition when roles change.

Administrative

• Identify and attend sufficient training to maintain and advance their knowledge.
• Contributes to a work environment that encourages knowledge of, respect for, and development of skills to engage with those of other cultures or backgrounds.
• Develops and vets plan with supervisor to prioritize and accomplish tasks over a rolling 12-month period.
• Develops relationships with internal customers and partners and negotiates roles and responsibilities, engaging manager when needed to resolve larger issues.
• Uses soft skills to minimize disagreements, promotes teamwork, and provides a customer service attitude to Business and Control Owners.
• Remains competent and current through self-directed professional reading, developing professional contacts with colleagues, attending professional development courses, attending training, conferences, and/or courses as directed by the supervisor.
• Obtaining certifications relevant to job duties. Contributes to the overall success of the organization by performing all other duties and responsibilities as assigned. Provides clear and complete documentation that describes events, reasoning and conclusion, in a way that facilitates recall several years later and evidence for potential legal proceedings. This is required for activities such as:
  • Cybersecurity incidents
  • Security Requests
  • Approvals or rejections
• Follow and complete all administrative requirements including but not limited to, timecard, travel requests and expense reimbursement, purchase requests, ServiceNow incident/task administration and documentation, and project documentation in a timely manner acceptable to both local management and the organization.

This is not an all-inclusive list of this job’s responsibilities. The incumbent may be required to perform other related duties and participate in special projects as assigned.

Qualifications

Minimum:

• 5 years of experience in a full-time IT role -or- 1 year of experience in a full-time Cyber Security role
• Associate's degree in Computer Science required
• At least one professional cybersecurity certification (examples include CompTIA Security+, SANS/GIAC, ISC2, Cloud Security Alliance, ISACA, Project Management Institute, Payment Card Industry, EC Council, Offensive Security, HITRUST, Vendor specific certification directly related to the role)

Preferred:

• Bachelor's degree in Computer Science