Information Security Analyst 2

Job#: 1344529

Job Description:

Job Summary

The Information Security Analyst II assists in developing, implementing and administering plans, policies and procedures, techniques, and services ensuring ongoing compliance and security of Prisma Health information resources. Assists with risk and compliance assessments and/or audits of organizational systems, SaaS, PaaS, IaaS services and processes, assists in interpreting results, and developing and communication recommendations for improvement to management. Assists with review, development and maintenance of security policies. Assists with Third Party Risk Assessments and recommends controls and monitors the effectiveness of the controls after implementation. Provides enterprise-wide, risk-based security and continuity capabilities to meet changing internal and external threat landscapes. This includes responsibility for identifying and protecting sensitive information, detecting and responding to cyber threats, and maintaining compliance with regulatory requirements and industry standards. Provides security training and awareness delivery. Performs a security advocacy role and act as a liaison with business units for issues related to information security and ongoing compliance maintenance.

Accountabilities

• Supports security awareness training to organization employees. Administer Security Awareness Training Program (research and update content, rollout, employee training participation verification, reporting on hosted LMS). Provides on-demand targeted security training supporting key initiatives. 10%
  
• Supports vulnerability management program to ensure vulnerabilities across the enterprise are identified and remediated. Vulnerabilities to include common infrastructure systems and services, third party platforms, vendor managed medical systems, hosted web-services and software development code vulnerabilities. Reviews and verify security patch processes to ensure all patches are applied to within policy guidelines. 15%
  
• Supports Governance Risk and Compliance platform. Ensure risk is accurately tracked across the enterprise. Document, review and maintain controls, control activities, conduct control mapping across multiple frameworks and regulatory requirements.10%
  
• Supports third party risk and compliance assessment engagements. Perform internal system/platform risk assessments and audits. Responsible for answering security compliance assessment questionnaires and RFPs. 10%
  
• 5Supports Information Security Program to ensure enterprise level framework including defining, implementing and enforcing policies, standards and practices to protect the business, information and resources. 10%
  
• Assist with the implementation and management of an incident response plan and reporting process to address security breaches, and respond to alleged policy violations or complaints. Participate on the incident response team to contain, and investigate incidents then prepare a plan to prevent future similar incidents. 10%
  
• Assists with development of information security reports and metrics for staff, management and executive %
  
• Assists with the development of security standards, policies and procedures and best practices for the %
  
• Stays current on all regulations, laws, security frameworks and certifications. Research the latest information technology (IT) security trends and threats. 10%
  
• Assist technical staff to support security efforts as directed by management. 10%
  

Supervisory/Management Responsibilities

This is a non-management job that will report to a supervisor, manager, director or executive.

Minimum Requirements

• Bachelors Degree - Computer Science, Information Security or business with technical experience.
  
• 5 years - Combined equivalent technical and information security.
  

In lieu of

In Lieu of the education and experience requirements noted above, a combination of acceptable experience, education and certifications will be considered.

Required Certifications, Registrations, Licenses

• One or more certifications CISSP, CISA, CISM, CRISC, Security - Preferred.
  

Knowledge, Skills or Abilities

• Basic computer skills including spreadsheets, databases and date entry.
  
• Understanding of multiple regulatory requirements and frameworks (ex. NIST, ISO, PCI DSS, HIPAA, GDPR, CCPA).
  
• Understanding of certifications SOC 1 and 2, Hitrust and ISO 27001.
  

EEO Employer

Apex Systems is an equal opportunity employer. We do not discriminate or allow discrimination on the basis of race, color, religion, creed, sex (including pregnancy, childbirth, breastfeeding, or related medical conditions), age, sexual orientation, gender identity, national origin, ancestry, citizenship, genetic information, registered domestic partner status, marital status, disability, status as a crime victim, protected veteran status, political affiliation, union membership, or any other characteristic protected by law. Apex will consider qualified applicants with criminal histories in a manner consistent with the requirements of applicable law. If you have visited our website in search of information on employment opportunities or to apply for a position, and you require an accommodation in using our website for a search or application, please contact our Employee Services Department at or .