SOUTHWEST TRANSPLANT ALLIANCE
Information Security Analyst II
SOUTHWEST TRANSPLANT ALLIANCE, Dallas, Texas, United States, 75215
At STA, we believe our superpower is our people. It is no accident that our values are rooted in saving lives through organ and tissue donation. This role is focused on growing, looking for a different way to drive our mission, and sustaining the best OPO in the country. Success factors for this role include implementing and administering information security policies and procedures and developing and maintaining information systems to uphold those security policies. Performs various investigations into potential and existing security threats. The Information Security Analyst II will establish and enforce security policies, ensure compliance based on best practices, and troubleshoot security issues. Evaluates security risk assessments and presents security information to the workforce and management. Assists the workforce with security-based questions and problems.Essential Job Functions and Responsibilities:Designs and administers SIEM rules and Endpoint Detection Response (EDR) behavior to support 24/7 security operations in partnership with our Managed Security Team.Ability to monitor and create SIEM alerts based on Cyber Security incidents and Threat Intelligence analysis and translate them into actionable defensive measures.Actively participate and apply Incident Response and Forensics principles to deploy EDR controls.Perform risk assessments on new technologies, upgrades, and infrastructure changes, then provide design to ensure secure implementation.Analyze Cyber Security incidents detected from various platforms and operating systems to solve issues and improve incident handling procedures.Perform regular internal and external audits of various Southwest Transplant Alliances (STA) systems and processes on-prem and in the cloud, including managing contracted vendor audits, and incorporate results into integrated risk management solutions.Conduct research regarding the latest methods, tools, and trends in digital forensics analysis.Maintain a strong understanding of multiple technology platforms, threat vectors, and threat actors to track cyber campaigns using internal and external data.Ability to prioritize and document work progress and perform operational support of information security technology. Work closely with other teams to understand the flow of sensitive data between systems and applications.Complete project tasks to enable the on-time, within-budget, and scope delivery of information security projects.Lead and present new and existing information security awareness to all STA staff through a security training program.Perform penetration testing, install security measures, and operate software to protect systems and information infrastructure, including firewalls and data encryption programs.Act as subject matter expert to provide insight and guidance to colleagues engaging in prevention measures and provide first-level support on security questions for the service desk.In partnership with the Director of Information Technology and the Director of Quality Systems and Risk, develop and maintain an IT business continuity plan and administer test exercises for IT business continuity.Other duties as assigned or requested.Compliance:OSHA CATEGORY DEFINITION: Category 3 - The incumbent in this position has no potential for occupational exposure.The incumbent will have access to confidential material and is required to use discretion with this information and comply with STA Confidentiality policy.Education, Experience, and Licensing Requirements:High School Diploma (Required)Bachelor’s Degree - Information Security, Computer Science, or related field (Preferred)Certifications (SANS or other applicable industry or systems certification. (Example CISSP or CISA))5+ years of Information Security, Governance, Risk and Compliance, Information Technology, or Business Analysis.5+ years of experience developing, communicating and presenting Information Security and Risk Management concepts to varying audiences.5+ years of experience with technologies such as Intrusion Prevention Systems (IPS), firewalls, endpoint protection, web/email filtering, Data Loss Prevention (DLP), digital rights management, encryption, Security Event and Incident Management (SEIM), and virtualization platforms.Qualifications and Skills:Experience with virus/malware protection solutions.Subject matter expert in SIEM, forensics, malware analysis, and incident handling.Familiarity with industry regulations (e.g., HIPPA, HITECH, etc.)Direct experience in a healthcare setting is strongly preferred.Excellent communication skills required. Must have the ability to communicate effectively with all levels of personnel and to represent the organization publicly.Ability to work both independently and as part of a team required.Ability to cope with high levels of stress and able to handle a heavy workload.Ability to travel in light and commercial aircraft or drive his/her personal auto in order to meet all job duties and responsibilities. Current Driver’s license required.PHYSICAL ENVIRONMENT / WORKING CONDITIONS:Normal office environment, travel in light and commercial aircraft, or automobile in order to meet all the duties and responsibilities of the position. Must be able to lift objects weighing up to 50 pounds and lift and carry objects weighing up to 25 pounds.
#J-18808-Ljbffr
#J-18808-Ljbffr