Description
Description
Information Protection Analyst - Associate
Position Description:
Work in large corporate-wide, heterogeneous, distributed computing network. Develop corporate level security policies, procedures and security architectures: providing security consulting services, administering network Firewalls, Mainframe security, web (Intranet and Internet) security and remote access (dial-in) security and for promoting information security awareness. Analyze security state of existing applications, hosts and networks and for formulating recommendations for policies, procedures, and technologies to assure security. Also knowledgeable about EDI, evolving Internet and Extranet practices, E-commerce, as they will act as internal security consultant to other IT areas.
The Information Protection Analyst will be responsible for the monitoring of user account provisioning and de-provisioning activities for IAM Services used by more than 130,000 users, various Client Server applications and the NCAL/SCAL Pharmacy application (Legacy and ePIMS). This Information Protection Analyst will be involved with user provisioning/de-provisioning functions as well as assisting in Daily activities to enable the department in achieving Service Level Agreements and Customer Satisfaction.
Essential Functions:
Conducts periodic security compliance reviews and works closely with stakeholders on SOX Remediation efforts
Ensures the implementation of system access controls based upon KP-IT Information Protection policies and standards.
Investigates and documents security incidents
Recommends and/or assists in the development and implementation of Information Protection policies, standards, procedures, and guidelines.
Ensures that KP-IT security systems are in compliance with KP-IT policies.
Assesses the development, testing and implementation of appropriate Information Protection controls
Participates with internal and external audit staff to assess the effectiveness of the KP-IT security program.
Assesses and reports on the adequacy of the products' security features
Assists in developing Information Protection awareness programs and performs Information Protection training.
Communicates security incidents expeditiously, both internally and externally, according to guidelines.
Identifies compensating controls to mitigate risks in the healthcare enterprise.
Assists with facilitation of risk analysis with business units.
Escalates identified security incidents to higher level resources.
Basic Qualifications:
A minimum of 2 years of Information Technology (IT) experience
Must have effective written and oral communication skills, as well as positive, customer-focused interpersonal skills and attitude.
Must be able to work in a team environment.
Ability to prioritize work to meet service level agreements.
development, implementation, communication, monitoring and maintenance of information security policies and procedures.
Preferred Qualifications:
A minimum of 1 years experience in Identity and Access Management creating or modifying user accounts and troubleshooting access issues
A minimum of 1 years experience using Remedy to monitor and receive incoming requests and problems.
A minimum of 1 years experience with Lotus Notes.
Knowledge of SOX Security Controls and how they relate to Identity and Access Management.
Knowledge particularly and its various organizational groups, entities, and administrative systems, is desirable.
Experience creating and updating documentation based on IAM Services policies and procedures.
Ability to use Remedy to pull metrics to monitor and submit incoming requests and problems.
Proven record in high IT customer satisfaction.
Experience working with CARMA or another user attestation tool. Aveksa, Oracle Identity Manager, CA Identity Manager, SailPoint Identity IQ
Project/Program management experience and/or certifications.
Experience Level: 0-3 Years.
Skill Set: Security background check required. 4 years experience in programming, system analysis, project management, auditing in a distributed computing environment. Knowledge of security access facilities.
Top 3 - 5 Daily responsibilities -
Assist with Job Role Matrix life cycle management
Responsible for kicking off Quarterly Access Reviews, monitoring and soliciting reviewer responses, coordinating remediation and preparing closure package,
Assist with any audit related items and managing open CAPs
Top 3 - 5 Required Skills -
Knowledge of compliance procedures and requirement,
Data analytics skills,
Technical skills to work on tools for Quarterly Access Reviews and other compliance related tools,
Experience in working with Auditors, Application and Control Owners,