Job Description

Overview

Our team members are the heart of what makes us better.

At Hackensack Meridian Health we help our patients live better, healthier lives \xe2\x80\x94 and we help one another to succeed. With a culture rooted in connection and collaboration, our employees are team members. Here, competitive benefits are just the beginning. It\xe2\x80\x99s also about how we support one another and how we show up for our community.

Together, we keep getting better - advancing our mission to transform healthcare and serve as a leader of positive change.

The Information Security Analyst II is responsible for maintaining the security and integrity of Hackensack Meridian Health (HMH) data, leveraging an in-depth understanding of cyber security threats, technologies, and countermeasures to ensure secure computer systems. Knowledge and experience with technology security issues across all platforms and across all business units to include networking, applications, Identity and Access Management, Operating systems, Cloud services, Email gateway, Privileged Access Management, Vulnerability management, Database Security, Data Loss Prevention, Endpoint Security and Software Development. Assists in safeguarding information system assets, data and all security risks. Assists in researching security controls, vulnerabilities, enterprise and cloud risks, and develops effective strategies and control measures to mitigate all security risks. Assists in reducing security threats by examining infrastructure, devices, processes, procedures and identifying security flaws, threat vectors, and using control analysis to follow up with a prompt solution. This is a mid-level technology-oriented position protecting the confidentiality, integrity, and availability of information systems and data of employees, partners, and patients.

This position is remote with an onsite requirement of 4x per year.

Responsibilities

A day in the life of a Information Security Analyst II with Hackensack Meridian Health includes:

• Intermediate knowledge of security architecture technology solutions such as firewalls, intrusion prevention systems, Security Information and Event Management (SIEM), vulnerability scanning and management, anti-virus management, certificate management, and data loss prevention (DLP).
• Responsible for executing processes within all activities within the security incident response lifecycle. These activities include detection, triage, analysis, containment, recovery and reporting.
• Remediate security risks and exposures, assists in determining the causes of security violations.
• Keep abreast of emerging threats, patterns, and trends in healthcare information security, privacy, and compliance.
• Fundamental skills and hands-on experience in the security domains as defined by the NIST Cyber Security Framework (CSF).
• Administer security software or systems to prevent attacks, monitor and audit systems and protect against network breaches.
• Interface with management and vendors to develop and implement new solutions to meet business requirements. Assist in reviewing proposed new systems, networks, and software designs for potential security risks; implement mitigation or countermeasures and resolve integration issues related to the implementation of new systems within the existing infrastructure.
• Monitor information security trends, standards and practices to assist in identifying areas that lack the appropriate security controls and make the necessary recommendations.
• Is consulted on, modifies, and maintains policy, process, procedure, standards, and training documentation relevant to supporting the various information security technologies used by the Information Security team.
• Install, implement, administer, monitor, and maintain security architecture technology solutions with supervision.
• Monitor network, systems, and logs for events that could negatively impact the confidentiality, integrity, or availability of HMH systems and data. Investigate and respond to all potential incidents in accordance with prescribed procedures.
• Facilitate periodic risk assessments, penetration tests, and vulnerability assessments and make security enhancement recommendations to management.
• Assist in developing techniques and procedures for conducting cyber security risk assessments and compliance audits, the evaluation and testing of hardware, firmware, and software for possible impact on system security.
• Research, evaluate and recommend information-security related hardware and software to maintain a strong security posture, including developing business cases for security investments.
• Other duties and/or projects as assigned.
• Adheres to HMH Organizational competencies and standards of behavior.

Qualifications

Education, Knowledge, Skills and Abilities Required:

• Bachelor\'s degree in IT, Computer Science, Management Information Systems, or equivalent degree. Work experience may be substituted.
• Minimum of 5 years of general IT experience with at least 3 years\' of that experience in IT security.
• Minimum of 3 years\' experience in an environment that has adopted a common security framework (CSF).
• Advanced knowledge of data loss prevention and governance, risk, and compliance (GRC) systems.
• Experience with security audit processes, evidence gathering, and development / management of plans used in resolution of findings.
• Knowledge of risk management processes, including steps and methods for assessing risk.
• Experience with translating technical concepts into business and capability terminology.
• Exceptional collaboration ability; experience as an intermediate-level negotiator.
• Ability to interact effectively with organizational senior leadership when needed.
• Demonstrated effective verbal and written communication and presentation skills.
• Ability to travel to other HMH locations as needed.

Education, Knowledge, Skills and Abilities Preferred:

• Proficient understanding of regulatory and compliance mandates, including but not limited to HIPAA, HITECH, and PCI.
• Strong knowledge of healthcare environments.
• Strong understanding of Information Security practices for the network, servers, databases, applications, and advanced use of Information Security assessment techniques.

Licenses and Certifications Preferred:

• Certified in at least one of the following: a. Certified Information Systems Security Professional (CISSP) b. Certified Information Systems Auditor (CISA) c. Certified Security+ | CompTIA d. Global Information Assurance Certification (GIAC) e. Or other related IT security certification

If you feel that the above description speaks directly to your strengths and capabilities, then please apply today!

Hackensack Meridian Health