CASY-MSCCN Jobs

CASY-MSCCN Logo

Job Information

Northern Arizona Healthcare Information Security Analyst in Flagstaff, Arizona

The Information Security Analyst is responsible for supporting efforts to identify and reduce information security risks. This position is a key contributor performing administrative and technical security activities in support of the NAH information security program. Reporting to the Director of Information Security, the analyst will work to ensure security controls are effective and consistent with NAH strategic and operational objectives.

Information Security

  • Train users and promote security awareness, develop and maintain training materials/program

  • Participate in risk assessments and information security program audit requests

  • Respond to cybersecurity incidents

  • Provide system security reviews and recommendations for new acquisitions and existing systems

  • Monitor and enforce established security controls, and assist with development and implementation of new security controls as needed

  • Assist with development and maintenance of policies and procedures using established document control processes

  • Continuously research information security trends and maintain a thorough understanding of technology available to protect NAH information systems

  • Microsoft Active Directory administration including implementation of standards, management and oversight of group policy, group membership, and processing of user access change requests

  • Administration of endpoint patching utilities for deploying Microsoft and 3rd party patches to endpoints in a timely manner along with regular reporting on status and effectiveness of patching programs

  • Daily monitoring and administration for endpoint protection to ensure rapid handling of virus, malware, and ransomware detections

  • Support vulnerability management program by monitoring scheduled scans and remediating vulnerabilities found through scanning

  • Perform daily administration and maintenance tasks related to web-filtering systems including management of filtering policies and unblocking requests, occasional activity investigation and reporting requests

  • Perform daily administration and maintenance tasks related to email filtering and security systems, investigate customer questions and spam/phishing reports, perform log reviews, respond to incidents, and report findings to IT leadership

  • Assist with maintenance and monitoring intrusion detection/prevention systems, perform log review and support incident response efforts

  • Complete repetitive tasks on daily/weekly/monthly bases as assigned, and identify opportunities to automate repetitive tasks and reduce administrative burden wherever possible

Communication

  • Escalate security incidents as required and monitor progress towards resolution

  • Conduct walkthroughs/rounding of physical facilities including network closets, clinical, and back-office work areas to document security issues and report findings to IT Leadership

  • Foster information security awareness within the organization, and provide education on information security best practice

  • Partner with staff and leadership to promotes cross-team collaboration and service excellence standards

  • Interact with multiple levels of personnel within the organization and externally; including rounding at all service locations and in the moment security based education with personnel

  • Continuously demonstrate excellent verbal and written communication skills

  • Continuously demonstrate a high level of self-motivation, meticulous documentation skills, and excellent attention to detail

Compliance/Safety

  • Responsible for reporting any safety-related incident in a timely fashion through the Midas/RDE tool; attends all safety-related training programs; performs work in a safe manner; monitors work environment for possible safety issues and ensures others are also performing work in a safe manner.

  • Stays current and complies with state and federal regulations/statutes and company policies that impact the employee's area of responsibility.

  • If required for the position, ensures all certifications and/or licenses are up-to-date and valid prior to expiration dates.

  • Completes all company mandatory modules and required job-specific training in the specified time frame.

  • Responsible for maintaining up-to-date knowledge of cybersecurity trends, developments, best practices and regulatory changes.

Education

Associates degree or, an equivalent combination of education and/or technical experience - Required

Bachelor's degree in Information Systems, Computer science or related field - Preferred

Certification & Licensures

Information security certification CISSP - Highly Preferred

Experience

Minimum of 4 years relevant IT experience - Required

Experience with network, systems administration, and information security - Required

Intermediate skill level with Active Directory management / administration - Required

Working knowledge of PCI DSS, HIPAA, HITECH and evolving security and privacy regulations - Required

Intermediate skill level with automated patching utilities (SUS, SCCM, Ivanti, Landesk, etc.) - Required

Scripting experience required (batch, powershell, vb, python, etc.) - Highly Preferred

Intermediate skill level with vulnerability management utilities (Nessus, OpenVAS, etc.) - Preferred

Healthcare is a rapidly changing environment and technology is integrated into almost all aspects of patient care. Computers and other electronic devices are utilized across the organization and throughout each department. Colleagues must have an understanding of computers, and competence in using computers and basic software programs.

Requisition ID: 2020-8766

Street: 1200 N, Beaver St.

Full Name: First Last: DAWN JOHNSON

Email Address: dawn.johnson@nahealth.com

Shift: Days

Telecommute: No

DirectEmployers