Information Systems Security Analyst - GRC
Job Number 143328
I.S. Security Analyst – Senior is responsible for providing analysis and support for the development, implementation, and maintenance of Intermountain's I.S. Security & Assurance (ISSA), I.S. Security policies, procedures, guidelines, processes, technologies, and solutions ensuring the confidentiality, availability and integrity of Intermountain's electronic information and information systems infrastructure. Leads the operational analysis and support of the prevention, detection and response to I.S security threats, vulnerabilities, and incidents.
Senior-level professional experience in all aspects of information systems/security technologies and systems. Incumbent's ability encompasses full knowledge required within information security and information systems. Typically designs and develops approaches that are implemented by others. Is able to function independently with minimal oversight and direction. May instruct and guide lower level technical professionals.
Leads in the creation of enterprise security documents (policies, standards, baselines, guidelines and procedures) under the direction of the I.S. Security Management, where appropriate.
Maintains up-to-date detailed knowledge of the IT security industry including awareness of new or revised security solutions, improved security processes and the development of new attacks and threat vectors.
Recommends additional security solutions or enhancements to existing security solutions to improve overall enterprise security.
Performs the deployment, integration and initial configuration of all new security solutions and of any enhancements to existing security solutions in accordance with standard best operating procedures generically and the enterprise’s security documents specifically.
Maintains up-to-date baselines for the secure configuration and operations of all in-place devices, whether they be under direct control (i.e., security tools) or not (i.e., workstations, servers, network devices, etc.).
Maintains operational configurations of all in-place security solutions as per the established baselines.
Monitors all in-place security solutions for efficient and appropriate operations.
Reviews logs and reports of all in-place devices, whether they be under direct control (i.e., security tools) or not (i.e., workstations, servers, network devices, etc.). Interprets the implications of that activity and devises plans for appropriate resolution.
Leads in the design and execution of vulnerability assessments, penetration tests, and security audits.
Leads in incident investigations into suspicious or problematic activity.
This position will work with confidential and proprietary information that requires a signed IT Employee Invention and Confidentiality Agreement upon hire.
Bachelor's degree in Computer Science, Information Systems (I.S.) or technology field or four or more years of I.S. or I.S. security experience. Intermountain Healthcare verifies both degree attainment and educational institution accreditation following an offer of employment.
Six or more years of work experience in I.S. or I.S. security technologies and systems
Demonstrated understanding of the 10 Information System Security domains in the Common Body of Knowledge for Certified Information Systems Security Professional (CISSP) and the 5 Information Security practice areas and tasks for Certified Information Security Manager (CISM)
Possess Certified Information Systems Auditor (CISA), CISM or CISSP industry certification or willing to obtain such certification within the first 12 months of employment
Demonstrated understanding of I.S. security methods and techniques
Master's degree in Business, Computer Science, Information Assurance, Information Security or Information Systems
Eight or more years of work experience in I.S. or I.S. security technologies and systems
Understanding of I.S. security requirements of HIPAA, HITECH and SOX regulations
Understanding of I.S. security requirements of regulations including: ISO 27001/27002, PCI, State Breach Laws, FRCP, JCAHO, GLBA, FERPA, and FCRA
Understanding of workstation, server, application and network device security methods and techniques
Understanding of I.S. security vulnerability assessment tools and techniques
Understanding of platforms, technologies and technical components including directories (LDAP/Active Directory), Access and Authorization technologies (including Desktop SSO/Web SSO/SAML/XACML), and encryption technologies
Understanding of operating systems and platforms (Windows, IOS, Unix, Linux)
Understanding of I.S. security for internetworking protocols, platforms and devices such as IP, firewalls, servers, routers, and switches
Understanding of web architectures (i.e. web and web application servers and presentation vs. application layers), experience designing and developing web systems, and understanding of web programming languages
Understanding of healthcare information systems and data for a large, integrated delivery system including health plan systems, acute and ambulatory systems, ancillary systems, interfaces, and financial systems
All positions subject to close without notice
Intermountain Healthcare is an equal opportunity employer M/F/D/V
Job Type: Full Time
Location: West Valley City, UT, US