The Senior IT Security Analyst will be responsible for performing information systems audit and assessment work related to the company’s HIPAA audit (NIST, application controls testing, etc.) as well as other information systems audits. Ensures that user community understands and adheres to necessary procedures to maintain compliance. Must be able to weigh business needs against security concerns and articulate gaps and remediation plans to management.
- Performs HIPAA audits and other IT related reviews (NIST, PCI) as prescribed in the annual plan.
- Identifies weaknesses in internal controls and opportunities to enhance operational efficiencies.
- Tracks remediation of identified gaps noted in reports
- Effectively communicates audit results, both verbally and in writing, so they are persuasive, placed in the appropriate context, and understood by the recipient
- Assists project teams in the implementation of security measures to meet corporate security policies and external regulations, e.g., NIST, HIPAA and PCI.
- Maintains appropriate security documentation for applications and systems.
- Bachelor’s degree in computer related field
- Five to eight years of relevant working experience; at least 3 years of experience in IT Security
- Certification in information security (CISSP, CISM, or equivalent) preferred
- Familiarity with external regulations, e.g., DIACAP, HIPAA, PCI; Strong understanding of information security principles; Familiarity with domain structures, user authentication, and digital signatures; Understanding of data communication networks; Experience with security tools and systems; PC skills including knowledge of Microsoft Office
- Excellent organizational skills and ability to communicate with internal/external entities and executives a must; Effective leadership skills, demonstrated ability to coordinate people and teams to project/activity completion and the ability to work in a team environment, sharing workloads and responsibilities; Customer service-oriented; Ability to work in a flexible environment where requirements and procedures continuously evolve; Ability to multi-task and manage time effectively