Information Security Analyst
Creating the best outcomes for our patients requires the right people. At Virginia Hospital Center, our staff exceeds expectations by performing at the top-level of the profession.
Virginia Hospital Center is a strong advocate for its employees and provides a true collaborative environment in which the healthcare team works closely together, bringing skill, experience and mutual respect to the task of providing superior medical care for our patients.
Reporting to the Chief Technology Officer / Information Security Officer, the Information Security Analyst, the position is a hands-on role that involves evaluating and enforcing network, systems and application security in all phases of the software life cycle. This position will work closely with our senior security engineer, network engineers, systems engineers, service desk and development teams, to define security best practices and support the identification and remediation of vulnerabilities throughout the organization. Will assist in the development, implementation, and monitoring of access control, data confidentiality, system integrity, system reliability, system audit, recovery methods and procedures. This position will also provide support in the monitoring of security logs and the daily operational support of firewalls, SIEM, network DLP, vulnerability scanning, enterprise full disk encryption, employee and vendor remote access management. The Information Security Analyst will directly work with the Sr. Information Security Analyst and will follow the lead of the Sr. Analyst in the projects and daily operational tasks.
Pay & Benefits: In addition to salary, the benefit package includes paid major holidays, vacation/sick time, health & dental insurance, and 401(k)
- BA or BS in Information Security, Information Assurance, Computer Science, or related field.
- Advanced degree desirable. CISSP, CISA, CCNA or other security/Network certifications
- Fours years of progressive experience in information security in addition to minimum of two years of networking/systems, or five+ years of experience in advanced networking and/or systems including experience with Internet technology and data security issues.
- Familiarity with IT Incident Response processes.
- Experience in health care IT and familiarity with HIPAA.
- Experience in CSIRT
- Prepare documentation, campus notifications, web content, alerts, and user training materials.
- Actively participate in the healthcare and general security community mailing lists, blogs, etc.
- Participate and execute IT Security projects; evaluate and implement new security technology solutions.
- Uses and maintains technology to evaluate overall risk, utilizing output from IDS, firewall logs, SIEM tools, and vulnerability scans.
- Conduct information security audit of departments as assigned and provide report to include gap analyses and possible alternatives and solutions.
- Assist with coordination of metrics designed to guide security decisions and allocation of security-related resources.
- Participate in information security operational and strategic procedures and processes, based on knowledge of best practices and compliance requirements.
- Monitor and advise on information security issues related to the systems and workflow at hospital to ensure that internal security controls for the institution are appropriate and operating as intended.
- Respond to information security incidents.
- Forensic analysis, as required, in support of investigations.
- Execution of institutional-wide data classification assessment and security assessments and manage remediation plans in support of risk assessment goals.
- Conduct security research in keeping abreast of latest security issues and technology solutions.
- Organize work and perform duties based on agreed-to schedules.
Apply on company website