09 Apr
Security Analyst
Arkansas, Conway , 72032 Conway USA

Vacancy expired!

Properly qualified remote candidate will be considered.Must be a documented American worker that does not require sponsorshipGainwell Technologies is seeking a well-rounded Senior Security Analyst. Under the supervision of the Account Security Officer, this position will perform all functions required to support daily data privacy and information security and technical risk operations for our Account and CLIENT requirements. This position analyzes various types of data and documentation for reporting in non-technical language and coordinates work assignments and other documents, as needed for Account and CLIENT projects. This position will be responsible for establishing and maintaining working relationships with other Gainwell Account staff, to ensure proper interpretation of any changes or processes. This position is responsible for coordinating with Application and Development teams to prepare for and take part in application, system, and security audits, as part of the standard processes. This position requires the ability to work with tight deadlines, often with short notice, multi-task, analyze and troubleshoot issues with accessing systems, overall data privacy and security hygiene, as well as being a key privacy and security resource for our IT System Administrators and Account.Day to Day Work:• Support all Account and CLIENT Projects related to Data Privacy and Security aspects, as part of the Legacy Modernization Project Portfolio and business as usual efforts (BAU)• Coordinate the adoption of information security best practices throughout the CLIENT Account• Review and oversees patch management vulnerabilities to closure with the IT System Administrators, across platforms and operating systems. Escalations, as required• Review, capture and document IT and Security Risk. Document any exceptions, formally. Manages risks to closure and/or documented exceptions and follow through on managing exceptions to remediation deadlines• Support and manage ongoing security activities (access management, account reviews, vulnerabilities assessments, patch management, etc.)• Create, development and maintain Business Continuity Planning (BCP) and Disaster Recovery (DR) services to the Account. This includes both periodic testing and annual testing, including coordinating with the CLIENT• Create, development and maintain all documentation supporting Data Privacy and Security, as well as, HIPAA compliance including:• Privacy and Security Manual• System Security Plan (SSP)• IT Risk Management Plan• Security Incident Respond Plan• Other, as required• Conduct and oversee annual user access reviews with account business unit managers. Conduct monthly reviews of privileged, across all environments (Prod, Test, Dev, Staging, QA…)• Review and oversee policy compliance management and vulnerability reports for adherence to policy• Design and implement repeatable, efficient processes for Information Security operations• Supporting AWS or other Account or Client Migrations• Collaborate between technology and business teams to drive proper implementation of security controls and compliance requirements across the Account• Enhance cyber security awareness by promoting through employee awareness• Work with the onsite trainer to conduct HIPAA new hire training for new hires and transfers from non-healthcare accounts• Support and conduct full risk assessment every three years• Participate and represent data privacy and security on projects, team calls, and as required, to ensure security requirements are being achieved and in compliance with standards and policy• 24/7 availability for any emergencies including any privacy and security events reported by the SIEM SOC and 24/7 availability to address privacy and security incidents in general• All other data privacy and security functions, as required and subject to changeRequirements, Knowledge and Skills• Minimum of 6 years of combined experience in data privacy, information security, compliance and regulatory, technology audit, or a related field in Healthcare• Familiarity with the NIST Cybersecurity Framework• Knowledge of regulatory compliance requirements including HIPAA/HITECH, ISO, SSAE16 / SSAE18, Safe Harbor, and Data Privacy• Cloud migration experience is required• Experience with emphasis in information security and regulatory or other compliance management• Experience with technical risk management techniques• Experience with health care environments and compliance planning and implementation• Risk Management experience: demonstrated ability to link technical risk management practices to business needs• Knowledge and experience using and maintaining vulnerability management solutions• Able to communicate technical concepts between technical and non-technical stakeholders• Awareness and understanding of current security and cyber threat landscape• Team player, ability to work with people in a productive manner• Skilled in planning, problem solving, analysis, collaboration, and communication.• Excellent communication skills, written and verbal• Ability to influence and/or lead security-related business development activities• Strong Organizational Skills, ability to handle multiple high-pressure situations simultaneously• Excellent understanding of project management principlesDesired Skills and Experiences• Professional certification such as CISSP, CISA, GSEC, etc. or related Information Security certifications, highly desired• State agency healthcare experience highly desired• Experience with software development in a cloud environment highly desired• Knowledge of Client operations and methodologies a plusEducation• Bachelors or undergraduate degree in related area (Computer Science, Information Systems, or related technical discipline) or relevant equivalent combination of education and experience

Vacancy expired!


Report job