Senior Information Security Analyst

Information Services

Purpose and Scope:

Reporting to the Director, Information Security Officer, the Senior Information Security Analyst is responsible for development and management of information security operations and maintenance activities; assists in design/implementation of emergency/incident response processes, log monitoring processes and analysis, and vulnerability scanning and remediation risk analysis and oversight activities; monitoring compliance with hospital IT security policy and applicable law; and assisting in the investigation and reporting of security incidents. The analyst will assist in the area of Information Management, as well as other audits, surveys and assessments, internal and external. Working with the Information Technology (IT) team, as well as any other required departments, the analyst will develop, assess, and maintain security-related procedures applied to new and ongoing projects, applications and network services. Leads or assists with security project implementation including DLP, SIEM, Vulnerability Scanning Solution, and others TBD. Assist with technical design. Assist with security strategic planning and architecture roadmap. Assist in developing risk assessment strategy and implementation.

I. Position Requirements:

A. Education:

BA or BS in Information Security, Information Assurance, Computer Science, or related field.

Advanced degree desirable. CISSP, CISA, or other security certifications

B. Experience:

Five+ years of progressive experience in networking and information security, including experience with Internet technology and security issues.

Experience should include security policy development, metrics capture and analysis, security education, application vulnerability assessments, risk analysis and compliance testing, and project management.

Project Management experience

Experience in a CSIRT

Experience in health care

C. Knowledge, Skills and Abilities:

Solid understanding of networks

Solid understanding of Information Security

Solid understanding of infrastructure vulnerabilities and countermeasures.

Knowledge/experience with LAN, WAN, VPN, routers, firewalls, servers, IDS/IPS, SIEM, DLP and workstation administration.

Knowledge/experience with Windows, Active Directory, group policy, DNS, encryption, patch management, anti-virus, system configuration management.

Knowledge/experience with data security tools such as DLP (Data Loss Prevention), content management and SIEM and Log Management.

Identify and be able to react to network attacks, viruses, malware, SPAM, phishing and other intrusions.

Ability to conduct system security vulnerability and threat analyses, gathering of intelligence, risk assessments and mitigation planning and implementation.

Knowledge of information security standards (e.g., ISO 17799/27002, etc.), rules and regulations related to information security and data confidentiality (e.g. HIPAA, HITECH, etc.) and desktop, server, application, database, and network security principles for risk identification and analysis very helpful. Strong analytical and problem solving skills are required. Excellent communication skills.


• Advanced degree desirable. CISSP, CISA, or other security certifications

• Project Management experience

• Experience in a CSIRT

• Experience in health care