Staff InfoSec Analyst

Technology Vadodara, India

Apply

Description

 

Information Security Risk & Compliance Analyst

 

In this role, you will collaborate with internal stakeholders, internal subject matter experts, and engineering teams to create internal security solutions that will improve protection of our customers and QSI Team Members sensitive data (e.g. ePHI, PII, etc.) in order to provide a secure platform that also complies with various regulations and standards such as HIPPA, Service Organization Compliance (SOC), HITrust, etc. The SISA has a strong understanding of Information Security concepts and thinks creatively, working from initial concept to comprehensive solution analysis, identifying alternatives and defining unique security solutions.  The SISA must prioritize and plan work, as well as proactively manage conflicts and priorities associated with executing multiple simultaneous security task/activities.  The SISA is a model team player with superior interpersonal skills, diplomatic, with the mentality of a win-win relationship builder and mentor.  The SISA is able to establish effective professional working relationships with co-workers, customers and vendors in order to successfully execute the overall Information Security strategy.

 

Knowledge & Application

  • Working knowledge of IT functions, specifically understanding system production structure/controls, change management and software development processes.

 

  • Capable of identifying management, IT system, and operational issues and trends and developing solutions including creating materials, documentation, systems, processes/procedures, and policies in support.

 

  • Requires excellent technical, policy and procedural writing skills.

 

  • Requires excellent reporting and presentation skills.

 

  • Strong understanding of security audit methodologies with the management of audits with third parties.

 

  • Working knowledge of IT security-related regulations/standards

 

  • Working knowledge of IT functions, specifically understanding system production structure/controls, change management and software development processes.

 

  • Strong understanding web application development and IT infrastructure management.

 

  • Capable of identifying cross-functional risks pertaining to management, IT system, and operational issues and trends and developing solutions including creating materials, documentation, systems, processes/procedures, and policies in support.

 

       Creates security documentation and provides training content to different teams to enhance awareness of vulnerabilities and other security related issues to reduce those risks.

Preferred:

       Knowledge and understanding of regulatory compliance standards, particularly SOC1 and Service Organization Controls (SOC), HIPAA, HITrust, FedRAMP, Federal Information Security Management Act (FISMA), NIST Cyber Security Framework (CSF), NIST 800 series.

       Experience with working with Tenable products such as Tenable.sc, Nessus, Tenable.io

       Experience with working with Whitesource open-source scanning tools

Experience with working with Checkmarx static code scanning and dynamic code scanning

 

Duties & Responsibilities

 

  • Supports the Information Security Compliance Manager and provides coordination for performing security audits and creation of documentation and remediation plans. Documents and reports on existing controls to support internal and external audit activities.

 

  • Facilitate security risk assessments of functional areas to identify areas of risk and vulnerabilities and recommend alternative strategies.

 

  • Develops and manages metrics to track and ensure QSI functional are in compliance with internal and external policies, standards and regulations.

 

  • Maintains QSI Information Security reporting and dashboards including vulnerability counts, remediation assignments, remediation completion, incidents, etc.

 

  • Manages security awareness content and manages phishing campaigns by providing orientation, training, and on-going communication.

 

Education & Experience

 

  • 5+ years as an Information Security Analyst working directly with infrastructure and software engineering teams to achieve, monitor and maintain a strong Information Security posture.

 

  • 3+ years in developing and managing information security policies in accordance with industry regulations.

 

  • 2+ years working directly with IT Leadership, subject matter experts, and/or customer defining security requirements and specifications for infrastructure and application engineering teams.

 

  • 2+ years of experience as an Information Security Analyst within the healthcare technology sector (preferred).

 

Licenses/Certifications (Preferred)

 

       CISSP – Certified Information Systems Security Professional

       CISA – Certified Information Systems Auditor

       CISM – Certified Information Security Manager

       CRISC – Certified in Risk and Information Systems Control

       Security+

       PMP – Project Management Professional

 

 

Confidential & Proprietary                 Page 1 of 2

 

 

Apply Apply Later
← Back to Current Openings

Share

Similar Jobs

{{ job.title }}