IS Analyst Security III
SummaryThe IS Analyst Security III is responsible for multiple day-to-day security tasks and various information security projects as part of supporting the organization's information security needs. Day-to-day tasks include incident response, evaluation of requests for security changes, and monitoring of various security devices and audit logs. Responsibilities also involve providing ongoing support and counsel to IT staff and end users on a variety of security issues, and ensuring that Denver Health's security policy and procedures are adhered to.Essential Duties and Responsibilities1.In collaboration with infrastructure application teams and external department system administrators, implements and monitors organizational IT security policies and procedures, ensuring technical controls are enforced.2.Works with IT department managers and staff to ensure security issues are addressed as new equipment, facilities, systems, and software are installed.3.Develops processes for routine and requested internal audits of systems, applications, and data access including tools and techniques used to conduct audits.4.Conducts or coordinates audits on predefined schedule and when an audit is requested or indicated as part of an investigation.5.Documents audit findings and follows-up on access irregularities.6.Follows procedures and industry best practices for reporting and investigating IT related security incidents.7.Investigates and documents all reported or suspected security incidents. Maintains documentation of investigations and provides reports to the IT Director of Information Security.8.Recommends implementation of corrective actions needed to mitigate security vulnerabilities.9.In coordination with Network/Server and Applications, develops procedures and technical controls to monitor appropriate administrator, end-user, vendor, and remote access to the Denver Health network, and IT systems.10.Investigates alerts to ensure that information is not altered or lost during storage, or transmission.11.Collaborates with the Project Management Office (PMO) on initiatives involving the IT Security program.12.Provide monthly metrics to the CISO and the IT Director of Information Security by the 3rdbusiness day of each month.13.Monitor and respond to help desk tickets within the documented Service Level Agreements (SLA).14.Maintain current documentation for all procedures and applications currently in use.15.Respond to all on-call notifications within required documented SLA's.16.Responsible for periodically updating management, via written or verbal reports, on all issues, concerns, or problems related to the IT Security program.17.Monitors changes to applicable laws, industry standards, and regulatory or accreditation requirements, and incorporates requirements into the organization's IT Security program.18.Plans and organizes time effectively. Integrate priority changes into work plans. Anticipates resource needs and plans accordingly.19.Other duties as assigned.Minimum QualificationsEducation and Experience1.Bachelor's degree required or a minimum of 8-10 years of IT experience2.A minimum of four years' experience in operational IT security3.Must have a CISSP and/or GIAC certificationKnowledge, Skills and Abilities1.Familiarity with regulations and compliance issues, preferably within the healthcare industry2.Demonstratedability to drive multiple requirements across systems, users, and workflows3.Demonstratedability to communicate with technical and non-technical stakeholders across the organization4.Expert level knowledge of IT Security tools and solutions5.Demonstrated ability to recognize and respond to alerts or other behaviors to quickly detect and mitigate potential threats6.Demonstrated ability to mentor, educate, and train other team membersComputers and Technology1.Familiarity with advanced networking concepts (i.e., TCP/IP)2.Strong understanding of Microsoft Windows desktop and server operating systems3.Familiarity with Linux operating systems4.Advanced knowledge of Web Security Solutions5.Advanced knowledge E-Mail Security Solutions6.Advanced knowledge of Security Incident Event Management (SIEM) systems7.Advanced knowledge of Vulnerability Management8.Advanced knowledge of security architecture including NIST, OWASP, etc.Certificates, Licenses and Registration1.Either Certified Information System Security Professional (CISSP) or Global Information Assurance Certifications (GIAC) required.Supervisory ResponsibilitiesThis position has no supervisory responsibilitiesLocationConversionShiftDaysWork TypeFull time Salary:$93,000.00 - $139,600.00/yrAll job applicants for safety-sensitive positions must pass a pre-employment drug test, once a conditional offer of employment has been made.Denver Health is an integrated, high-quality academic health care system considered a model for the nation that includes a Level I Trauma Center, a 555-bed acute care medical center, Denver's 911 emergency medical response system, 10 family health centers, 18 school-based health centers, Rocky Mountain Poison and Safety, a Public Health department, an HMO and The Denver Health Foundation.As Colorado's primary, and essential, safety-net institution, Denver Health is a mission-driven organization that has provided billions in uncompensated care for the uninsured. Denver Health is viewed as an Anchor Institution for the community, focusing on hiring and purchasing locally as applicable, serving as a pillar for community needs, and caring for more than 185,000 individuals and 67,000 children a year.Located near downtown Denver, Denver Health is just minutes away from many of the cultural and recreational activities Denver has to offer.We strongly support diversity in the workforce and Denver Health is an equal opportunity employer (EOE).Denver Health is committed to provide equal treatment and equal employment opportunities to all applicants and employees. As an EOE, Denver Health does not discriminate against any employee or applicant for employment because of race, color, sex, age, national origin, religion, sexual orientation, gender identity, status as a veteran, and basis of disability or any other federal, state or local protected class.