Sr. Information Security Analyst
Specialty:Network Security Analyst
: Senior Information Security Analyst
Location: Greenville, SC
Duration: Direct Hire or Contract to Hire
Target Comp: ~$120k
Work Requirements: Third-party candidates are not being considered at this time; Candidates must have valid authorization to work in the US as a W2 employee.
Overview: Seeking a Senior InfoSec Analyst to join our team and be responsible for analyzing and/or administering security controls for information systems. Safeguards the network against unauthorized infiltration, modification, destruction or disclosure.
This person will research, evaluate, test, recommend, communicate and implement new security software or devices. They will also implement, enforce, communicate and develop security policies or plans for data, software applications, hardware, and telecommunications. The Sr InfoSec Analyst will also provide information to management regarding the negative impact on the business caused by potential breach, theft, destruction, alteration, denial of access to information, or other identified means.
Key Responsibilities (% of time allocated):
- 50% - Completes workflow analysis, and requirements and gap assessments for information security systems and applications. Actively participate in risk assessments for organizational applications, RFPs, project planning and system installs as to ensure information security concerns are addressed.
- 15% - Works with Corporate Compliance to investigate information security incidents, and if needed develop and recommend solutions for mitigation of incidents to management. Develop IS responses to internal and external audit reports. Monitors responses to audit reports to assure changes are completed timely.
- 10% - Directs the preparation and installation of information security applications, including workflow analysis and flowcharting, design specifications, programming and/or building, testing, training and implementation. Develops a timeline for implementation and ensures that all steps are taken to close all outstanding issues regarding the new implementation.
- 5% - Documents application workflow processes for assigned applications. Keeps documentation current and reviews annually.
- 5% - Creates and maintains reports to support assigned departments and functionalities from the database that is integrated into information security system.
- 5% - Prepares test scenarios and testing schedules and organizes application integration testing to test patches necessary to keep systems free from malware. Monitors and analyzes performance during testing, and communicates results to the appropriate project team members tracking and following through with issues to resolution. Accepts final responsibility for testing and debugging before final development.
- 5% - Mentors and trains assigned team members on internal standards for implementation planning, work plan development, project management, system support and customer service.
- 5% - Complete tasks on time and meet assignment dates. Accurately checks processes and tasks and ensures data integrity for assigned applications, testing to ensure new code does not impact previous version. Manages the work of others and assures tasks are completed on time.
- Understanding of multiple regulatory requirements and frameworks (ex. NIST, ISO, PCI DSS, HIPAA, GDPR, CCPA)
- Understanding of certifications SOC 1 and 2, Hitrust and ISO 27001
- Experience with Rapid7 InsightVM (legacy Nexpose) vulnerability evaluation tool and ServiceNow’s Vulnerability Response module is a big plus, but not required.
- Bachelor's Degree with 6 years of relevant professional experience and a minimum of 4 years working in a healthcare business or technical position
- Associates Degree in IT, Computer Science with 8 years experience in support information security, compliance, project management, or information systems access control
- HS diploma and 10 years of experience in support information security, compliance, project management, or information systems access control.
Reports to: Information Security Manager
Supervisory Responsibilities: None