You are here
IT Security Analyst II
- IT Security position with a New York Hospital System
- HIPAA experience and Security+ Certification required
About Our Client
Our client is leading Health System in the New York City area. Their IT professionals take full advantage of robust training and development programs to stay on the leading edge of technology, which is shaping the transformation of the health care system.
- This individual Leads the security controls design and architecture and follow up to ensure proper implementation.
- Actively engages in security architecture solutioning within key pre-implementation systems
- Defines a process and architecture for assessing risk and controls for networks, applications and infrastructure and supports in the architecture modeling process for ensuring the appropriate identification and integration of various Cyber products and security services within a technologically diverse IT environment.
- Serves as an internal information security consultant on the standards, complex issues and best practices to the organization.
- Identifies and implements emerging data access control technologies, information systems security issues, safeguards, and techniques.
- Experience in developing or managing FISMA security programs or compliance with NIST SP 800-53 security standards
- Develops and implements security solutions that will resolve security issues on a timely basis to enhance security.
The Successful Applicant
Strong candidates for consideration will have:
- Skill in conducting vulnerability scans and recognizing vulnerabilities in security systems
- Knowledge of encryption algorithms
- Knowledge of known vulnerabilities from alerts, advisories, errata, and bulletins
- Knowledge of information assurance (IA) principles and organizational requirements that are relevant to confidentiality, integrity, availability, authentication, and non-repudiation
- Knowledge of information technology (IT) security principles and methods (e.g. firewalls, Demilitarized Zones, encryption)
- Experience working with network access, identity, and access management (e.g. Active Directory, access federation, multifactor authentication, PKI)
- Experience working with operating systems (Microsoft Windows, Linux, UNIX, MacOS X)
- Knowledge of how traffic flows across the network (e.g. TCP & TCP/IP, OSI, etc.)
- Knowledge of secure configuration management techniques
- Knowledge of security management
- Knowledge of software engineering
- Skill in assessing the robustness of security systems and designs
- Skill in designing countermeasures to identified security risks
- Skill in designing security controls based on IA principles and tenets
- Skill in determining how a security system should work (including its resilience and dependability capabilities)
- Skill in developing and applying security system access controls
- Skill in using network analysis tools to identify vulnerabilities
- Knowledge of HIPAA/HITECH, Personally Identifiable Information (PII) and Payment Card Industry (PCI) data security standards
- Knowledge of IT supply chain security/risk management policies, requirements, and procedures
- Knowledge of network security architecture concepts, including topology, protocols, components, and principles (e.g. application of defense-in-depth)
- Perform security reviews and identify security gaps in security architecture, resulting in recommendations for inclusion into the risk mitigation strategy
- Provide IA guidance to leadership
- CISSP Preferred, Security+ Required
What's on Offer
Competitive Base, Bonus and Benefits