Overview:
Our team members are the heart of what makes us better.
At Hackensack Meridian
Health we help our patients live better, healthier lives — and we help one another to succeed. With a culture rooted in connection and collaboration, our employees are team members. Here, competitive benefits are just the beginning. It’s also about how we support one another and how we show up for our community.
Together, we keep getting better - advancing our mission to transform healthcare and serve as a leader of positive change.
The
Information Security Analyst III - Security Operations is responsible for maintaining the security and integrity of Hackensack Meridian Health (HMH) data, leveraging an in-depth understanding of cyber security threats, technologies, and countermeasures to ensure secure computer systems. Knowledge and experience with technology security issues across all platforms and across all business units to include networking, applications, Identity and Access Management, Operating systems, Cloud services, Email gateway, Privileged Access Management, Vulnerability management, Database Security, Data Loss Prevention, Endpoint Security and Software Development. Assists in safeguarding information system assets, data and all security risks. Assists in researching security controls, vulnerabilities, enterprise and cloud risks, and develops effective strategies and control measures to mitigate all security risks. Assists in reducing security threats by examining infrastructure, devices, processes, procedures and identifying security flaws, threat vectors, and using control analysis to follow up with a prompt solution. This is a mid-level technology-oriented position protecting the confidentiality, integrity, and availability of information systems and data of employees, partners, and patients.
Responsibilities:
A day in the life of a
Information Security Analyst III - Security Operations at Hackensack Meridian Health includes:
- Demonstrate an in-depth understanding of business processes and risk management in areas such as cyber security, cloud security, cloud governance and compliance, DevOps, cloud data protection, cloud monitoring and incident response, enterprise security architecture, and technology risk management, and others.
- Oversee planning, design, implementation, testing, and operation of cyber security tools, processes, and systems.
- Identify and evaluate complex business and technology risks and remediation methods to mitigate risks.
- Advanced knowledge of security architecture technology solutions such as firewalls, intrusion prevention systems, Security Information and Event Management (SIEM), vulnerability scanning and management, anti-virus management, certificate management, and data loss prevention (DLP).
- Responsible for executing processes within all activities within the security incident response lifecycle. These activities include detection, triage, analysis, containment, recovery, and reporting.
- Remediate security risks and exposures, assists in determining the causes of security violations.
- Keep abreast of emerging threats, patterns, and trends in healthcare information security, privacy, and compliance.
- Advanced skills and hands-on experience in the security domains as defined by the NIST Cyber Security Framework (CSF).
- Administer security software or systems to prevent attacks, monitor and audit systems and protect against network breaches.
- Manage relationships with management and vendors to develop and implement new solutions to meet business requirements. Assist in reviewing proposed new systems, networks, and software designs for potential security risks; implement mitigation or countermeasures and resolve integration issues related to the implementation of new systems within the existing infrastructure.
- Monitor information security trends, standards, and practices to assist in identifying areas that lack the appropriate security controls and make the necessary recommendations.
- Install, implement, administer, monitor, and maintain security architecture technology solutions with limited supervision.
- Monitor network, systems, and logs for events that could negatively impact the confidentiality, integrity, or availability of HMH systems and data. Investigate and respond to all potential incidents in accordance with prescribed procedures.
- Research, evaluate and recommend information-security related hardware and software to maintain a strong security posture, including developing business cases for security investments.
- Other duties and/or projects as assigned.
- Adheres to HMH Organizational competencies and standards of behavior.
Qualifications:
Education, Knowledge, Skills and Abilities Required:
- Bachelor's degree in IT, Computer Science, Management Information Systems, or equivalent degree. Work experience may be substituted.
- Minimum of 7 years of general IT experience with at least 5 years' of that experience in IT security.
- Minimum of 5 years' experience in an environment that has adopted a common security framework (CSF).
- Experience with security tools such IPS, SIEM, Web Secure Gateway, Email Gateway, DLP, Firewalls (network and application), Malware Protection, MDM, Forensic Tools, etc.
- Demonstrated experience translating technical concepts into business and capability terminology.
- Exceptional collaboration ability; experience as an intermediate-level negotiator.
- Experience to interact effectively with organizational senior leadership.
- Demonstrated effective verbal and written communication and presentation skills.
- Ability to travel to other HMH locations as needed.
Education, Knowledge, Skills and Abilities Preferred:
- Proficient understanding of regulatory and compliance mandates, including but not limited to HIPAA, HITECH, and PCI.
- Strong knowledge of healthcare environments.
- In-depth understanding of Information Security practices for the network, servers, databases, applications, and advanced use of Information Security assessment techniques.
- Broad understanding of Public Key Infrastructure (PKI), encryption, network security controls tools and functionalities.
Licenses and Certifications Required:
- Certified in at least one of the following at hire or must obtain within 1 year of hire: a. Certified Information Systems Security Professional (CISSP) b. Certified Information Systems Auditor (CISA) c. Certified Security+ | CompTIA d. Global Information Assurance Certification (GIAC) e. Or other related IT security certification
Licenses and Certifications Preferred:
- Certified in at least one of the following: a. Risk and Information Systems Control (CRISC) b. Governance of Enterprise IT (CGEIT) c. Or related IT certification
If you feel that the above description speaks directly to your strengths and capabilities, then please apply today!