Information Security Analyst III
Irving, TX

Job Description

HMS makes the healthcare system work better for everyone. We fight fraud, waste, and abuse so people have access to healthcare-now and in the future. Using innovative technology and powerful data analytics, we help government and commercial payers reduce costs, increase quality, and achieve regulatory compliance. We also help consumers take a more active role in their own health. Each year, we save our clients billions of dollars while helping people live healthier lives. At HMS, you will develop new skills and build your career in a dynamic industry while making a difference in the lives of others.

We are seeking a talented individual for an Information Security Analyst III position to identify and report information technology threats. Identify and demonstrate risk realization of possible exploits within the Information Technology and application infrastructure to enable the enhancement of the overall security posture of the organization. Conduct formal assessments on both application and information Technology environments throughout the organization, documenting assessment plans as well as documenting results of assessment activities. Respond to information security-related questions and inquiries using established information security tools and procedures. Work closely with a wide range of audiences, including Security Infrastructure, Audit & Risk Liaisons, the various technical teams from Legal and HR to IT experts and other IT personnel, business and clients to meet these objectives.

Essential Responsibilities:

* Monitors and advises on information security issues related to the systems and workflow at HMS to ensure the internal security controls are appropriate and operating as intended.
* Supports the development and publication of Information Security policies, procedures, standards, guidelines based on knowledge of best practices and compliance requirements.
* Conducts company-wide assessment and security audits and manages remediation plans.
* Work closely with Enterprise Risk & Internal Audit, Procurement & Compliance to identify compliance baselines from legislative requirements and corporate objectives.
* Understand information security risks pertinent to its business goals and technology infrastructure and support an enterprise information security risk program to identify & assess and respond to risks.
* Develop, document, maintain and support the information security risk management program in line with information security policy, practices and leading industry standards.
* Creates, manages and maintains user security awareness.
* Conducts security research in keeping abreast of latest security issues.
* Performs other related duties as assigned.
* This position requires regular, predictable and timely attendance at work to meet department workload demands

Non-Essential Responsibilities:

* Performs other functions as assigned

Knowledge, Skills and Abilities:

* Knowledge of information security standards, rules and regulations related to information security and data confidentiality (e.g., HIPAA, etc.) and desktop, server, application, database, network security principles for risk identification and analysis.
* Strong analytical and problem solving skills.
* Excellent communication (oral, written, presentation), interpersonal and consultative skills.
* Strong PC skills (Microsoft Office, Word, Excel, PowerPoint, etc.
* Management of IT security and IT risk (e.g., data systems, network and/or web) across the enterprise.
* Address questions from internal and external audits and examinations.
* Develop/Maintain policies, procedures and standards that meet existing and newly developed policy and regulatory requirements including HITRUST, SOX, NEST, and ISO guidance.
* Facilitate IT security/risk training curriculum.
* Serve as project lead within IT security projects.
* Promote awareness of applicable regulatory standards, upstream risks and industry best practices across the organization.

Work Conditions and Physical Demands:

* Primarily sedentary work in a general office environment
* Ability to communicate and exchange information
* Ability to comprehend and interpret documents and data
* Requires occasional standing, walking, lifting, and moving objects (up to 10 lbs.)
* Requires manual dexterity to use computer, telephone and peripherals
* May be required to work extended hours for special business needs
* May be required to travel at least 25% of time based on business needs

Minimum Education:

* Bachelor's Degree, Information Systems, Computer Science, Information Security or related field required.

Certifications:

* CISSP, SSCP, CISA, etc preferred. Required if no degree.

Minimum Related Work Experience:

* 7-10 years IT security or information security experience with a proven ability to engage with Senior Management and regulators.
* 4 years' experience conducting IT compliance assessments (NEST, SOC, SOX etc.)
* 4 years' experience in administering IT security controls in an organization.
* Knowledge of technical infrastructure, networks, databases and systems in relation to IT Security and IT Risk.
* Experience with IPS/IDS and SIEM technologies.
* Prior experience working within a healthcare service organization preferred.
* Prior experience working with regulatory agencies including HHS, CMS, etc. preferred.
* Knowledge of HIPAA guidelines preferred.
* Project management skills preferred.
* Prior experience performing security reviews and risk assessments preferred
* Experience in security policy development, security education, network penetration testing, application vulnerability assessments, risk analysis and compliance testing
* Experience in the Archer eGRC Enterprise Solution or related Governance support software

Nothing in this job description restricts management's right to assign or reassign duties and responsibilities to this job at any time.

EOE including disability/veteran