Information Security Risk Analyst
The ISRA responsibilities will include information security analysis, monitoring, and incident response, as well as maintenance and configuration of information security tools. The ISRA work with the latest technologies to detect, analyze, and limit intrusions and security events. The ISRA helps assess each potential threat and determine whether the current systems suffer from vulnerability to that threat. The ISRA in addition to monitoring network activity, helps to implement and manage security controls, protocols, and research emerging threats to help determine the best response to them. Finally, the ISRA will assist and participate on the overall data protection risk management and information security program.
- Add, remove, modify, and manage user access entitlements, passwords, and account information for various systems including application, network, database, and communication systems used throughout the organization in a timely manner.
- Monitor and analyze Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS), and Security Information and Event Management (SIEM).
- Meet processing and turnaround times established by internal procedures and guidelines, or as required by SLA’s while still maintaining a customer service focus.
- Analyze requests to ensure compliance with all information security standards and policies. Creates and maintains Standard Operating Procedures (SOP’s).
- Follow all information security policies, procedures, and guidelines when administering security to ensure the security of company information systems.
- Maintain access control rules, authorized approver lists, access control lists, and job roles to ensure only authorized users obtain access to company systems as requested.
- Ensure all work is appropriately documented for future audits and to meet regulatory compliance requirements.
- Perform information security monitoring and incident response for all AH business units, record and report incidents to the Sr IT Risk Manager and maintain records of security monitoring and incident response activities.
- Recognize potential, successful, and unsuccessful intrusion attempts and compromises thorough reviews and analyses of relevant event detail and summary information.
- Analyze large sets of data to discover indications of compromise
- Assists with implementation of countermeasures or mitigating controls.
- Assist in conducting information security assessments through vulnerability testing and risk analysis.
- Perform periodic Risk Assessments, Application and Infrastructure Audits, and vulnerability assessment.
- Identify events requiring investigation, determining impacts as well as executing rapid response to suspicious activity and identify the root cause.
- Participates in continuously updating the company’s incident response and IT disaster recovery plans.
- Be available to provide security support in the event of an emergency, declared disaster or activation of any AHM BRP initiative.
- 2+ years of Information Technology experience.
- 1+ years of experience of full-time information security governance and/or related functions.
- Experience with Risk Management frameworks.
- Experience with vulnerability testing.
- Information security governance and/or related functions (such as IT audit or IT Risk Management) Prior experience working with internal and external auditors.
- Knowledge of Active Directory, Azure AD, O365, Exchange, Internet security and network security technologies (TCP/IP, firewalls, IDS, Anti-Virus products, etc.), SIEM and third-party security or audit tools is required.
- Excellent communication skills.
- Excellent at teamwork.
- Comfortable with working under pressure in a dynamic environment.
- Working experience with NIST, COBIT and other information security and audit frameworks including SOC 2.
- Knowledgeable with information security concepts as well as understanding how to implement application-level security controls and mechanism.
- Must be able to communicate effectively (read, speak, and write) in English and Spanish. Must be able to prepare and deliver business presentations with the proper terminology and data.
Bachelor’s or Master's Degree in computer sciences or related fields.
- CISSP, Security+ or other security certifications preferred
Experience in PBM, Pharmacy or Healthcare industry preferred.