Tax Terms: W2, 1099
Corp-Corp or 3rd Parties: Yes
THE SECURITY ANALYST POSITION WILL ASSIST IN THE DEVELOPMENT AND OPERATIONALIZATION OF AN ENTERPRISE SECURITY & COMPLIANCE FRAMEWORK FOR OHCA. THE SECURITY ANALYST IS CENTRAL TO THE TACTICAL IMPLEMENTATION AND SUSTAINMENT OF OHCA'S SECURITY AND COMPLIANCE PROGRAM IN LINE WITH CHANGING BUSINESS NEEDS. THE SECURITY ANALYST WILL RECEIVE GUIDANCE AND OVERSIGHT FROM BOTH OHCA STAFF AS WELL AS OUR SECURITY CONSULTANT TO ENSURE THAT KEY OBJECTIVES ARE ACHIEVED AND MILESTONES ARE MET. THE PRINCIPAL ACTIVITIES TO BE PERFORMED INCLUDE THE FOLLOWING:
§ SUPPORTS THE OPTIMIZATION OF OVERALL STRATEGY AND GOVERNANCE OF INFORMATION SECURITY
§ ASSISTS WITH THE TACTICAL IMPLEMENTATION OF INFORMATION SECURITY RELATED PROJECTS AND INITIATIVES
§ EVALUATES AND RECOMMENDS VALUE-DRIVEN ENHANCEMENTS TO OHCA'S INFORMATION SECURITY ARCHITECTURE, INFRASTRUCTURE, SYSTEMS AND CONTROLS
§ RESEARCHES AND APPLIES BEST PRACTICES FOR ARCHITECTING AND IMPLEMENTING ENTERPRISE SECURITY PROGRAM;
§ CONFERS WITH BUSINESS USERS AND OTHER INTERNAL AND EXTERNAL STAKEHOLDERS TO IDENTIFY NEEDS AND/OR DISCUSS SOLUTIONS IN RECOMMENDING IMPROVEMENTS, CORRECTIONS, REMEDIATION OR REQUIREMENTS FOR ASSOCIATED PROJECTS;
§ USE THE ANALYTICAL SKILLS TO STUDY ENTERPRISE SECURITY SYSTEM, ASSES ANY POTENTIAL RISK, AND CONSIDER POSSIBLE SOLUTION;
§ PROVIDE ASSISTANCE TO MEMBERS OF THE OHCA SECURITY TEAM IN REGARDS TO MMIS APPLICATION SECURITY, STRUCTURE, AND MEMBERSHIPS;
§ DEVELOPS SECURITY AWARENESS AND TRAINING BY PROVIDING ORIENTATION, EDUCATIONAL PROGRAMS, AND ON-GOING COMMUNICATION.
§ DEVELOPS AND WRITES SPECIFICATIONS TO CREATE AND MAINTAIN RELEVANT DOCUMENTATION AS MAY BE REQUIRED BY THE ENTERPRISE SECURITY AND ANY COMPLIANCE PROJECTS;
§ MAKE IMPROVEMENT RECOMMENDATIONS TO ENSURE COMPLIANCE WITH LAWS, STANDARDS AND POLICIES WHILE MANAGING BUSINESS RISKS;
§ ENSURE GOOD GOVERNANCE AND ADOPTION OF INDUSTRY BEST PRACTICES;
§ ASSIST IN PERFORMING DIFFERENT SYSTEM AUDITS AND REVIEW OF SECURITY CONTROLS, POLICIES, AND PROCEDURES;
§ ACCOMPLISH INFORMATION SYSTEM AND ORGANIZATION MISSION BY COMPLETING RELATED RESULTS AS NEEDED
§ IMPLEMENT AND MAINTAIN SECURITY FRAMEWORKS FOR EXISTING AND NEW SYSTEMS
PREFERRED SKILLS:
SECURITY REGULATIONS AND STANDARDS SUCH AS HIPAA, HITECH, NIST, MARS-E, ETC.., INFORMATION SECURITY POLICIES, ACCESS CONTROL, NETWORK SECURITY, PROBLEM SOLVING, PROCESS IMPROVEMENT, PROJECT MANAGEMENT, RISK ASSESSMENT & MANAGEMENT FRAMEWORK, INCIDENT RESPONSE MANAGEMENT, SYSTEM MONITORING AND AUDIT, DISASTER RECOVERY, CONFIGURATION MANAGEMENT, CYBER SECURITY.
EDUCATION/CERTIFICATION:
• BACHELOR'S DEGREE IN INFORMATION SYSTEMS, COMPUTER SCIENCE OR SIMILAR UNDERGRADUATE DEGREE, OR AT LEAST THREE (3) YEARS OF EXPERIENCE IN INFORMATION SECURITY, COMPLIANCE AND RELATED RISK MANAGEMENT FIELDS.
PREFERRED EXPERIENCE:
• AT LEAST THREE (3) YEARS OF EXPERIENCE IN INFORMATION SECURITY, COMPLIANCE AND RELATED RISK MANAGEMENT FIELDS,
• STRONG TECHNICAL SKILLS AND EXPOSURE TO INFORMATION SYSTEMS AND INFRASTRUCTURE, SECURITY ARCHITECTURE AND RELATED SOLUTIONS, INCLUDING FAMILIARITY WITH VARIOUS SECURITY TOOLS (E.G. SPAM FILTERING, ANTI-VIRUS, UNIFIED THREAT MANAGEMENT, VULNERABILITY SCANNING, FIREWALLS, IDS/IPS)
• EXPERIENCE WITH SECURITY INDUSTRY STANDARDS AND RELATED PROFESSIONAL PRACTICES (E.G. ISO, NIST-800, NIST-CSF, ITIL, COBIT, ISSA)
• FAMILIARITY WITH INDUSTRY REGULATIONS THAT INCORPORATE SECURITY REQUIREMENTS (E.G. MARS-E, HIPAA, PCI)
• PREFERRED but not required CERTIFIED INFORMATION SYSTEMS SECURITY PROFESSIONAL (CISSP) OR SIMILAR CERTIFICATION THAT INCLUDES AN INFORMATION SYSTEMS SECURITY STUDY DOMAIN
SOFT SKILLS:
• EXCELLENT WRITTEN AND VERBAL COMMUNICATION AS WELL AS ANALYTICAL SKILLS
• FAMILIARITY WITH INFORMATION SECURITY TRENDS, TACTICS AND TOOLS
• A COLLABORATOR, CUSTOMER FOCUSED AND VALUE-DRIVEN
• KEEN INTEREST AND FAMILIARITY WITH INFORMATION SECURITY TRENDS, TACTICS AND TOOLS
Experience 8 to 10 years