The Senior Information Security Analyst possesses superior problem-solving skills and significant experience in leading cross-funtional teams to ensure security policies, procedures, standards, and best practices are effectively in place. The Sr Analyst provides information security support and guidance to Sutter Health privacy and security leadership, affiliates, and operating unit security program, reports to the Affiliate Information Security Officer (ISO), is a hands-on leader in the day-to-day security program administration, and represents the information security office, conducting audits, assessments, investigations, training, and program operational duties. In addition, the Sr Analyst works with Information Services, business, and clinical operations to identify and recommend solutions on security-related issues, and provides senior-level expertise and hands-on security administration of a broad range of security duties and requires a high level of security experience. The Sr Analyst has duties and responsibilities that include, but are not limited to, oversight of design, engineering, analysis, research, testing and monitoring of security controls. The Sr Analyst also serves as the senior advisor to the affiliate ISO and Organizational Unit (OU) Deputy Chief Information Security Officer (DCISO), as well as various other leaders and teams.
Bachelors degree in Computer Science, Information Security, Business, Management, or related field required.
Masters degree in Computer Science, Information Security, Business, Management, or related field preferred.
Certified Information Systems Security Professional (CISSP) within 12 months of hire required. Security HealthCare Information Security and Privacy Practitioner (HCISPP) desired.
Certified Ethical Hacker (CEH) preferred.
* Senior work experience in information systems and information security as typically acquired in 15 years
* Five years of healthcare information technology industry experience highly desired
* Significant knowledge of information security concepts and current information security trends and practices including security processes and methods.
* Must be an expert in security concepts, practices, and procedures
* Significant knowledge of software, hardware, databases, networks, firewalls, encryption, and other system security devices
* Must have the ability to provide effort estimation and complete work based on a schedule of activities in coordination with delivery leader
* Experience with DNS, DHCP, TCP/IP, Active Directory, network topologies, and intrusion detection systems to enable incident response and investigations.
* Well-versed in Active Directory support tools including able to use LDAP tools and interfaces
* Superior knowledge of SQL technologies and database architectures
* Extensive experience with security tools in the industry
* Demonstrates exceptional quantitative, analytical, and conceptual thinking skills
* Strong skills in planning, administration, and management of information systems, operational and technical security controls, and security risk analysis and management
* Extensive knowledge of federal and state security and privacy-related regulatory requirements
* Extensive knowledge regarding NIST, HIPAA, FIPS, and other recognized industry security standards and best practices
* Excellent written and verbal communication skills
* Strong interpersonal and customer support skills
* Strong organizational and problem-solving skills
* Prioritize work while multi-tasking on assigned work
* Ability to effectively leverage vast detailed knowledge and familiarity with security disciplines
* Possess ability to identify key concepts, factors and risks based on conversations and document them in clear and concise narrative or graphic reports
* Must possess expertise in developing long-term strategies to address security threats
* Must work well within a time-sensitive environment
* Ability to work alone as well as in a group, under pressure
* Excellent ability to analyze, make decisions, and solve problems
* Good leadership qualities to instruct and lead junior analysts
* Able to train others on various system security threat mitigations
* Maintains a passion for delighting customers
* Proven history of executing business impacting projects with defined scope, deliverables and timelines
* Strong diagnostic capabilities
* Proven security analytics and/or extensive data analytics experience