Information Security/Assurance Analyst
MedAssets, Inc. - Alpharetta, GA

This job posting is no longer available on MedAssets, Inc.. Find similar jobs: Information Security Assurance Analyst jobs - MedAssets jobs

Company Overview:
MedAssets partners with healthcare providers to improve their financial strength by implementing integrated spend management and revenue cycle solutions that help control cost, improve margins and cash flow, increase regulatory compliance, and optimize operational efficiency. MedAssets serves more than 125 health systems, 3,300 hospitals and 30,000 non-acute care healthcare providers. For more information, visit www.medassets.com .

Job Purpose:
The Information Security/Assurance Analyst is responsible to the VP Information Security. Primary responsibilities include

ongoing management of the enterprise information security program to ensure maintenance of data confidentiality,

integrity and availability of all organizational systems.

Position Objectives:
Assist in the development and execution of the enterprise information technology risk management program

Serve as a technology security liaison to executive management, system engineering and development teams to ensure compliance with security standards and policies.

Provide recommendations to the system owners on how to obtain and maintain system accreditation and security posture

Leverage Defense in Depth principles in the development of security engineering designs and implementations.

Analyze existing and future systems, reviewing security architectures, and collaboratively develop engineering solutions that integrate information security requirements

Apply security risk assessment methodology to systems development, including assessing and auditing network penetration testing, antivirus deployment and technology risk analysis.

Provide advice and insight into future information security technologies and the strategic drivers that will influence the technology choices

Essential Duties & Responsibilities:
Assists in defining, implementation and maintenance of information security standards, policies and procedures.

Provides technical leadership in the planning, architecting, designing and implementing enterprise grade information security solutions into a large, decentralized and complex environment with multiple platforms and hardware.

Assists in the development and implementation of measurable security metrics for projects and operations

Communicates technology risk to business leaders in non-technical terms to ensure understanding of risk and available options for remediation

Manages the identification of potential internal and external threats and risks that jeopardize the availability of IT systems and assists in the implementation of mitigation strategies and controls

Prepares enterprise security awareness training plans

Assists in forensic analysis, cyber-crime investigation, incident emergency response and investigations related to information security.

Develops effective working relationships with mid and senior level management throughout the company to obtain support and acceptance of security policies and practices, and develop support for policy enforcement

Translate regulatory requirements and standards to IT policies, controls and processes.

Minimum Qualifications & Competencies:
A four-year degree in Information Technology with an information security emphasis - preferred, or equivalent relevant experience – required

Security + or equivalent certification required. (GCIH or CISSP Desired)

3-5 years of combined IT and security work with a broad range of exposure to systems analysis, applications development, database design and network administration.

Proven experience, clarity and courage to drive an agenda with the ability to influence without direct authority.

Knowledge of application systems, network architecture, multiple platforms and new technologies from a security perspective to include firewalls, intrusion detection, Windows server, network architecture, DNS, VPN, application, database and operating system security, web-based systems and single sign on technologies.

knowledge of data security and access control systems, encryption and related matters.

knowledge of information protection methodologies and concepts, such as identification and authentication, access control, inception and audit trails.

Strong analytical, writing and exceptional communication skills.

Demonstrated problem solving and critical thinking skills.

Ability to routinely multi-task between the tactical and the strategic; ability to work with flexibility, efficiency, enthusiasm, and diplomacy both individually and as part of a complex team effort.

Critical skills:
Ability to build out security policies and procuedures in a currently decentralized enviornment.

Experience with writing policies, procedures, and audit data related.

Familiarity with HIPPA, SOX, and IT audit data.

Excellent writing skills

Ability to work on both the Information Assurance (Policy) and Security Analyst sides of security.

Job/Functional Knowledge

Understands duties and responsibilities, has necessary functional and technical knowledge for task completion, keeps job knowledge current, applies knowledge and skills that lead to success in the job.

Effectively applies background & experience to current role

Demonstrates a comprehensive knowledge of particular field

Keeps informed of latest trends, developments, and best and current practices in particular field

Customer Focus

Builds customer confidence, is committed to increasing customer satisfaction, sets achievable customer expectations, assumes responsibility for solving customer problems, ensures commitments to customers are met, solicits opinions and ideas from customers. This competency applies to both external and internal customers.

Responds to customer requests and/or issues in a timely manner

Establishes and maintains effective relationships with customers and gains their trust and respect

Uses first-hand customer feedback for improvements in products and services

Culture Fit

Demonstrates integrity and ethics in day-to-day tasks and decision making, adheres to MedAssets’ core values of compassion, commitment, character, and confidence, operates effectively in the MedAssets environment and the environment of the work group, maintains a focus on self development and seeks out continuous feedback and learning opportunities.

Sincerely passionate for and committed to the mission of MedAssets

Exhibits integrity in all actions and communication

Works well autonomously, while acting as a team-player

Demonstrates a vested interest in self-development

Travel: 20%

MedAssets is an Equal Opportunity Employer and ensures its employment decisions comply with principles embodied in Title VII, the Age Discrimination in Employment Act, the Rehabilitation Act of 1973, the Vietnam Veterans Readjustment Assistance Act of 1974, Executive Order 11246, Revised Order Number 4, and applicable state regulations

Required Skills

Required Experience

MedAssets, Inc. - 19 months ago - save job - block
About this company
45 reviews
MedAssets is at the center of improving the quality and effectiveness of the healthcare industry. From establishing best practice value for...