Description
A leading healthcare insurance provider is seeking a Senior Information Security Analyst to join their team on a contract to hire basis. Reporting to the Chief Information Security Officer, the Senior Information Security Analyst is responsible for risk assessment based on application, data, and technology architectures; for solution design and information security policy development and maintenance (policy/standard/baseline); for awareness activities and monitoring compliance with company security policy and applicable law; for coordinating investigation and reporting of security incidents. You will also monitor, assess, and apply corrective actions to the business continuity and disaster recovery program and contribute to information security projects to protect company information assets. This will require practical use and understanding of security protocols and standards, and solid knowledge of information security principles and practices, as well as HIPPA.Responsibilities:
- Manage information security policy lifecycle including policy creation, maintenance, and decommission, policy exception/waiver management process and policy change requests
- Assess information security risks of new projects and non-standard IT requests using risk assessment methodologies based on provided architecture. This will require practical use and understanding of advanced security protocols and standards, and solid knowledge of information security principles and practices
- Assist with enterprise-wide risk assessment processes
- Coordinate cross-functional team meetings to remediate previously identified security risks and close out pending action plans
- Architect, develop, deploy and support information security systems and solutions such as strong authentication, key management, IPS, SIEM, antimalware, and others
Requirements:
- At least 6 years of experience in the Information Security domain[s] and 10+ years overall technology experience
- BS or MS degree in Computer Science
- Experience in IT regulation and compliance standards, such as SSAE-16/AT-101, ISO
- Exposures in IT security within healthcare, baseline and procedures development
- Strong analytical and problem solving skills and the ability to 'think-out-of-the-box'
- Able to work independently or with a team
- Beneficial but not required: Knowledge of Security Practices for Cloud Computing Environments: (SaaS, PaaS, IaaS)
Specific technology and compliance knowledge:
- UNIX, Windows, Linux, Network LAN and WAN, Firewalls, Access controls, Authentication, Authorization, Encryption, IPS, Digital Certificates, SSL, VPN, IPSec, TCP/IP, DNS and web security architecture, Proxy services. UML and BPMN are a plus
- ISO , PCI DSS, HIPAA (and other industry specific), related NIST standards. COBIT and TOGAF are a plus