IS Security Analyst III
Silver Spring, MD

Job Description

Job Summary

Interfaces with various MedStar business units and applies improvements in MedStar Health's information security operations program and develops new security processes and standards as needed. Works with a diverse team to define, document, and implement security controls across MedStar network. This includes a wide array of applications, servers, workstations, and network tools.

Minimum Qualifications

* Education/Training
* Bachelor's degree in Information Systems, or a combination of equivalent technical experience and education.




*
* Experience


* 3 years operation information security experience. Hands-on experience with the following: system hardening, vulnerability scanning, firewall, penetration testing, Incident Response, Incident Handling and reporting to all levels of management. Hands-on experience in configuring and applying technical security controls to applications, servers, or network infrastructure. Experience performing vendor security assessment. Experience with various security management tools (Vulnerability Management, Configuration Management, SIEM, etc). Experience with risk assessments, security control assessments, and security audits.


*
* License/Certification/Registration
* CISSP, SANS GSEC, CompTIA Security+, CEH, or PMP certification preferred.




*
* Knowledge, Skills & Abilities
* Must have knowledge of security principles as they relate to the protection of clinical systems. Broad knowledge of IT Security and general systems infrastructure experience to include: security architecture, and security techniques/products, and techniques to mitigate security risks. Strong analytical ability to solve complex technical problems. Competent in microcomputing including desktop applications, server and desktop management and configuration. Strong interpersonal communication skills to effectively interface with internal/external customers. Understanding of information systems and their impact to customers. Ability to analyze business applications to determine and communicate risk to stakeholders in an understandable way. Provide experienced-based knowledge and serve as first point of escalation for security related events/issues. Knowledge of end-to-end project management process.





Primary Duties and Responsibilities

* Assists with design and implementation of the MedStar Health security infrastructure.


* Assists with the development, implementation and administration of enterprise information security standards and procedures.


* Performs security risk assessments, manages risk, and provides advice for the implementation of compensating security controls.


* Works with business and technical stake holders to research, assess, evaluate, and support the implementations of security related projects.


* Maintains operational security metrics to measure the effectiveness of security controls and identify opportunities for improvement.


* Promotes security awareness program.


* Provides high quality, service-oriented information processing for the MedStar Health System. Strives for service excellence by seeking continuous improvement, and consistent accuracy, completeness, and follow- through of work.


* Monitors MedStar Health security tools, including Security operations Center alerts, and works with the IS team to resolve issues.


* Serves as an escalation point for incidents identified by the SOC. Troubleshoots and resolves incidents.


* Develops project plans including work breakdown structures, project milestones, critical path analyses, risk assessment and management plans, cost/benefit analyses, staffing plans, project timelines, and project budgets.


* Monitors and summarizes the progress of projects.


* Contributes to the achievement of established department goals and objectives and adheres to department policies, procedures, quality standards and safety standards. Complies with governmental and accreditation regulations.


* Participates in multidisciplinary quality and service improvement teams as appropriate. Participates in meetings, serves on committees and represents the department and hospital/facility in community outreach efforts as appropriate.


* Performs other duties as assigned.



About MedStar Health

MedStar Health is dedicated to providing the highest quality care for people in Maryland and the Washington, D.C., region, while advancing the practice of medicine through education, innovation and research. Our 30,000 associates and 5,400 affiliated physicians work in a variety of settings across our health system, including 10 hospitals and more than 300 community-based locations, the largest visiting nurse association in the region, and highly respected institutes dedicated to research and innovation. As the medical education and clinical partner of Georgetown University for more than 20 years, MedStar is dedicated not only to teaching the next generation of doctors, but also to the continuing education and professional development of our whole team. MedStar Health offers diverse opportunities for career advancement and personal fulfillment.