- Job Description
- The Information Security Analyst is responsible for monitoring the information security environment identifying and responding to potential risks and if necessary, mitigating those risks. In addition, the Security Analyst is responsible for provisioning system access within Stamford Health System (SHS) and for ensure appropriate access to the network and software applications are being granted through role base access. They are responsible for user provisioning, working with IS peers on defining role based access, security policy enforcement and auditing for security and HIPAA compliance. The Security Analyst must also be familiar with the Active Directory, forensics investigation, general application functionality, penetration testing, data transfer processes and security regulations. Duties also include the maintenance of healthcare applications and investigation, resolution and notification of issues escalated through Help Desk tickets.
Full Time – Monday – Friday 8:30am – 4:30pm
MAJOR ACCOUNTABILITIES/CRITICAL RESPONSIBILITIES:
- Review and approve lenge security access approval requests as requested by our user base, including firewall change requests and administrator access.
- Perform routine security monitoring tasks for Active Directory, network and firewalls; provide first response to security alerts performing analysis and if possible, a resolution. Escalate to Security Administrator as needed.
- Monitor information security tools such as HP ArcSight McAfee EPO, Symantec PGP, SolarWinds, Citrix’s MDM and Active Directory responding to and resolving alerts. Escalate to Security Administrator as needed.
- Configure Citrix’s MDM tool on employee’s mobile devices. Reviewing PDA policy with employee, pointing out relevant items to note.
- Create, manage and delete user accounts for multiple systems in accordance with existing on-boarding and off-boarding procedures.
- Performs control and vulnerability assessments to identify control weaknesses and assess the effectiveness of existing controls, and recommends remedial action. Researches and assesses new threats and security alerts and recommends remedial
- Provides system access validation and user provisioning on a daily basis. In this role, it is important to ensure that account access is granted based on appropriate approval and removed timely when individuals separate from the organization.
- Act as primary resource for conducting monthly reviews of terminations and with the coordination of Human Resources to notify supervisors of their non-compliant managers. Suspend accounts that remain inactive beyond thirty days. Perform HIPAA audits in conjunction with the Privacy Officer to validate appropriate access to Protected Health Information on both random patients as well as VIP patients.
- Develop and maintain role based access templates for all applications for each job title/function.
- Assist Security Administrator with the creation and maintenance of security policies and procedures in order to adhere to federal regulations and adopt best practices. Perform routine and random audits to ensure compliance and enforce policies.
- Works effectively as part of a team in resolving security related issues escalated through the Help Desk in a timely manner. Investigates, tests, solves problems with user’s application access rights. Provides high level of customer service and appropriate coverage off-hours for critical problems. Actively participates in the process of identifying service issues with the outsourced Help Desk and recommending solutions.
- Required Skills
Bachelor’s degree, or equivalent technical training, willing to train a new grad with little to no experince.
Experience with Microsoft 2003 Active Directory Services.
- Experience with Windows 2003 server OS
- Knowledge of forensic tools
- Experience with conducting penetration testing
- Knowledge of intrusion detection and prevention technologies
- Knowledge of Microsoft Windows 7 desktop, and Server 2003 / 2008 operating system troubleshooting and problem diagnosis.
- Effective documentation skills are essential.
– Analyze and resolve software issues associated with system access.
– Interact professionally with client community and be committed, helpful, responsive and effective in supporting healthcare applications and activities.
– Ensure the integrity of all Stamford Health System information and maintain confidentiality of all hospital, employee, and patient information.
– Assist with special projects and/or tasks as assigned.
– Provide administrative reports as required, periodic updates on activities and updates on user or management inquiries.
– Further the Mission and Philosophy of Stamford Health System by treating all daily contacts with respect, courtesy and patience.
- Job Location
- Stamford, Connecticut, United States
- Position Type