Cybersecurity Infosec Analyst II

LOCATION: CORP OFFICE – PHX GAT

FACILITY: CORP OFFICE – PHX GAT

DEPARTMENT: IT Security

SHIFT: 8HOUR, Day

EMPLOYMENT TYPE: Full Time

HRS PER PAY PERIOD: 80

JOB SUMMARY

This position will work with the GRC Cybersecurity risk management team to identify and report to Dignity Health leadership on the identification, assessment and monitoring of significant Cybersecurity vulnerability risks impacting the enterprise. Under the guidance of the GRC Compliance and Vulnerability Manager,

  • performs scheduled and Ad Hoc regulatory and Cybersecurity vulnerability risk assessments according to the risk assessment plan, identifies and prioritizes threats and vulnerabilities, considers existing controls, and evaluates the sufficiency of information provided by application/system/risk owners, obtains additional information if needed.
  • Provides Cybersecurity leadership with vulnerability and threat response recommendations.
  • Works with risk owners to develop the appropriate threat response, assists with remediation or mitigation plans, and monitors progress against those remediation/mitigation plans.
  • Processes Information Security, Identity Management access requests and/or operational incident tickets of medium complexity.
  • Follows established process for common requests and issues.
  • Performs intermediate operational and trouble-shooting tasks related to access control, provisioning requests, network & endpoint-security-systems, and/or Security Risk Management processes.
  • Proactively identifies and escalates incidents and operational performance concerns.
  • Provides assistance and support as requested to Security Engineering, IDM Engineering, Network Engineering, and/or the ISIRT SOC.

ESSENTIAL FUNCTIONS

  • Work independently and as part of team to conduct Ad Hoc and scheduled vulnerability assessments as assigned, identifying and applying the appropriate methodology.
    • Assists in vulnerability Ad-Hoc scans and other vulnerability operational assignments.
    • Analyze and condense vulnerability data in various forms such as .PDF and MS Excel.
    • Provide remediation options and guidance to teams inside and outside of IT and Security.
    • Experience with vulnerability risk ranking.
    • Operational tasks include

◦Requests for Existing Vulnerability Data
◦Requests for creation of asset groups
◦Requests for changes to asset groups
◦Running ad hoc reports in Rapid7
◦Scheduling recurring reports in Rapid7
◦Answering questions sent via e-mail, IM and Phone (customer service)
◦Audit Support

  • Assist in managing Cybersecurity risk register
    • Prepare content for vulnerability reports, metrics and presentations for a variety of audiences, using both technical and non-technical language.
    • Manage workload, prioritizing tasks and documenting time, and other duties as directed by management.
    • Assists in Continual Service Improvement efforts by identifying opportunities for process improvement. Drives some process improvement efforts.
    • Participate in the collection and documentation of departmental knowledge artifacts.
    • Provide assistance and support to the Compliance and Vulnerability Manager.
    • Assist in developing vulnerability risk management processes and tools.
    • Participate in annual and quarterly Compliance and Vulnerability Management Initiatives.

    • Provides assistance and support as requested to Security Engineering, IDM Engineering, Network Engineering, Security Risk Management and/or Information Security Ops.
    • Proactively identifies and escalates incidents as well as operational performance concerns.
    • Manage workload, prioritizing tasks and documenting time, and other duties as directed by management.
    • Assists in Continual Service Improvement efforts by identifying opportunities for process improvement. Drives some process improvement efforts.
    • Pursue continuing education to grow and maintain knowledge of best practices, compliance requirements, threats and trends in information security, translating into operational action items, policies, procedures, standards and guidelines as part of the IT Security team
    • Act as a security advocate for IT operations team’s adherence to Dignity Health policies and industry best practices.
    • Participate in the collection and documentation of departmental knowledge artifacts, participant in the development and population of knowledge management and collaboration systems for the IT Security team.
    • Communicates technical information to team members and across the IT Organization.
    • Assists Management in identifying knowledge gaps and providing training to Analysts and Technicians in the IT Security Organization as directed.
    • Assists in development of training material.

    SPECIFICATIONS

    Experience:
    1-2 years’ experience in related job area (IT support, information security, identity/access management, IT Audit, forensics/eDiscovery) required
    2-4 years’ experience in programing or system/network operations and administration preferred.
    Experience in Windows Office (Work, Excel, etc.) Intermediate experience in Microsoft Excel required.
    Experience in UNIX/Linux OS and/or Cisco IOS preferred.

    Education:
    Bachelor’s Degree in Computer Science, Information Security, Information Systems, or related field, or equivalent professional experience required.

    Training:
    One or more relevant technical/professional security certifications (such as: COMP-TIA Network+ , Security+, SANS GIAC, CISSP, CRISC, CISA, or vendor-specific)) required.

    Special Skills:
    Functional understanding of regulatory and compliance mandates, including but not limited to HIPAA, HITECH, PCI, Sarbanes-Oxley preferred.
    Knowledge of healthcare environments preferred.
    3-4 years’ experience in IT/Cybersecurity role (e.g. Vulnerability Management, Incident Response, System Administrator, etc.) required.
    1-2 years’ experience with vulnerability management – required
    Strong analytical skills required.
    Experience with Nexpose (Rapid7) or other Vulnerability Scanning Tool(s) – preferred
    Experience providing a high level customer facing service and support.
    5-7 years in security risk, information security, audit, compliance, or privacy.
    Familiarity with the NIST Risk Management Framework.
    Understanding of Common Vulnerability Scoring System (CVSS)
    Healthcare experience preferred.
    Basic understanding of HIPAA and/or PCI-DSS. Knowledge of privacy principles and state and federal privacy laws helpful.

 

#LI-DH

About Us

Hello Humankindness

About Dignity Health

Dignity Health, one of the nation’s largest health care systems, is a 21-state network of 9,000 physicians, 59,000 employees, and more than 400 care centers, including hospitals, urgent and occupational care, imaging centers, home health, and primary care clinics. Headquartered in San Francisco, Dignity Health is dedicated to providing compassionate, high-quality, and affordable patient-centered care with special attention to the poor and underserved. In FY15, Dignity Health provided $1.7 billion in charitable care and services. For more information, please visit our website at www.dignityhealth.org. You can also follow us on Twitter and Facebook.

 

Equal Opportunity

Dignity Health is an Equal Opportunity / Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or protected Veteran status. For more information about your EEO rights as an applicant,