I.S. Security Analyst – Associate is responsible for providing analysis and support for the development, implementation, and maintenance of Intermountain's I.S. Security & Assurance (ISSA), I.S. Security policies, procedures, guidelines, processes, technologies, and solutions ensuring the confidentiality, availability and integrity of Intermountain's electronic information and information systems infrastructure. Assists in the operational analysis and support of the prevention, detection and response to I.S security threats, vulnerabilities, and incidents.
Familiarity and/or minimal experience with information systems/security technologies and systems. Works on small, defined elements of large projects. Incumbent's ability encompasses a subset of the total knowledge required within information security and information systems. Incumbent is in process of developing remaining skills. Requires additional support and/or training to become fully proficient. Work normally overseen by higher level technical contributors.
Participates in the planning and design of enterprise security architecture, under the direction of the Consultant/Senior I.S. Security Analyst, or Team Lead, where appropriate.
Participates in the creation of enterprise security documents (policies, standards, baselines, guidelines and procedures) under the direction of the Consultant/Senior I.S. Security Analyst, or Team Lead, where appropriate.
Participates in the planning and design of an enterprise Business Continuity Plan and Disaster Recovery Plan, under the direction of the Consultant/Senior I.S. Security Analyst, or Team Lead, where appropriate.
Maintains up-to-date general knowledge of the IT security industry including awareness of new or revised security solutions, improved security processes, and the development of new attacks and threat vectors.
Recommends additional security solutions or enhancements to existing security solutions to improve overall enterprise security.
Performs the deployment, integration, and initial configuration of all new security solutions and of any enhancements to existing security solutions in accordance with standard best operating procedures generically and the enterprise’s security documents specifically.
Maintains up-to-date baselines for the secure configuration and operations of all in-place devices, whether they be under direct control (i.e., security tools) or not (i.e., workstations, servers, network devices, etc.).
Maintains operational configurations of all in-place I.S. security solutions as per the established baselines.
Monitors all in-place I.S. security solutions for efficient and appropriate operations.
Reviews logs and reports of all in-place devices, whether they be under direct control (i.e., security tools) or not (i.e., workstations, servers, network devices, etc.). Interprets the implications of that activity and devise plans for appropriate resolution.
Participates in the design and execution of vulnerability assessments, penetration tests, and security audits.
Participates in incident investigations into suspicious or problematic activity.
Provides on-call support for end users for all in-place I.S. security solutions.
This position will work with confidential and proprietary information that requires a signed IT Employee Invention and Confidentiality Agreement upon hire.
Bachelor's degree in Computer Science, Information Systems or other technical field - OR- four or more years of Information Systems (I.S.) work experience. Intermountain Healthcare verifies both degree attainment and educational institution accreditation following an offer of employment.
One or more years of experience in I.S. or I.S. security technologies and systems
Understanding of security methods and techniques for information systems
Available to work periodic on-call shifts in a 24x7 support environment
Ability to analyze and document processes and work within a quality improvement environment
Ability to present and communicate I.S. security-related concepts to both technical and non-technical end users
Three or more years of work experience in I.S. or I.S. security technologies and systems
General understanding of the 10 Information System Security domains in the Common Body of Knowledge for Certified Information Systems Security Professional (CISSP) and the 5 Information Security practice areas and tasks for Certified Information Security Manager (CISM)
Possess or actively pursuing Certified Information Systems Auditor (CISA), CISM or CISSP industry certification
Understanding of security incident management processes and methods
Understanding of the I.S. security requirements for HIPAA, HITECH, and SOX regulations
All positions subject to close without notice
Intermountain Healthcare is an equal opportunity employer M/F/D/V
Intermountain Healthcare is an internationally recognized system of 22 hospitals and a full range of medical services, multi-specialty...