MAP Health Management Senior Information Security Analyst in Austin, Texas
The Senior Information Security Analyst is primarily responsible for working with IT, internal departments, customers like treatment centers and payers and users to ensure the confidentiality, integrity, and availability of data, systems, information and associated physical or intellectual assets according to HIPAA, PCI DSS, TJC privacy and information security standards or guidelines.
• Create and execute an Information Security Plan to include applicable corporate and department policies, standards, processes, procedures and guidelines. • Work with Managed Services team members to develop and maintain a secure information environment through numerous activities. • Remain current on security technology and trends awareness, security threat and vulnerability awareness, policy and procedure development and maintenance, risk assessments, security control definition and implementation, access and provisioning management of users/user-IDs in a role-based environment, usage monitoring and applicable security incident management per defined company policies and procedures. • Work collaboratively across MAP to ensure that there is a coordinated, integrated approach to managing aspects of information security contributing to organization wide security and privacy committee/efforts as applicable. • Work collaboratively to promote and coordinate information security audits and risk assessment for customers. • Participate in the company’s goal for getting SOC2 and HITRUST compliance. • Implement and maintain Single Sign On solution for the organization and continuously improve security controls in the Application development and Reporting/Analytics areas • Conduct and/or assist on related audits of information security to comply with regulatory requirements and the reporting on and remediation of findings for management understanding. • Develop appropriate metrics for reporting on the effectiveness of information security policies and solutions using best practices. • Ensure education and awareness of end users externally or internally to MAP regarding information security, policies and procedures.
KNOWLEDGE, SKILLS, AND ABILITIES
• Bachelor’s Degree in Computer Science, Information Systems or Engineering or related major required. • 5 - 7 years’ experience in Information Security required. • 3 - 5 years’ experience in Healthcare field / information systems environments preferred. • Prefer candidates with the following experience: technologies, regulations, policies & procedures, security controls, security activities & tasks, security audits & reports, assessment & training, internal metrics & reports, education awareness. The following technologies will be a plus for candidates: ◦ Rapid7 and Rapid7 Logentries and Rapid 7 Managed Services for Logging of critical events and Vulnerability Management (or related application(s)) ◦ Meraki home Z1 and Meraki (Cisco) for End point security, Anti-virus, Web Application Firewall (or related application(s)) ◦ Mimecast for secure email (or related application(s))
• Experience with Cloud security and technologies especially Amazon Web Services is a MUST • Hands On application development experience will be a huge plus-especially Java background • Experience with implementing Single Sign On with SAML, Oauth2 protocols using Okta, Ping Federate • License, Registration and/or Certification: Any of Security entry-level certifications: Security+, Network+ and/or GIAC Security Essentials is required. • Having certification inn CCNA or MCSE; CHP, CSCS, HISPP, or CISSP; CISA or CISM is preferred. • Must possess strong analytical, multitasking and organizational skills; strong time-management skills; strong process improvement skills; strong initiative; proficiency with Microsoft Office (Word, Excel, PowerPoint, Visio); and excellent verbal & written communication skills.