Job Information
Northern Arizona Healthcare Information Security Analyst in Flagstaff, Arizona
The Information Security Analyst is responsible for supporting efforts to identify and reduce information security risks. This position is a key contributor performing administrative and technical security activities in support of the NAH information security program. Reporting to the Director of Information Security, the analyst will work to ensure security controls are effective and consistent with NAH strategic and operational objectives.
Information Security
Train users and promote security awareness, develop and maintain training materials/program
Participate in risk assessments and information security program audit requests
Respond to cybersecurity incidents
Provide system security reviews and recommendations for new acquisitions and existing systems
Monitor and enforce established security controls, and assist with development and implementation of new security controls as needed
Assist with development and maintenance of policies and procedures using established document control processes
Continuously research information security trends and maintain a thorough understanding of technology available to protect NAH information systems
Microsoft Active Directory administration including implementation of standards, management and oversight of group policy, group membership, and processing of user access change requests
Administration of endpoint patching utilities for deploying Microsoft and 3rd party patches to endpoints in a timely manner along with regular reporting on status and effectiveness of patching programs
Daily monitoring and administration for endpoint protection to ensure rapid handling of virus, malware, and ransomware detections
Support vulnerability management program by monitoring scheduled scans and remediating vulnerabilities found through scanning
Perform daily administration and maintenance tasks related to web-filtering systems including management of filtering policies and unblocking requests, occasional activity investigation and reporting requests
Perform daily administration and maintenance tasks related to email filtering and security systems, investigate customer questions and spam/phishing reports, perform log reviews, respond to incidents, and report findings to IT leadership
Assist with maintenance and monitoring intrusion detection/prevention systems, perform log review and support incident response efforts
Complete repetitive tasks on daily/weekly/monthly bases as assigned, and identify opportunities to automate repetitive tasks and reduce administrative burden wherever possible
Communication
Escalate security incidents as required and monitor progress towards resolution
Conduct walkthroughs/rounding of physical facilities including network closets, clinical, and back-office work areas to document security issues and report findings to IT Leadership
Foster information security awareness within the organization, and provide education on information security best practice
Partner with staff and leadership to promotes cross-team collaboration and service excellence standards
Interact with multiple levels of personnel within the organization and externally; including rounding at all service locations and in the moment security based education with personnel
Continuously demonstrate excellent verbal and written communication skills
Continuously demonstrate a high level of self-motivation, meticulous documentation skills, and excellent attention to detail
Compliance/Safety
Responsible for reporting any safety-related incident in a timely fashion through the Midas/RDE tool; attends all safety-related training programs; performs work in a safe manner; monitors work environment for possible safety issues and ensures others are also performing work in a safe manner.
Stays current and complies with state and federal regulations/statutes and company policies that impact the employee's area of responsibility.
If required for the position, ensures all certifications and/or licenses are up-to-date and valid prior to expiration dates.
Completes all company mandatory modules and required job-specific training in the specified time frame.
Responsible for maintaining up-to-date knowledge of cybersecurity trends, developments, best practices and regulatory changes.
Education
Associates degree or, an equivalent combination of education and/or technical experience - Required
Bachelor's degree in Information Systems, Computer science or related field - Preferred
Certification & Licensures
Information security certification CISSP - Highly Preferred
Experience
Minimum of 4 years relevant IT experience - Required
Experience with network, systems administration, and information security - Required
Intermediate skill level with Active Directory management / administration - Required
Working knowledge of PCI DSS, HIPAA, HITECH and evolving security and privacy regulations - Required
Intermediate skill level with automated patching utilities (SUS, SCCM, Ivanti, Landesk, etc.) - Required
Scripting experience required (batch, powershell, vb, python, etc.) - Highly Preferred
Intermediate skill level with vulnerability management utilities (Nessus, OpenVAS, etc.) - Preferred
Healthcare is a rapidly changing environment and technology is integrated into almost all aspects of patient care. Computers and other electronic devices are utilized across the organization and throughout each department. Colleagues must have an understanding of computers, and competence in using computers and basic software programs.
Requisition ID: 2020-8766
Street: 1200 N, Beaver St.
Full Name: First Last: DAWN JOHNSON
Email Address: dawn.johnson@nahealth.com
Shift: Days
Telecommute: No