Information Security - Sr. Security Analyst - 40hrs

SUMMARY

Reporting to the Director of Information Security the Security Analyst Manages security mechanisms to protect computer assets against hackers, external and internal breaches, viruses, spyware and malware by establishing, enforcing and monitoring appropriate security controls, responds to security incident, investigates violations, provisioning of users accounts and recommends enhancements to mitigate risk. The Security Analyst is also an active participant in disaster preparedness and business continuity.

Connecticut Children's is the only health system in Connecticut that is 100% dedicated to children. Established on a legacy that spans more than 100 years, Connecticut Children's offers personalized medical care in more than 30 pediatric specialties across Connecticut and in two other states. Our transformational growth establishes us as a destination for specialized medicine and enables us to reach more children in locations that are closer to home. Our breakthrough research, superior education and training, innovative community partnerships, and commitment to diversity, equity and inclusion provide a welcoming and inspiring environment for our patients, families and team members.

At Connecticut Children's, treating children isn't just our job - it's our passion. As a leading children's health system experiencing steady growth, we're excited to expand our team with exceptional team members who share our vision of transforming children's health and well-being as one team.

EDUCATION and/or EXPERIENCE REQUIRED

Education Preferred: BA degree in Computer Science or other related degree is preferred with 3-5 years of Information security; years of experience can be substituted for degree level.

Experience Required:

Experience Preferred: Experience with Epic and background in Healthcare is highly desired

LICENSE and/or CERTIFICATION REQUIRED

CISA or Security+ certification is a plus

KNOWLEDGE, SKILLS AND ABILITIES REQUIRED

KNOWLEDGE OF:

Five years of relative IT experience.

System Administration and Network Security knowledge and experience

Workstation, Application and Database security, experience

Knowledge of principles for risk identification and analysis,

Knowledge of regulatory standards such as HIPAA Privacy and Security Rule, HITECH, SOX, and PCI/DSS

Experience and knowledge of Information Security Policies,

Familiar with Healthcare industry security standards and compliance requirements.

Experience with Healthcare systems preferred.

Must have knowledge of and experience with the following: Microsoft Operating systems Windows Server, Windows XP and Windows 7 Desktop operation systems, Some database knowledge is preferred, knowledge and use of Microsoft Office Suite, Security Incident and Event Management processes and Change Control Management process

SKILLS:

Excellent Communication Skills (Oral and Written),

Attention to detail

Problem solving

Customer focus

Ability to prioritize work and multi-task effectively

Process Improvement skills and experience

Project Management skills

Strong analytical and problem solving skills

ABILITY TO:

Must also have the ability to work independently and complete task in a timely manner.

• Receives escalated request/tickets, analyze and troubleshoot complex security problems, and develop creative solutions using critical thinking to determine the best solution for the specific problem. Document resolved issues and solutions for reference by team members.
• Develop role based security profiles with department, system engineers and application analysts. Ensure that profiles provide the appropriate access to users based on their job requirements and can be re-used by others assigned to the same organizational role.
• Configure Active Directory settings and Identity Management functions per the overall IS and CCMC security posture and framework.
• Participate in the enhancement of security procedures to reduce turnaround on the various security requests. Implement new procedures that utilize parallel processes to create security accounts and leverage new technology such as Single Sign-On and Two Factor authentication and help streamline security configurations.
• Execute processes that disable and clean-up unused, old and expired accounts according to best security practices.
• Safeguards computer files by participation in and disaster preparedness and business continuity exercises; recommending improvements.
• Participate in the evaluation, selection and implementation of virus, malware, and other security software collaboration with Workstation Support and System Engineer teams.
• Participate in continuing education programs that communicate changing security practices, procedures and standards to employees, providers and team members
• Analyze systems for security breaches and report discrepancies to Security Leadership immediately. Document identified issues.
• Conduct vulnerability assessments and penetration tests on IT systems. Assess results and report any identified gaps to Security Leadership.
• Help IS team develop processes and procedure to comply with Corporate Compliance policies.
• Determines security violation and inefficiencies by actively auditing and monitoring of computer systems and accounts.
• Provide On-call support as required.
• Perform all the duties of a Security Analyst.
• Perform other related duties as assigned.

WORK ENVIRONMENT

Requires On-Call rotation duties

• Receives escalated request/tickets, analyze and troubleshoot complex security problems, and develop creative solutions using critical thinking to determine the best solution for the specific problem. Document resolved issues and solutions for reference by team members.
• Develop role based security profiles with department, system engineers and application analysts. Ensure that profiles provide the appropriate access to users based on their job requirements and can be re-used by others assigned to the same organizational role.
• Configure Active Directory settings and Identity Management functions per the overall IS and CCMC security posture and framework.
• Participate in the enhancement of security procedures to reduce turnaround on the various security requests. Implement new procedures that utilize parallel processes to create security accounts and leverage new technology such as Single Sign-On and Two Factor authentication and help streamline security configurations.
• Execute processes that disable and clean-up unused, old and expired accounts according to best security practices.
• Safeguards computer files by participation in and disaster preparedness and business continuity exercises; recommending improvements.
• Participate in the evaluation, selection and implementation of virus, malware, and other security software collaboration with Workstation Support and System Engineer teams.
• Participate in continuing education programs that communicate changing security practices, procedures and standards to employees, providers and team members
• Analyze systems for security breaches and report discrepancies to Security Leadership immediately. Document identified issues.
• Conduct vulnerability assessments and penetration tests on IT systems. Assess results and report any identified gaps to Security Leadership.
• Help IS team develop processes and procedure to comply with Corporate Compliance policies.
• Determines security violation and inefficiencies by actively auditing and monitoring of computer systems and accounts.
• Provide On-call support as required.
• Perform all the duties of a Security Analyst.
• Perform other related duties as assigned.

WORK ENVIRONMENT

Requires On-Call rotation duties