HBITS-06-13886-Security Analyst-Mid-Level
Apply NowCompany: Knowledge Builders, Inc.
Location: Latham, NY 12110
Description:
Job Description
Security Analyst Mid-Level
Support ITS ISO team dedicated to OMH with cybersecurity risk management tasks.
Day to Day Tasks:
1. Guide and assist ITS and OMH in complying with NYS information security policies, standards, and best-practices.
2. Provide guidance and recommendations for the secure development of new or existing information systems.
3. Perform cybersecurity reviews and risk assessments of new and existing systems.
4. Provide guidance and recommendations to mitigate and remediate cybersecurity risks to information systems and services.
5. Guide and assist OMH in performing Information Classification.
6. Coordinate and support application scanning of applications and systems.
7. Coordinate with ITS and OMH stakeholders to ensure vulnerabilities detected from scanning reports are remediated by the appropriate technical teams.
8. Pursuant to approved protocols and processes, escalate security concerns and report incidents to the applicable entities for review and actions.
Mandatory Qualifications:
Security Analyst - Plans and carries out security measures to protect an organization's computer networks and systems.
Mid-Level - 36 - 60 months: Candidate is able to work independently, without assistance.
Requested Qualifications:
Security Analyst Mid-Level
Support ITS ISO team dedicated to OMH with cybersecurity risk management tasks.
Day to Day Tasks:
1. Guide and assist ITS and OMH in complying with NYS information security policies, standards, and best-practices.
2. Provide guidance and recommendations for the secure development of new or existing information systems.
3. Perform cybersecurity reviews and risk assessments of new and existing systems.
4. Provide guidance and recommendations to mitigate and remediate cybersecurity risks to information systems and services.
5. Guide and assist OMH in performing Information Classification.
6. Coordinate and support application scanning of applications and systems.
7. Coordinate with ITS and OMH stakeholders to ensure vulnerabilities detected from scanning reports are remediated by the appropriate technical teams.
8. Pursuant to approved protocols and processes, escalate security concerns and report incidents to the applicable entities for review and actions.
Mandatory Qualifications:
Security Analyst - Plans and carries out security measures to protect an organization's computer networks and systems.
Mid-Level - 36 - 60 months: Candidate is able to work independently, without assistance.
Requested Qualifications:
- 36 Months experience in a non-operational Healthcare Information Security / Risk Management position.
- 36 Months experience performing formal IT risk assessment in a corporate/enterprise environment exceeding 20 locations and 10,000
employees. - 36 Months experience supporting audit response activities based on NIST 800- 53 controls.
- 36 Months experience coordinating and tracking web application scanning
including providing guidance and recommendations to mitigate and
remediate vulnerabilities identified in the web application scanning. - 36 Months experience coordinating and tracking infrastructure scanning
including providing guidance and recommendations to mitigate and
remediate vulnerabilities identified in the infrastructure scanning. - 24 Months experience working with Business Units to perform Information
Classification. - 18 months experience utilizing NYS ITS Information Security Policy (NYS-P03- 002) and associated NYS ITS security policies and standards for the purpose of protecting and maintaining the confidentiality, integrity, and availability of information; managing the risk of security exposure or compromise; and ensuring a secure and stable information technology (IT) environment.
- Active Certified in Risk and Information Systems Control (CRISC) certification.
- Active Certified Information Systems Security Professional (CISSP) certification.
- Active Certified Information Security Manager (CISM) certification.