IT Security Analyst

About Health-E Commerce:

Here at Health-E Commerce, we are a consumer health and wellness advocate and online retailer headquartered in New York, NY. Since 2010, we have launched direct-to-consumer e-commerce brands aimed at simplifying the U.S. tax-free healthcare market and helping everyday Americans and companies benefit better from workplace benefits, wellness and health spending programs.

Our portfolio consists of four brands — FSA Store, HSA Store, WellDeserved Health and Caring Mill

About the Role:

The IT Security Analyst will be a part of our Security Team and be responsible for ensuring the IT and Security needs of the company and staff are met in a timely and professional manner.  The candidate will be part of our excellent agile IT team and will have opportunities to learn from and mentor other IT professionals.  The ability to take ownership of tasks and projects and see them through to completion is a critical success factor for this role.  The ideal candidate will need to possess excellent communication, interpersonal and technical skills and be able to keep up to date with industry trends and address the company’s cybersecurity needs.

What You'll Do:

• Responsible for the security and secure configuration of our computer systems, network, data, cloud, and office/home office locations.
• Monitor computer networks, endpoints, and devices for security issues.
• Investigate security breaches and other cyber security incidents.
• Document security breaches and assess the damage they cause.
• Install security measures and operate software to protect systems and information infrastructure, including firewalls and data encryption programs.
• Oversee company firewalls, proxies, SIEM, antivirus, and IDPS
• Research security enhancements and make recommendations to management.
• Develop company-wide best practices for IT security.
• Network and application security testing.
• Fix detected vulnerabilities to maintain a high-security standard.
• Help colleagues install security software and understand information security management.
• Take the lead on our annual Risk Assessment, PCI Compliance, HITRUST and other security/compliance frameworks.
• Member of our Security Committee.
• Monitor employee provisioning and de-provisioning processes from a security perspective.
• Conduct quarterly access control audit.
• Additional IT and security projects and assignments as needed.

What You'll Need:

• Associate or bachelor’s degree in Computer Science, Information Technology, System Administration, or a closely related field, or equivalent experience required
• Strong knowledge of cybersecurity including securing networks, networking software, hardware, cloud and virtualization infrastructure, and virtual private networks
• Experience with firewalls and network/device security
• Experience with securing Office 365, SharePoint, G Suite are a plus
• Knowledge of Microsoft SQL Server and familiarity with Microsoft Azure are a plus as well as scripting knowledge (PowerShell, etc.)
• Resourcefulness and problem-solving aptitude with a strong work ethic
• Excellent communication and writing skills. Ability to interact with technical and non-technical staff.  Experience with technical writing and documentation.
• Experience working in a compliance environment such as HITRUST, HIPAA, PCI, etc.
• Project Management experience is a plus.