Information Security Analyst

This position is responsible for analyzing and reporting on IT infrastructures and platforms to ensure the confidentiality, availability, and integrity of data across the health system. The ISA delivers qualitative and quantitative analysis of the systems and processes supporting the health system's risk management program while managing multiple projects and maintaining technical currency with emerging security technology. While this role reports to the Chief Compliance Officer, this position also works with the Chief Information Security Officer (CISO) and applicable business units to prioritize risk and determine the best course of action for risk mitigation. The ISA helps develop and maintain security policies and procedures, as well as the education and awareness program.

The skills required in this position include creation, maintenance and monitoring of access control, data integrity, and data loss prevention all Renown systems, medical devices and associated information assets.

The analyst will be responsible for assisting with:

* Creation and maintenance of various department tools, that includes working with various information databases (e.g., SQL).

* Responses to audit action items that include providing supporting documentation to auditors, evaluating audit results for relevance/accuracy, and working with teams to remediate audit findings.

* Creating, updating, reviewing department and organizational wide policies and procedures to adhere to industry best practices, laws and organizational requirements.

* Responsible for organizational wide information security training and awareness to ensure employees understand the integral role they play in safeguarding the company's information assets against unauthorized use and disclosure.

* Performs risk assessments on third party vendors evaluating on security best practices and legal requirements to ensure that Renown does not inherent unacceptable risk by doing business with that vendor.

* Works alongside team members to effectively analyze and assess any new technologies and/or ideas that would be considered a security risk and therein perform evaluations and give feedback on any recommended or required remediation.

* Responsible for the direct oversight and management of incidents that would be considered a security risk including system outages, malicious cyber threats and/or any situation where there is a loss of productivity due to system failure.

* Responsible for the development, setup, maintenance, and enforcement of identity access management and multi-factor authentication policies and procedures.

* Responsible for the implementation, maintenance and tuning of a data loss prevention program in order to assure data privacy and security is in compliance with company policies and state and federal laws.

* Responsible for vulnerability remediation and penetration testing of the Renown network to futureproof against potential exploits.

* Discover and report any systems and/or users that are not conforming to the Renown usage policy and report their findings to HR.

* Responsible for investigating, classifying, documenting, remediating and reporting on cyber security incidents that would be considered a risk to the company.

The incumbent, under guidance of the CISO, has the authority to change, determine and/or request the available resources required to ensure the security of the data communications network, and to make decisions and recommendations relative to maintaining a secure networking environment or improving business functionality. Decisions that must be referred to the CISO include software and hardware acquisitions, personnel management, policy deviations, financial matters, and changes that could adversely impact network security performance and/or integrity.

Also, under the guidance of the CISO, the cyber security analyst will be responsible for the maintenance of the identity access management and data loss prevention systems.

The analyst will audit user activity to enforce compliance with regulatory and Policy requirements to mitigate risk and protect Renown Health's information assets.

This position does not provide patient care.

The foregoing description is not intended and should not be construed to be an exhaustive list of all responsibilities, skills and efforts or work conditions associated with the job. It is intended to be an accurate reflection of the general nature and level of the job.

Education:

Requires B.S. or B.A. in information technology or related field. Prefer concentration in information security or cybersecurity. Experience may be substituted for education on a year-for-year basis. Must have working-level knowledge of the English language, including reading, writing and speaking English. Prefer demonstrated ability in creating oral and written analytical reports and presentations.

Experience:

Requires expertise in network engineering or administration, and with Microsoft Productivity Suite, and 1 (one) year experience in data analysis. Information technology, information security, system administrator, or application administrator is a plus.

License(s):

None

Certification(s):

Preferred Certified Information Security Systems Professional (CISSP), Systems Security Certified Practitioner (SSCP), or Certified Information Systems Auditor (CISA).

Computer / Typing:

Must be proficient with Microsoft Office Suite, including Outlook, PowerPoint, Excel and Word and have the ability to use the computer to complete online learning requirements for job-specific competencies, access online forms and policies, complete online benefits enrollment, etc.