Home

Sr Information Security Analyst

University Hospitals
Shaker Heights

Job Description

Description

The Senior Information Security Analyst plays a critical role in protecting the company’s information by ensuring security controls are working properly every day. This team member is also responsible for ensuring that the handling of sensitive company and client information follows company and industry standards. Additionally, this team member works hand in hand with the Information Security team to ensure security technologies are producing necessary and relevant information.
 
Essential Duties:
 
  • Lead the analysis and investigation of information security events (IPS/NGAV/DLP/NAC/SIEM/etc.), run to ground detected events and eliminate false positives.
  • Monitor security events daily, performing investigations and working with appropriate team members, business teams and Technology teams to develop solutions that address critical security concerns
  • Analyze system logs and other event logs to detect nefarious activity
  • Coordinate investigations and responses to security incidents. Maintains an information security incident/issues log.
  • Performs forensic research.
  • Monitors and reports on UH’s Information Security Program metrics by devising metrics/reports, requesting and/or developing metrics/reports, and routinely reviewing and reporting on those metrics/reports.
  • Observes, monitors, evaluates, and reports security policy compliance.
  • Work with the business to optimize and automate security-based processes
  • Helps define UH’s information security architecture with special emphasis on UH’s computer network security.
  • Maintains a knowledge-base of applicable security laws, regulations, and contractual obligations in conjunction with UH’s Compliance and Law Departments.
  • Evaluates and recommends new information security policies, procedures, standards, guidelines, tools, technologies, organizational changes, etc.
  • Coordinate the development and delivery of security mentorship and training to business partners by performing security program presentations, both internally and externally.
  • Work directly with our internal as well as external customers to understand and resolve their security questions, concerns, and requests.
  • Actively identify and consult with management and business areas regarding unresolved security exposures as well as misuse or noncompliance situations.
Increases security awareness and fosters an information security culture through training, education, and communication.
Qualifications

Experience & Knowledge:
  • Minimum 5 years IT experience required.
  • Minimum 3 years of IT security experience required.
  • Must have background in administering information security programs including risk assessments, forensic research, designing security architectures, developing policies, gathering metrics, and reporting status.
  • Prior experiencing working in a security operations center environment.
  • Prior experience analyzing security events (IPS email security,NGAV, Vulnerability Management  DLP, SIEM,)
  • Demonstrated initiative to learn new technologies.
  • Excellent written and verbal interpersonal skills, including strong presentation skills.
  • Demonstrated ability to develop and maintain collaborative working relationships with varying constituencies and teams.
  • Demonstrated dedication to and leadership of continuous process improvement.
  • Ability to maintain strict confidentiality and look at all situations objectively
  • Informal leadership, coaching and mentoring skills. Strong consultative skillset with ability to provide appropriate direction to other IT groups on security matters
  • Ability to function independently and as a team player in a fast-paced environment required. 
  • Must have strong written and verbal communication skills.
  • Knowledge of applicable security laws desired.
  • Healthcare experience preferred, especially in a large hospital setting.
  • Passion for information security and information assurance
 
Special Skills & Equipment Knowledge:
 
  • Proficiency in operating systems (Windows, Mac, Linux/Unix, mobile), network theory/design, penetration testing, endpoint security monitoring, coding and scripting, reverse engineering of malware, enterprise risk methodologies
  • Experience with Windows Server and Unix preferred.
  • Experience with scripting languages (e.g. Powershell, VB, C#) preferred.
  • Previous experience with end point protection tools (e.g. Antivirus, Antispam) preferred.
  • Previous experience with IPS, network monitoring tools, and FW rule sets preferred
  • Previous experience with Web Filtering products preferred.
Education/Expertise:
  • High School diploma required.
  • Bachelor’s Degree preferred.
  • Master’s Degree preferred.
 
 
Credentials, Licensure or Certification (i.e. RN, RRT):
  • CISSP (Certified Information Systems Security Professional), CCSP (Cisco Certified Security Professional, MCSA: Security / MCSE: Security (Microsoft Certified Systems Administrator / Engineer), CISA (Certified Information Systems Auditor), CISM (Certified Information Systems Manager), or similar information security certification preferred.

Salary

Competitive

Contact Information

University Hospitals

Contact Email

importuser@uh.com

Schedule

Days

Apply Save