Security Analyst

The Security Analyst will be responsible for assessing present information security controls and recommend additions or modifications where appropriate to increase defensive posture for First Health clients. As a Security Analyst you will play an advisory role to First Health clients in security program development or capability implementation projects. Primary responsibilities are understanding client business environment, assessing client security requirements and current implementation of security controls, executing security project tasks, and participating in risk management and assessment activities.

Responsibilities

• Provide industry-specific expertise and guidance to clients
• Brainstorm strategies for client security program growth, positive change, and improvement
• Solve problems through helpful recommendations and practical suggestions
• Additional responsibilities and duties as assigned

Duties

• Assist in building out the GRC framework and governance model needed to develop and support the enterprise-wide risk identification, assessment, taxonomy, quantification, remediation, and reporting processes.
• Develop and maintain information security and IT risk register to track identified risks, risk decisions and related action plans.
• Develop and maintain appropriate processes, tools, and metrics to efficiently manage and communicate information security and IT risk.
• Reviews risk status with senior leadership on a regular basis.
• Collaborate to define IT security standards and develop supporting organizational policies.
• Support and coordinate procedures and controls that assure compliance with all applicable regulatory and legal requirements, as well as good business practices.
• Perform security and compliance assessments on new and existing systems, processes, technology.
• Performs third-party supplier risk assessments to ensure supply chain risk is managed throughout the supplier's lifecycle. Assesses and reports on the risks and benefits for the business as well as mandates for supplier compliance.
• Articulates results of final assessments to business stakeholders, project sponsors, program managers, and other internal parties.
• Contributes to maintenance and information gathering for inventory of relevant suppliers/vendors and related controls and risks for ongoing vendor risk management activities.
• Work with cross-functional business and clinical resources to provide guidance and support and ensure controls are adequate, appropriate, and effective.
• Supports workforce security activities including culture, awareness, and training.
• Stay up to date and informed on developing regulatory concerns and changing IT and information security trends.

Desired Skills

• Requires a minimum of 3 years of experience in IT, IT Security, Risk, Compliance, and/or Governance or related fields.
• Significant experience with legal and regulatory compliance standards and security frameworks such as NIST Cyber Security Framework (CSF), NIST 800-53, ISO 2700x, PCI-DSS, HIPAA, HITRUST, 405(d) HICP, etc.
• Ability to translate regulatory requirements into practical business considerations and recommendations
• Ability to proactively identify opportunities for continuous improvement
• Solid understanding of information security, IT networks, and technology stacks
• Experience with process, risk, and controls management
• Experience with security products and knowledge of IT security technologies
• Prior IT and/or cybersecurity hands-on technical experience preferred
• Experience working in the healthcare industry

Education

• Associate’s degree in computer science or related area, or equivalent work experience
• Industry-recognized certification in security strongly preferred: Security+, Network+, SSCP, HCISSP, or similar