This job assists in implementing and administering information security policies and procedures as well as development and maintenance of information systems used to uphold those security policies. Performs investigations into potential and existing security threats. Supports enforcing security policies and ensuring compliance. Troubleshoots security issues. Assists in evaluating security risk assessments and presenting security information to workforce and management. Assists workforce with security-based questions and problems.
- Assists and actively participates on project teams in various project roles.
- Research best practices, leading technologies, and emerging industry trends for consideration in design and improvement relating to rotations.
- Performs operational support of information security technology.
- Performs analysis and resolves problems regarding information security.
- Assists teams in incident response procedures.
- Assist Change Management.
- Works with business and technical organizations to drive out program strategy and approach.
- Conducts application risk assessments against Health Insurance Portability and Accountability Act (HIPAA) and Payment Card Industry (PCI).
- Other duties as assigned or requested.
- Bachelor’s Degree in Computer Science, Information Security or related field
- Have completed at least one quality internship in a relevant role to this position
- Active in one or more club, volunteerism effort, or other activity outside of the classroom
- Familiarity with Information Security and/or Information Risk Management and/or Information Technology
- Experience developing, communicating, and presenting Information Security and Risk Management concepts to varying audiences
- Familiarity with technologies such as Intrusion Prevention Systems (IPS), firewalls, endpoint protection, web/email filtering, Security Event and Incident Management (SEIM) or virtual platforms.
- Experience working within an information security function using the HITRUST Common Security Framework (HITRUST CSF), or the NIST 800-83 cyber security framework
- Familiarity with Information Security Governance, Risk and/or Compliance functions and activities
- Knowledge of Data Loss Prevention (DLP), Digital rights management, and encryption
- Experience supporting SSAE 16 or SOC 2 Security Trust Principle audits
- IT/information security risk advisory experience
- Governance Risk and Compliance (GRC) tool experience such as ARCHER
- Understanding of network security architecture, network and networking protocols
- Knowledge of HITRUST CSF, FAIR methodology, Splunk, Agile methodologies, NIST 800-83 cyber security framework, PCI, HIPAA, HITECH, COBIT, ISO 27001/2, and ITIL 3
- Knowledge of NIST Risk Assessment methodology
- Familiarity with secure SDLC best practices
LICENSES or CERTIFICATIONS
- Certified Information Systems Security Professional (CISSP)
- Microsoft Apps and Suites, Windows server, SharePoint, etc.
- Project Delivery
- Problem Solving and Decision Making
- Written and spoken communication skills
- Change Advocate
- Leadership and interpersonal skills
- Ability to build and sustain internal and external customer relationships