Security Analyst IIBookmark This
St. Joseph's Health
Orangewood 1515 E. Orangewood Ave
DescriptionSt. Joseph Health (SJH) is an integrated healthcare delivery system sponsored by the St. Joseph Health Ministry and organized into three regions: Northern California, Southern California, West Texas/Eastern New Mexico.SJH provides a full range of care from facilities including 14 acute care hospitals, home health agencies, hospice care, outpatient services, skilled nursing facilities, community clinics, and physician organizations. SJH maintains a 'continuum of care,' matched to the diverse needs of the urban centers, smaller cities and rural communities in three states. For the third year in a row in 2009, the Gallup Organization awarded St. Joseph Health its highest honor - the Great Workplace Award. SJH provides exceptional benefits, opportunities for advancement and relocation within the system.St. Joseph Health is comprised of four core values: Service, Excellence, Dignity, and Justice are the guiding principles of all we do.Excellent compensation program and benefits provided. SJH is an EEO/AA Employer.
St. Joseph Health is looking for Security Analyst II to support our Security Department The Security Analyst II assesses regulatory and technical security risk across the ministry and guides the development of remediation strategies. They contribute to the development, implementation, and maintenance of Ministry Security policies, standards, and processes that help identity and mitigate security risk. The Security Analyst II monitors, tracks, and reports on compliance to security requirements and works with the responsible parties to drive timely remediation. They advise departments on the ministry's security policies, standards, and processes. They provide as needed training and awareness to ministry personnel. Also, the Security Analyst II actively participates on assigned inter-departmental and cross-functional working groups to ensure security requirements met. Minimum Position QualificationsEducation:Bachelor's degree or equivalent experience, with a degree in Information Technology, Information Security, Management Information Systems, or related area a plus Experience:
- 5+ years hands-on information security risk management and hands-on technical security experience.
- Strong working knowledge of security related regulations/control frameworks, with HIPAA, HITECH/Meaningful Use, HITRUST, COBIT, or COSO knowledge a plus.
- Hands-on experience with security risk management practices as well as knowledge of regulatory and industry compliance requirements such as HIPAA, HITECH, JCAHO, ISO 27001, PCI DSS etc.
- Strong functional knowledge of information security such as GRC, vulnerability scanning tools, access control systems, IDS/IPS; and associated technologies. Working knowledge of physical security.
- Proactive and self-sufficient in working to fulfill the objectives of this role.
- Ability to accomplish the objectives of this role by collaborating with others across the ministry and influencing them to take the appropriate actions.
- Exhibits excellent verbal and written communication skills. Excellent interpersonal skills.
- Has outstanding project management skills with the ability to prioritize multiple, diverse, and simultaneous requirements.
- Strong analytical problem solving skills.
- Hands-on experience with a variety of information security technologies
- Experience in supporting technology in a Healthcare setting
- Serve as the subject matter expert for security related policies, standards, and regulatory requirements.
- Contribute to the development and maintenance of the ministry's security policies, standards, and processes.
- Conduct security risk assessments that analyzed both security controls and technical vulnerabilities. Provide as needed guidance to customers regarding their remediation plans and monitor remediation progress.
- Provide leadership and oversight for assigned security domains.
- Contribute to security risk identification, classification, and mitigation processes.
- Advise departments on security regulatory requirements, ministry security policies, and security best practices. Contribute to and provide security training and awareness to ministry personnel.
- Contribute to the development of security metrics. Track, analyze, and report security metrics and propose countermeasures to address security trends that are not in line with the SJH desired risk profile.
- Contribute to the development and maintenance of the ministry's security controls framework. Research and stay abreast of emerging technologies, new vulnerabilities and exploits that may compromise the ministry's assets.
- Investigate and propose technologies and methodologies that can enhance ministry's security posture.
- Contribute to and manage security projects and initiatives and ensure the desired outcomes are delivered on budget and on schedule.
- Actively contribute to inter-departmental and cross-functional working groups to ensure security requirements met.
- Develops and maintains documentation for all assigned responsibilities
- Administer the institutional Governance Risk Compliance (GRC) tools.
- Develop, implement, and maintain enterprise Role Based Access Control (RBAC) methodology, associated standards, and processes.
- Provide oversight and direction to teams responsible for the planning, evaluation, implementation and maintenance of security technologies (e.g. firewalls, IDS/IPS, AV, e-mail gateway, SIEM etc.)
- Contribute to the design and implementation of security technologies and the network's architecture.
- Monitor the implementation and operational effectiveness of existing security technologies, and recommend security technologies and processes that can bolster the SJH security posture.
- Develop, implement, and maintain enterprise standards and processes for security technologies.
- Develop, implement, and maintain the SJH BCM/DR program.
- Develop, implement, and maintain enterprise BCM/DR standards and processes, including documentation and testing standards.
- Develop, implement, and maintain an integrated institutional recovery plan. Implement and administer BCM/DR program management tools.
- Coordinate enterprise business continuity and disaster recovery plan exercises.
- Develop, implement, and maintain the SJH Incident Response e-Discovery program.
- Develop, implement, and maintain enterprise Incident Response and e-Discovery standards and processes.
- Lead the enterprise incident response and e-discovery activities, including investigations, evidence gathering, and risk mitigation. Develop and implement 24x7 incident identification and response capabilities.
- Implement and administer forensic and other incident management tools.
- Research and analyze incident trends. Recommend and implement technology, process, training or other changes to mitigate incident risks.
- Develop, implement, and maintain the SJH Physical Security program.
- Develop, implement, and maintain enterprise physical security standards and processes.
- Provide oversight and direction to local ministry teams responsible for the development, implementation, execution, and maintenance of local physical security operations.