The Information System Security Analyst is responsible for safeguarding the healthcare organization's computer systems and networks from cyber threats. This role involves continuous monitoring of systems for security breaches, implementing robust security measures, and responding promptly to incidents. The analyst will develop and enforce comprehensive security policies, conduct regular security audits, and ensure compliance with healthcare industry standards and regulations such as HIPAA and HITRUST. Additionally, the analyst will collaborate closely with the IT department to maintain the security of sensitive data, provide expert technical advice on security protocols, and train staff on best practices for security procedures. The primary objective is to protect the organization's digital assets from unauthorized access, modification, and destruction, thereby ensuring the integrity, confidentiality, and availability of information.
· Define access privileges, control structures, and resources to safeguard systems and manage data effectively.
· Ensure the integrity and security of organizational data and information assets by developing and implementing security systems, guidelines, and strategies.
· Protect against unauthorized access, use, disclosure, disruption, modification, and destruction of data.
· Configure and maintain Security Information and Event Management (SIEM) systems to enhance threat detection, incident response, and compliance reporting, ensuring optimal performance and security posture
· Conduct data audits and risk assessments, evaluate internal operations and controls, and make recommendations based on findings.
· Implement and maintain firewall configurations to safeguard network perimeters, optimize traffic flow, and enforce security policies, ensuring robust protection against unauthorized access and cyber threats.
· Configure and maintain advanced email security systems to protect against spam, phishing, and malware, ensuring the integrity and confidentiality of organizational communications while enhancing overall cybersecurity posture.
· Ensure adherence to data protection guidelines and applicable laws, including HIPAA and HITRUST, and migrate non-compliant environments to compliant ones.
· Identify data abnormalities and report violations to recognize and address issues.
· Assess current security management practices, evaluate trends, and anticipate requirements to implement security improvements.
· Conduct periodic audits to determine security management inefficiencies and violations.
· Implement and maintain security data management controls to upgrade systems.
· Prepare performance reports, communicate system status and new trends, and create, distribute, and perform user training.
· Conduct internal and external penetration threat tests and monitor for insider threats.
· Conduct data analysis to identify trends, patterns, and insights.
· Create and maintain IT policies and procedures (P&P).
Indentfy security weaknesses per HIPAA, HITRUST, and NIST guidelines, and create project plans to address them.
· Follow organizational standards to maintain quality service.
· Address security management issues and vulnerabilities.
· Manage Information Security projects and log and track all issues using a ticket tracking system.
· Evaluate and implement system hardening processes.
· Serve as an escalation point for data-related helpdesk inquiries.
· Assist in maintaining the department's knowledge base and additional documentation.
· Perform proactive security management tasks to minimize system downtime.
· Ensure compliance with ADA, FMLA, and other federal, state, and local standards, including meeting productivity standards.
· Maintain regular, punctual attendance and comply with company attendance policies and procedures.
· Perform additional duties and related essential tasks as assigned, gaining exposure to complex tasks within the job function.
· High School Diploma required; Bachelor's degree in Information Technology, Cybersecurity, or a related field preferred.
· Minimum of 2 years of experience in Level 2 Helpdesk or a similar role in IT support.
· Strong understanding of hardware, networking, and cybersecurity principles.
· Proficient in Windows Client and Server environments.
· Proficient with Firewall Appliances.
Certificates, Licenses, Registrations:
· Security+ certification (plus, not required)