Lead IT Security Analyst i IV

Job Summary:  

This position is a lead security analyst within IT Security Governance and IT Security Operations.IT Security Operations:

 Responsibilities:  

• Recommend FireWall change requests for approval

• Analyze and take appropriate action on intrusion detections

• Analyze and recommend action on security related incidents; notify appropriate owners and IT Security Governance

• Review and approve access requests 

• Provide Role Based Access Control (RBAC) to individual users and perform recertification based on segregation of duties and roles

• Map work flows in provisioning users into our systems and infrastructure

• Comply with internal and external audit requests 

• Monitor the effectiveness of the Enterprise wide information security program

• Provide data for audit indicating changes made to access control lists to facilitate audits and other investigations

• Participate in investigating possible security violations

• Track and maintain operational security access metrics

IT Security Governance:

• Provide guidance and direction regarding security control elements in policies throughout the organization

• Document relevant business processes and their implications on information security

• Design work flow diagrams showing the production of, transmission and use of electronic Protected Health Information (ePHI) and other sensitive information

• Develop information security risk identification, tracking and mitigation processes strategy and methodology

• Develop the information security awareness, training and education program-s strategy and methodology

• Facilitate or lead development of accurate and relevant information security process and operational metrics

• Establish monitoring measures to detect and ensure correction of security breaches and policy violations

• Proactively keep current on information security issues related to business processes as input into departmental policies and procedures

• Analyze and enhance the effectiveness of the Enterprise wide information security program

Knowledge: 

• Requires an excellent understanding of IT security concepts with an emphasis on Security and Risk Assessment

• Requires excellent knowledge of IT and computer systems

• Requires excellent understanding of internal and external audit process

• Requires in-depth understanding of Public Key Infrastructure (PKI), encryption, network security controls tools and functionalities

• Requires demonstrated proficiency in applying HIPAA security rules and National Institute of Standards and Technology (NIST) standards

• Requires demonstrated proficiency in applying Identity Management (IDM) concepts

• Requires exceptional analytical thinking skills

• Requires excellent verbal and written communication skills

• Requires excellent interpersonal skills and the ability to work effectively with others as a team

• Requires excellent PC skills and demonstrated proficiency with MS Office Suite

• Requires the ability to handle multiple tasks and prioritize effectively