IT Security Analyst

IT Security Analyst**Job Code**:
30000747

**Basic Function**:
The IT Security Analyst supports IT Department, JHAH IT leads, cloud environment, business lines and employees with governance, compliance and communication of JHAH's information security policies, procedures and standards. The IT Security Analyst functions as the focal point for information security compliance activities.

**Scope**:
**Principal Contacts**:
JHAH IT Leads, Team members, Supervisors and JHAH managers and administrators..

**Principal Duties**:

- Monitor and assess JHAH business continuity program and disaster recovery program;
- Develop policies and procedures which enable agreed upon best security practices in the organization;
- Coordinate and administer documentation for security processes and procedures for the department and company;
- Maintain oversight of the compliance management program;
- Enforce standards responding promptly to detect offenses, developing corrective action;
- Coordinate responses to information security incidents;
- Coordinate and execute IT security projects; and
- Conduct company-wide data classification assessment and security audits and manage remediation plans.

**Additional Duties, as may be required**
- Responsible for determining security requirements by evaluating business strategies and requirements; researching information security standards; conducting system security and vulnerability analyses and risk assessments; studying architecture/platform; identifying integration issues; preparing cost estimates.
- Responsible for planning security systems by evaluating network and security technologies; developing requirements for Applications, local area networks (LANs), wide area networks (WANs), virtual private networks (VPNs), routers, firewalls, and related security and network devices; designs public key infrastructures (PKIs), including use of certification authorities (CAs) and digital signatures as well as hardware and software; adhering to industry standards.
- Responsible for maintaining security by monitoring and ensuring compliance to standards, policies, and procedures; conducting incident response analyses; developing and conducting training programs.
- Responsible for monitoring the security environment; identifying security gaps; evaluating and implementing enhancements
- Design of overarching global security framework, operating model and strategy including related policies and processes
- Implement IT Security policies in accordance with applicable laws, standards and regulations
- Communicate framework, strategy and policies to all relevant internal and external parties

**Education**:
Bachelor’s degree in a Computing/IT field.

**Experience**:

- Minimum 5 years of experience with exposure to general system administration;
- Experience and knowledge in securing technical platforms;
- Experience and knowledge of IT systems/data security as it relates to the cloud environment;
- Understanding of regulations and best practices for technical deployments in a cloud/datacenter environment and healthcare industry;
- Experience and knowledge in secure server and workstation deployment and support

**Certifications/Other requirements as applicable**:

- Security Certifications such as Security+, CISSP, GIAC, and others are desirable;
- Knowledge of information security standards (e.g., ISO 27001/27002, etc.), rules and regulations related to information security and data confidentiality (e.g., HIPAA, HITECH, HITRUST, Etc.);
- Healthcare IT experience is a plus;
- Excellent troubleshooting skills, SAP skills desirable; and
- This position requires some weekend and evening assignments as well as availability during off-hours for participation in scheduled and unscheduled activities
- Strong communication skills (written, verbal, and listening);
- General understanding of networking and telecommunications;
- Ability to learn quickly and maintain a diverse workload in a fast-paced environment; and
- Proficiency with Word, Excel, PowerPoint, Microsoft Project, and Visio