Under general supervision of the Supervisor of Network Security the IT Security & Compliance Specialist monitors and responds to IT security incidents and communicates unresolved security exposures, misuse, or noncompliance to appropriate Alliance staff. The position will also ensure IT security complies with federal, state, regulatory, customer and industry requirements, participates in investigations of suspected information security misuse, and analyzes application security needs based on the sensitivity or proprietary nature of the data and ensuring that all systems are utilized for Alliance-approved purposes only.
This position will allow the successful candidate to work a schedule which will include both onsite as well as remote work certain days of the week as approved by their supervisor.
Responsibilities & Duties
Monitor, Investigate, and Remediate cyber security incidents
Monitor computer networks for security issues.
Review system alerts and logs
Investigate IT security and other cyber security incidents
Identify and mitigate network vulnerabilities and communicate how to avoid them
Remediate detected vulnerabilities to maintain a high-security standards
Assist in the development of improved security measures and operate software to protect systems and information infrastructure
Document security incidents, assess the severity, and report on remediation
Perform scheduled maintenance audit checklist to include Security Systems (IDS, Firewalls, VPN), Anti-Malware Systems, Email Security, Log management, UBA, User account management, password management and endpoint management
Deploy security patches
Perform system security testing
Perform tests to uncover network vulnerabilities and remediate
Assist in developing IT security best practices
Research security enhancements and make recommendations to management
Assist in Development of company-wide best practices for IT security
Assist in Audits
Assist in providing and maintaining evidence for security, state, financial and compliance audits
Assist IT Personnel with security management
Provide resource assistance in the implementation of security best practices for business continuity planning, risk management, and disaster planning to senior level management and IT specialists to assist agency's development and maintenance of appropriate business continuity, risk management, and disaster plans
Assist colleagues with installs of security software and understanding information security management
Provide Tier 2 support
Minimum Education & Experience required
Graduation from a community College or Technical School in an information technology related field and four (4) or more years of progressively responsible work experience in an information systems department, preferably in a healthcare or managed care environment which provided the opportunity to gain the knowledge and skills required to perform the duties of the position.
OR
Bachelors Degree from an accredited college or university in an information technology related field and two (2) or more years of progressively responsible work experience in an information systems department and network security, preferably in healthcare or managed care, which provided the opportunity to gain the knowledge and skills required to perform the duties of the position.
Knowledge, Skills, and Abilities
Extensive knowledge of security program development and management
Extensive technical knowledge of mainstream operating systems and a wide range of security technologies, such as network security appliances, identity and access management systems, cryptography, anti-malware solutions, automated policy compliance, and desktop security tools
Extensive knowledge of needs assessments development and preparation of administrative reports
Extensive knowledge of Cybersecurity risk and mitigation strategies
Substantial knowledge in developing, documenting, and maintaining security policies, processes, and procedures and standards, strategic planning, implementation, and maintenance of information security programs
Substantial knowledge of technical, substantive, and methodological issues and theories to direct technical staff
Knowledge of and experience with computer network vulnerability testing and techniques
Knowledge of HIPAA Administrative, Physical and Technical requirements
Knowledge of and experience with firewalls, proxies, SIEM, antivirus, and IDPS concepts
Knowledge of and experience with patch management with the ability to deploy patches in a timely manner while understanding business impact
Skilled in the use of SharePoint, MS Word, Excel, PowerPoint, Outlook, and other productivity software
Ability to provide security expertise and consulting
Ability to plan, implement, and maintain strategic information security program inclusive of information security policies, regulations, standards, and procedures
Ability to provide technical support and leadership on complex projects
Ability to integrate other work specialties to achieve solutions to problems of high complexity
Ability to recommend information technology security and privacy solutions to address complex and emerging information security and privacy issues
Ability to work with network/system controls by understanding network architecture tiers and incorporate these principles into proposed system designs
Ability to provide information security solutions to reduce information security and privacy risks
Ability to provide security best practice recommendations as required by federal and state regulatory requirements
Ability to provide security expertise and consulting to committees, boards, and lower-level technical analyst/specialist on a regular basis and to design information security awareness training programs
Ability to provide guidance to legal, risk management, audit, compliance, and external entities on the resolution of information security issues
Salary Range
$61,945.18to$106,637.02/Annually
Education
Preferred
Associates or better in Information Systems Technology
See job description
