MedAssets partners with healthcare providers to improve their financial strength by implementing integrated spend management and revenue cycle solutions that help control cost, improve margins and cash flow, increase regulatory compliance, and optimize operational efficiency. MedAssets serves more than 125 health systems, 3,300 hospitals and 30,000 non-acute care healthcare providers. For more information, visit www.medassets.com .
The Information Security/Assurance Analyst is responsible to the VP Information Security. Primary responsibilities include
ongoing management of the enterprise information security program to ensure maintenance of data confidentiality,
integrity and availability of all organizational systems.
Assist in the development and execution of the enterprise information technology risk management program
Serve as a technology security liaison to executive management, system engineering and development teams to ensure compliance with security standards and policies.
Provide recommendations to the system owners on how to obtain and maintain system accreditation and security posture
Leverage Defense in Depth principles in the development of security engineering designs and implementations.
Analyze existing and future systems, reviewing security architectures, and collaboratively develop engineering solutions that integrate information security requirements
Apply security risk assessment methodology to systems development, including assessing and auditing network penetration testing, antivirus deployment and technology risk analysis.
Provide advice and insight into future information security technologies and the strategic drivers that will influence the technology choices
Essential Duties & Responsibilities:
Assists in defining, implementation and maintenance of information security standards, policies and procedures.
Provides technical leadership in the planning, architecting, designing and implementing enterprise grade information security solutions into a large, decentralized and complex environment with multiple platforms and hardware.
Assists in the development and implementation of measurable security metrics for projects and operations
Communicates technology risk to business leaders in non-technical terms to ensure understanding of risk and available options for remediation
Manages the identification of potential internal and external threats and risks that jeopardize the availability of IT systems and assists in the implementation of mitigation strategies and controls
Prepares enterprise security awareness training plans
Assists in forensic analysis, cyber-crime investigation, incident emergency response and investigations related to information security.
Develops effective working relationships with mid and senior level management throughout the company to obtain support and acceptance of security policies and practices, and develop support for policy enforcement
Translate regulatory requirements and standards to IT policies, controls and processes.
Minimum Qualifications & Competencies:
A four-year degree in Information Technology with an information security emphasis - preferred, or equivalent relevant experience – required
Security + or equivalent certification required. (GCIH or CISSP Desired)
3-5 years of combined IT and security work with a broad range of exposure to systems analysis, applications development, database design and network administration.
Proven experience, clarity and courage to drive an agenda with the ability to influence without direct authority.
Knowledge of application systems, network architecture, multiple platforms and new technologies from a security perspective to include firewalls, intrusion detection, Windows server, network architecture, DNS, VPN, application, database and operating system security, web-based systems and single sign on technologies.
knowledge of data security and access control systems, encryption and related matters.
knowledge of information protection methodologies and concepts, such as identification and authentication, access control, inception and audit trails.
Strong analytical, writing and exceptional communication skills.
Demonstrated problem solving and critical thinking skills.
Ability to routinely multi-task between the tactical and the strategic; ability to work with flexibility, efficiency, enthusiasm, and diplomacy both individually and as part of a complex team effort.
Ability to build out security policies and procuedures in a currently decentralized enviornment.
Experience with writing policies, procedures, and audit data related.
Familiarity with HIPPA, SOX, and IT audit data.
Excellent writing skills
Ability to work on both the Information Assurance (Policy) and Security Analyst sides of security.
Understands duties and responsibilities, has necessary functional and technical knowledge for task completion, keeps job knowledge current, applies knowledge and skills that lead to success in the job.
Effectively applies background & experience to current role
Demonstrates a comprehensive knowledge of particular field
Keeps informed of latest trends, developments, and best and current practices in particular field
Builds customer confidence, is committed to increasing customer satisfaction, sets achievable customer expectations, assumes responsibility for solving customer problems, ensures commitments to customers are met, solicits opinions and ideas from customers. This competency applies to both external and internal customers.
Responds to customer requests and/or issues in a timely manner
Establishes and maintains effective relationships with customers and gains their trust and respect
Uses first-hand customer feedback for improvements in products and services
Demonstrates integrity and ethics in day-to-day tasks and decision making, adheres to MedAssets’ core values of compassion, commitment, character, and confidence, operates effectively in the MedAssets environment and the environment of the work group, maintains a focus on self development and seeks out continuous feedback and learning opportunities.
Sincerely passionate for and committed to the mission of MedAssets
Exhibits integrity in all actions and communication
Works well autonomously, while acting as a team-player
Demonstrates a vested interest in self-development
MedAssets is an Equal Opportunity Employer and ensures its employment decisions comply with principles embodied in Title VII, the Age Discrimination in Employment Act, the Rehabilitation Act of 1973, the Vietnam Veterans Readjustment Assistance Act of 1974, Executive Order 11246, Revised Order Number 4, and applicable state regulations
MedAssets, Inc. - 19 months ago
MedAssets is at the center of improving the quality and effectiveness of the healthcare industry. From establishing best practice value for...