HealthAxis Group, a leader in healthcare technology, is searching for an Information Security Analyst III
to join our IT Security team. The Information Security Analyst III is responsible for design and implementation of security systems to protect a company or organization’s computer networks from cyber-attacks and help set and maintain security standards. The Information Security Analyst III consults with other IT teams on technical matters of security, providing both routine and emergency after hours support of matters related to enterprise security. Also, construct and assess high-level and detailed vulnerability management programs translating business needs, compliance and/or regulatory requirements into cost effective and risk appropriate controls.
- Uses network monitoring tools, SIEM (security incident event monitoring) to carefully examine network traffic and to identify both external and internal threats to ensure security specifications meet the HealthAxis infrastructure guidelines.
- Define firmware and patch management policies for all operating systems in accordance to the Information Security Policy.
- Perform SOC2 and high-trust audits
- Design and administer self-scan audits internally and externally and address all findings.
- Initiate internal and external IT audit preparation and resolutions to findings.
- Implement controls to maintain data security through enabling/disabling network protocols, port security, restricting access to vLANs, certificate management, MAC filtering and other security controls.
- Participate in the annual execution of disaster recovery testing.
- Provide security expertise to business applications ensuring they are deployed and implemented securely.
- Research and design short- and long-term changes and enhancements to the infrastructure.
- Participate in developing the annual IT strategic plan, review existing infrastructure security configuration, plan and make recommendations for future enhancements.
- Engineer solutions that sustain the operational integrity and security of all business systems and networks.
- Installing, administering, and troubleshooting network security solutions.
- Updating software with the latest security patches and ensuring the proper defenses are present for each network resource.
- Performing vulnerability and penetration tests, identifying and defending against threats, and developing disaster recovery plans.
- Configuring security systems, analyzing security requirements, and recommending improvements.
- Monitoring network traffic for suspicious behavior.
- Creating network policies and authorization roles and defending against unauthorized access, modification, and destruction.
- Consulting with staff, manager, and executives about the best security practices and providing technical advice.
- Configuring and supporting security tools, such as firewalls and anti-virus software.
- Training staff to understand and use security protocols.
- Administer policies, standards and procedures to manage security functions relative to information technology systems (including systems under development), networks, applications, and voice and data communications that are consistent with applicable regulatory and compliance requirements.
- Understand the threat landscape and attack trends as they relate to intelligence gathering, dissemination and defense coordination.
- Manage identity and access management functions including security administration, access governance, provisioning and access control design and engineering.
- Provide subject matter expertise on a broad range of information security standards and best practices, such as NIST, PCI, ISO 27001, MAR and others as applicable.
- Facilitate and participate in the organization’s Enterprise Security Committee as appropriate.
- Collaborate with other departments across HealthAxis including Human Resources, Legal, Privacy, Procurement and Compliance to ensure information security alignment across the company.
- Stay up-to-date on information technology trends and security standards.
- 7+ years of experience in cybersecurity or in IT security-related field. Experience with infrastructure consisting firewalls, IPS/IDS, web and email filters, antivirus/anti-malware systems. Knowledge of networking, routing in a Microsoft Server domain, AD, Group Policy, virtualization infrastructure.
- Must possess a solid understanding of Information Technology, Information Security, and Risk Management.
- Knowledge of security and control frameworks, such as ISO 17799, COBIT, and NIST CyberSecurity Framework.
- Understanding of Risk management process is preferred.
- Understanding of FAIR (Factor Analysis of Information Risk) is preferred.
- Proficient in Microsoft Office (Outlook, Word, Excel and PowerPoint)
- Excellent oral and written communication skills.
- Strong interpersonal and organizational skills
- Must be a team player, be organized and have the ability to handle multiple projects
- Ability to work independently with minimal supervision or function in a team environment sharing responsibility, roles, and accountability
- Ability to lead without authority and motivate teams to achieve tactical and strategic goals. This is a highly responsible position that requires both quantitative and interpersonal skills.
- Demonstrated project management, organization and facilitation skills.
- High level of personal integrity, and the ability to professionally handle confidential matters and exude the appropriate level of judgment and maturity.
- Information Security certifications such as the Certified Information Systems Security Professional Certification (CISSP) or Certified Information Security Manager Certification (CISM) is required or must be obtained within 2 years of acceptance of the position
- Bachelor’s Degree in Business, Computer Science or equivalent experience required.
Equivalent experience is defined as 4 years of professional work experience
- Responsible for driving the HXG culture through values and customer service standards.
- Accountable for outstanding customer service to all external and internal contacts.
- Develops and maintains positive relationships through effective and timely communication.
- Takes initiative and action to respond, resolve and follow up regarding customer service issues with all customers in a timely manner
HealthAxis Group is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, pregnancy, sexual orientation, gender identity, national origin, age, protected veteran status, disability status, or membership in any other group protected by federal, state or local law