Position Purpose As part of a cross-functional Information Security team, the IT Information Security Analyst (ISA) is responsible for the day to day operations of the in-place security solutions as well as involvement in the identification and implementation of new security solutions, and participation in the creation and/or maintenance of information security policies, standards, guidelines, processes and procedures. This role works with under the direction of the Chief Information Security Officer (CISO) and applicable business units to prioritize risk and determine the best course of action for risk mitigation. Nature and Scope The analyst will be responsible for assisting with all or some of the below, as appropriate:
* Participation in the planning and design of enterprise security architecture.
* Participate in the creation of enterprise security documents (e.g., policies, standards, processes, and procedures) to adhere to industry best practices, laws and organizational requirements.
* Establish standards, driving designs and implementation of appropriate identity and access management processes and controls.
* Respond to audit action items that includes providing supporting documentation to auditors, evaluating audit results for relevance/accuracy, and working with teams to remediate audit findings.
* Responsible for organizational wide information security training and awareness to ensure employees understand the integral role they play in safe guarding the company’s information assets against unauthorized use and disclosure.
* Perform information security risk assessments on third party vendors to ensure that Renown does not inherent unacceptable risk by doing business with that vendor.
* Researches, investigates, documents, coordinates and reports out on the remediation or mitigation of known vulnerabilities and exploits that impact or have the potential to impact the Renown network.
* Implementation and maintenance of a data loss prevention program in order to assure data privacy and security is in compliance with company policies and state and federal laws.
* Works alongside team members to effectively analyze, assess and document the security risk any new technologies and/or ideas would present to the Renown network. Provide recommendations on compensating controls to mitigate security risks and allow solution to be implemented securely.
* Responsible for investigating, classifying, documenting, remediating and reporting on security incidents that would be considered a risk to the company such as cyber threats, system outages, log failures and/or unusual system behaviors.
* Perform the deployment, integration and initial configuration of all new security solutions and of any enhancements to existing security solutions.
* Maintain up-to-date baselines for the secure configuration and operations of all in-place devices, whether they be under direct control (i.e., security tools) or not (i.e., workstations, servers, network devices, etc.).
* Participate in the design and execution of vulnerability assessments, penetration tests and security audits.
* Work with solution designers, product owners, developers, project managers, business analysts and others, in identifying security requirements for projects and ensures that these requirements are met as part of the software development lifecycle.
The incumbent, under guidance of the CISO, has the authority to change, determine and/or request the available resources required to ensure the security of Renown systems and data, and to make decisions and recommendations relative to maintaining a secure IT environment or improving business functionality. Decisions that must be referred to the CISO include software and hardware acquisitions, personnel management, policy deviations, financial matters, and changes that could adversely impact network, system, or application security performance and/or integrity.
The analyst will audit user activity to enforce compliance with regulatory and policy requirements to mitigate risk and protect Renown Health’s information assets.
This position does not provide patient care.
Disclaimer The foregoing description is not intended and should not be construed to be an exhaustive list of all responsibilities, skills and efforts or work conditions associated with the job. It is intended to be an accurate reflection of the general nature and level of the job. Minimum Qualifications
Requirements – Required and/or Preferred Name Description Education: Requires B.S. or B.A. in information technology or related field. Prefer concentration in information security or cybersecurity. Experience may be substituted for education on a year-for-year basis. Must have working-level knowledge of the English language, including reading, writing and speaking English. Prefer demonstrated ability in creating oral and written analytical reports and presentations. Experience: Requires at least one year of experience in information security operations or related experience. System administration, application administration, and/or network engineering is a plus. License(s): None. Certification(s): Preferred Certified Information Security Systems Professional (CISSP), Systems Security Certified Practitioner (SSCP), Certified Information Systems Manager (CISM), or Certified Information Systems Auditor (CISA) Computer / Typing: Professional:
Must be proficient with Microsoft Office Suite, including Outlook, PowerPoint, Excel and Word and have the ability to use the computer to complete online learning requirements for job-specific competencies, access online forms and policies, complete online benefits enrollment, etc.