POSITION SUMMARY
The Security Analyst is responsible for ensuring the security of all information systems and technology functions at MNCM. This position involves monitoring, analyzing, and responding to security threats, and implementing measures to safeguard the organization's data and IT infrastructure. The Security Analyst will work closely with internal and external stakeholders to assess risks, develop security protocols, and ensure compliance with state, federal, and industry regulations, including SOC 2, HIPAA, and HITECH.
ESSENTIAL FUNCTIONS
Security Management
- Threat Monitoring and Analysis: Continuously monitor security alerts, logs, and events using SIEM tools to detect and respond to security incidents in real-time. Analyze security incidents to determine root causes and implement measures to prevent recurrence.
- Incident Response: Develop and implement incident response plans, lead incident response activities, and conduct post-incident analysis to identify improvements.
- Policy Development: Create, review, and update security policies, procedures, and guidelines to ensure compliance with current best practices and regulatory requirements.
- Risk Assessment: Conduct regular risk assessments to identify vulnerabilities, evaluate potential impacts, and recommend mitigation strategies.
- Compliance Management: Ensure that all security measures align with SOC 2, HIPAA, HITECH, and other relevant standards. Prepare for and participate in compliance audits.
- Security Training and Awareness: Develop and deliver training programs to educate employees on security policies, procedures, and best practices to foster a security-aware culture.
- Access Control: Manage and oversee access control systems, ensuring that user permissions are appropriately assigned and regularly reviewed. Conduct regular user access reviews to ensure that access levels are appropriate and aligned with job responsibilities.
- Incident Documentation: Maintain detailed records of security incidents, actions taken, and outcomes to support continuous improvement and regulatory reporting
Operational Support
- Technical Support: Provide technical assistance for security-related issues, including troubleshooting security incidents and supporting the implementation of security solutions.
- Security Tools Management: Configure, manage, and maintain security tools such as firewalls, intrusion detection/prevention systems (IDS/IPS), antivirus software, and encryption technologies.
- System Hardening: Implement and manage system hardening procedures to protect critical systems from attacks, including patch management and secure configuration practices.
- Network Security: Monitor and secure the organization's network infrastructure, including VPNs and remote access solutions.
- Data Protection: Implement and manage data loss prevention (DLP) solutions to protect sensitive data from unauthorized access and exfiltration.
- Vendor Management: Work with third-party vendors to evaluate, implement, and manage security products and services, ensuring they meet the organization's security requirements.
- Audit and Compliance Support: Assist in the preparation and execution of internal and external security audits, ensuring that all findings are addressed and remediated promptly.
Strategy and Planning
- Security Strategy Development: Collaborate with the Vice President of Technology, vCISO, and other stakeholders to develop a comprehensive security strategy that aligns with the organization's goals and objectives.
- Emerging Threats and Trends: Stay informed about current and emerging security threats, vulnerabilities, and trends. Provide insights and recommendations to enhance the organization's security posture.
- Budget Planning: Assist in the development of the security budget, including identifying and prioritizing security initiatives and investments.
- Technology Roadmaps: Contribute to the creation of technology roadmaps that outline the implementation and integration of security technologies and practices.
- Business Continuity Planning: Collaborate with business units to develop and maintain business continuity and disaster recovery plans, ensuring that security considerations are integrated.
- Stakeholder Engagement: Engage with internal and external stakeholders to understand their security needs, provide guidance, and promote security initiatives.
Compliance and Reporting
- Prepare and present regular reports on security metrics, incidents, and compliance status to executive management.
- Monitor contracts with security vendors and service providers to ensure compliance with contract terms and maximize value for MNCM .
POSITION REQUIREMENTS
- Bachelor’s degree in computer science, Information Security, or a related field, or equivalent work experience.
- 3+ years of experience in information security, preferably within the healthcare industry.
- Strong understanding of security frameworks and standards, such as SOC 2, HIPAA, HiTrust, HITECH, and ISO 27001/27701.
- Experience with security tools and technologies, including SIEM, firewalls, IDS/IPS, vulnerability management and endpoint protection.
- Excellent analytical, problem-solving, and communication skills. Ability to work independently and collaboratively in a fast-paced environment.