Cyber Security Analyst II
The Cyber Security Analyst II – GRC (Governance, Risk and Compliance) is responsible for conducting risk assessments of enterprise-wide systems, applications, network and network connected devices to ensure compliance with the implementation and maintenance of controls mandated by the security policy and standards. The role requires partnership with IT, business owners, and third parties towards implementing a safe and secure solution. This position is intended to provide highly skilled compliance and information security expertise for assessing the compliance and risk posture related to its information assets. It also requires the support of cyber security initiatives through predictive and reactive analysis, articulating emerging trends to leadership and staff.
· Performs risk assessments of information computing assets and business processes to identify information security risks and regulatory non-compliance, and support remediation efforts
· Ensures that risk assessments are conducted promptly with required completeness and accuracy
- Provides strong customer service with third parties to cultivate relationship and ease of doing business
- Provides guidance and support to IT and business to ensure continued compliance
- Participates in projects to identify and validate critical controls to address IT and business risks and identified deficiencies
- Provides support with Issue, Exception, and Incident Management, as needed
- Participates in the creation and update of policies, procedures and standards to assure they are managed to support security, compliance and regulatory requirements
- Endorses and supports a compliance culture
- Promotes security awareness to the enterprise to reinforce workforce education on security standards, policies and best practices
- Maintains familiarity with HIPAA and other Information Security regulations
· At least five years’ experience in an information security function
· 3+ years’ solid understanding of Cyber Security & IT controls, network / systems / application penetration testing and vulnerability assessments.
· Experience with NIST and ISO frameworks. Solid knowledge of HIPAA, HITECH, FERPA, and other IT security governing bodies.
OTHER FUNCTIONS AND COMPETENCIES:
· Ability to multi-task, a keen eye for detail, strong organizational skills, the ability to thrive in fast-paced, high-stress situations,
· Ability to communicate cyber security issues to peers and management via oral and written format.
· Active team player in cyber security projects
· Effective interaction skills in both oral and written communication
· General concept and knowledge of Issue, Exception and Incident Management
· Supports other information security operations as required
· Bachelor’s degree in an information technology field preferred
CERTIFICATES, LICENSES, AND REGISTRATION:
· At least one information security certification, such as a SSCP, CISA, CISM, CISSP, CRISC, or professional certificate is required. ISACA certification is preferred.
Medasource provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, national origin, age, sex, citizenship, disability, genetic information, gender, sexual orientation, gender identity, marital status, amnesty or status as a covered veteran in accordance with applicable federal, state, and local laws.