SECURITY ANALYST (DLP / ITM)
RELOCATION PAID: Yes
LOCATION / RESIDENCE: HYBRID (2 days a week in office)Applicants MUST reside in or relocate to within 1 hour of Fort Myers, Florida. Paid relocation is available.
Seeking an Advanced Security Analyst who will be responsible for maintaining Governance, Risk, and Compliance functions as they relate to Cybersecurity in the Health System network.
JOB DESCRIPTION
- Assist in ensuring all defined enterprise and end user security strategies, profiles, and security guidelines are followed
- Areas of focus include, establishing and updating corporate GRC policies
- Serve as a DLP subject matter expert within the organization, collaborating on the DLP rule development lifecycle including policy development, response rules, and maintenance, tracking discovered findings to ensure they are remediated or accepted by the business, derive metrics from GRC activities for distribution to various audiences, regularly monitor organizational cyber risks, assist in necessary aspects of external audits/reviews
- Work closely with the Corporate Compliance/Information Security Team to ensure proper HIPAA regulations and industry best practice guidelines are followed regarding application and network access
- Assist and support the Information Security Officer and the Compliance team across its functions, including coordinating resolutions, creating management reporting, and owning risk action reports.
Responsibilities
- Work with software vendors to support and maintain DLP technology, configure policies, and compile reports for analytics, monitor and respond to alerts generated from DLP systems and other technologies, work with the Incident Response team to escalate and respond to potential or real threats, management of data and situations with the utmost integrity.
- Senior Security Analyst will also serve as a subject matter expertise to departments on issues of Information Security Compliance, including guidance and training, designing and implementing programs for user awareness, compliance monitoring, and security compliance.
JOB REQUIREMENTS
Bachelor's Degree from an accredited college or university with a concentration in Computer Science, Information Systems, or four (4) years of equivalent relevant work experience required.
MINIMUM EXPERIENCE REQUIRED:
- Three (3) years of progressively responsible IT/Compliance work experience with a focus in GRC required
- 3+ years of expertise conducting HIPAA audits/assessments, as well as handling audit responses
- Knowledge of technical infrastructure, networks, databases and systems in relation to IT Security and IT Risk
- Thorough understanding of international regulatory frameworks like NIST, ISO, HIPAA, HITRUST, PCI DSS, and GDPR
- Familiarity with existing and emerging cloud technology services and concepts
- Experience supporting complex incidents such as insider risk, corporate espionage, data exfiltration, or other cybercrimes
- Experience with working with other stakeholders to link corporate IT, procurement, and privacy departments with GRC objectives
- Strong analytical and problem-solving skills coupled with great attention to detail required
- Strong knowledge on security technologies and solutions required
- Experience managing security events/incidents/projects as part of a GRC team
- Expert analytical and problem-solving skills coupled with great attention to detail. Ability to resolve complex problems, proactively monitors and pursues improvement in applicable process, technology and systems, and policies
- Advanced expertise on security technologies and solutions and is able to identify any gaps in capabilities of various security solutions with security frameworks
Certifications / Registration Requirements:
- GSEC, SSCP, CISA, CISM, CISSP, or other industry certification preferred
Other:
* Some after-hours work and periodic 24x7 on call support will be required