Our client operates in the healthcare industry and is the leading vertically integrated national provider of bedside diagnostics services offering mobile x-ray, ultrasound, teleradiology and laboratory services to skilled nursing home, assisted living, home healthcare, hospice and correctional markets. Services are offered through a network of subsidiary companies, each with its own core specialty or specialties, many of which interact with and support each other. With a national platform currently servicing 1.5 million beds, our client provides tremendous reach in the market and possesses the potential to expand services far into adjacent markets.
The newly created IT Security and Risk Management Analyst role will reside Sparks, MD, Horsham, PA or Burbank, CA. This team member will contribute to security-related initiatives within the IT Security Risk Assessment, Third-Party Management, Vulnerability Management, Incident Management and Business Continuity programs as well as various other security initiatives supporting various service lines and business units. This role is set aside for a candidate who has a deep desire to learn, to grow and to produce.
• Serve as a key liaison between the IT Security & Risk Management and the business
• Responsible for identifying areas for improvement in IT control environments and identifying areas for automation and gained efficiencies in current controls
• GRC for SOX, HIPAA and other compliance frameworks
• Participate, drive, test, and advance Business Continuity and Disaster Recovery Plans
• Participate in the creation of enterprise security documents (policies, standards, baselines, guidelines and procedures) under the direction of IT Management
• Performs risk assessments and implementation of technical and non-technical countermeasures
• Provide recommendations for additional security solutions or enhancements to existing controls, to improve overall enterprise security.
• Participate and lead the Security Incident Response Team (SIRT) in the identification, containment, eradication, and resolution of security issues.
• Participate in the design and execution of vulnerability assessments, penetration tests and security audits.
• Actively contribute and manage a wide array of security projects
• Other duties as requested
The ideal candidate will have IT audit experience, business continuity experience and/or significant consulting experience relevant to this position.
• 2+ years of broad IT Risk Management experience in operations, incident response, business continuity, and IT audit support
• Previous HIPAA, SOX, SAS70/SSAE16 PCI compliance experience is preferred
• Experience in conducting IT risk assessments using an industry standard risk assessment framework (NIST, Octave, etc.)
• Knowledge of contemporary threat vectors, vulnerabilities, and remediation and mitigation techniques
• Strong proficiency in Microsoft Word, Excel, PowerPoint, and Access
• Working level knowledge of security information and event management (SIEM) and data loss prevention (DLP) tools and services
• Working level knowledge of vulnerability scanning tools like Nessus and Qualysguard
• Previous exposure to UNIX, RHEL, Microsoft Server platforms and MS network services
• Professional security certification such as CISSP, Security+, GISP/GIAC, CISA/CISM, CMBCP and ITIL certifications are a plus
• Proficient grammar, sentence structure and written communication skills
• Education: Bachelor’s Degree in Computer Science, Information Technology or similar
IT Security and Risk Management Analyst
$75,000 - $90,000+