HarrisburgRecruiter Since 2001
the smart solution for Harrisburg jobs

Senior Information Security Analyst - data protection

Company: West Penn Allegheny Health System
Location: Harrisburg
Posted on: May 3, 2021

Job Description:

Company :Highmark HealthJob Description : JOB SUMMARYu00a0Are you passionate about technology and interested in joining a community of collaborative colleagues who respectfully and courageously seek to challenge the status quo? If so, read on to learn more about an exciting opportunity with Highmark Healthu2019s Information Security Risk Managementu2019s (ISRM) Data Protection Team. We are curious and life-long learners focused on technology and innovation.Data Protection provides data-centric security solutions for the Highmark Health Organization. We are looking for a Senior Data Protection Analyst to serve as our lead technical resource, providing support for our current security stack and recommending new tools to better protect Highmarku2019s data. If you re an experienced, hands-on IT professional with strong systems administration, incident handling, engineering skills who is interested in growing in the cybersecurity field, this may be the job for you. As part of our Cyber Data Protection team, you will be assisting in designing, deploying, and managing technology and process solutions to reduce the potential of data compromise. You will be assisting with testing of data protection and data security solutions. You will work to enhance and mature cyber security data protection capabilities for the Highmark Health ISRM organization. You will require an understanding of the entire ecosystem of data protection including well-rounded understanding of the information security domains and their inter-relations across that ecosystem. You will be responsible for providing technical product and troubleshooting assistance to Highmark Health employees. You will work closely with management, leads, peers, development teams, business analysts, and end users to ensure data protection for systems are used by all areas the organization.ESSENTIAL RESPONSIBILITIESu00a0As part of the Data Protection team, you will have the following core responsibilities: Assist with the development, deployment, and support of Data Protection solutions Assist in rolling out Removable Media Protection Data Loss Prevention (DLP) policy to prevent data exfiltration using external hard drives/thumb drives and retire legacy encryption technology Assist in maturing DLP solution by creating, testing and implementing new DLP policies within various business areas and client engagements and triaging of DLP incidents. Utilize Data Loss Prevention (DLP) products to generate and maintain email, desktop, and network monitoring policies. Proactively assess DLP safeguards across the DLP tool suite to identify potential risks and perform trend analysis. Assist in scanning, quarantining and purging aged data that no longer provide business value from Network Shares, SharePoint Sites and Cloud Storage Assist in Data Classification and Rights Management service roll out to employees, its adoption and provide on-going support Provide technical engineering and troubleshooting support to employees for Web Protection Service consisting of Cloud Web Proxy and Cloud Access Security Broker (CASB) Provide technical support to end users in troubleshooting issues related to CASB, DLP, Web Security, Data Classification and Rights Management, Encryption Key Management, SSL Certificates, Database Encryption, Digital Code Signing, etc.EDUCATIONRequiredBacheloru2019s Degree in Information Security, Information Systems,u00a0 Information Assurance, Computer Science or related fieldSubstitutionsu00a07 years of Information Security, Governance, Risk and/or Compliance, Information Technology or Business AnalysisPreferredMasteru2019s Degreeu00a0in Computer Science, Information Security or related fieldEXPERIENCERequired7 - 10 years of experience with Information Security and Systems Analysis5 - 7 years of experience with Information Security and/or Information Risk Management and/or Information Technologyu00a0u00a0u00a0u00a0u00a0u00a0u00a0u00a0u00a0u00a0u00a0u00a0u00a0u00a0u00a0u00a0u00a0u00a05 - 7 years of experience with Information Security Governance, Risk and/or Compliance functions and activitiesu00a0u00a0u00a0u00a0u00a0u00a0u00a0u00a0u00a0u00a0u00a0 u00a0u00a0u00a0u00a0u00a0u00a0u00a05 - 7 years of experience developing, communicating and presenting Information Security and Risk Management concepts to varying audiencesu00a0u00a0u00a0u00a0u00a0u00a0u00a0u00a0u00a0u00a0u00a0u00a0u00a0u00a0u00a0u00a0u00a0u00a0u00a0u00a0u00a0u00a0u00a05 - 7 years of experience with technologies such as Intrusion Prevention Systems (IPS), firewalls, endpoint protection, web/email filtering, Data Loss Prevention (DLP), digital rights management, encryption, Security Event and Incident Management (SEIM), and virtualization platformsPreferred10 - 15 years of experience with information security and systems analysisu00a0u00a0u00a0u00a0u00a0u00a0u00a0u00a0u00a0u00a0u00a0u00a0u00a0u00a0u00a0u00a0u00a0u00a0u00a0u00a0u00a0u00a0u00a0u00a0u00a0u00a0Experience working within an information security function using the HITRUST Common Security Framework (HITRUST CSF), or the NIST 800-83 cyber security frameworku00a0u00a0u00a0u00a0u00a0u00a0u00a0u00a0u00a0u00a0u00a0u00a0u00a0u00a0u00a0u00a0u00a0u00a0u00a0u00a0u00a0u00a0Experience supporting SSAE 16 or SOC 2 Security Trust Principle auditsu00a0u00a0u00a0u00a0u00a0u00a0u00a0u00a0u00a0u00a0u00a0u00a0u00a0u00a0u00a0u00a0u00a0u00a0u00a0u00a0u00a0u00a0u00a0u00a0u00a0u00a0u00a0IT/information security risk advisory experienceu00a0u00a0u00a0u00a0u00a0u00a0u00a0u00a0u00a0u00a0u00a0u00a0u00a0u00a0u00a0u00a0u00a0Governance Risk and Compliance (GRC) tool experience such as ARCHERu00a0u00a0u00a0u00a0u00a0u00a0u00a0u00a0u00a0u00a0u00a0u00a0u00a0u00a0u00a0u00a0u00a0u00a0u00a0u00a0In-depth understanding of network security architecture, network and networking protocolsLICENSES AND CERTIFICATIONSRequiredNonePreferredCertified Information Systems Security Professional (CISSP)Security +SKILLSu00a0Knowledge of HITRUST CSF, NIST 800-83 cyber security framework, PCI, HIPAA, HITECH, COBIT, ISO 27001/2, and ITIL 3u00a0u00a0u00a0u00a0Knowledge of NIST Risk Assessment methodologyu00a0u00a0u00a0u00a0u00a0u00a0u00a0u00a0u00a0u00a0u00a0u00a0u00a0u00a0u00a0Familiarity with secure SDLC best practicesu00a0u00a0u00a0u00a0u00a0u00a0u00a0u00a0u00a0u00a0u00a0u00a0u00a0u00a0u00a0u00a0u00a0u00a0u00a0u00a0u00a0u00a0u00a0u00a0u00a0u00a0u00a0Knowledge of Microsoft Apps and Suites, Windows server, SharePoint, etc.u00a0u00a0u00a0u00a0u00a0u00a0u00a0u00a0u00a0u00a0u00a0u00a0u00a0u00a0u00a0u00a0u00a0Strong teamwork and inter-personal skillsLANGUAGE REQUIREMENT (Other than English) u00a0NoneTRAVEL REQUIREMENT:0% - 25%PHYSICAL, MENTAL DEMANDS AND WORKING CONDITIONSu00a0Position TypeOffice-BasedTeaches/Trains others regularlyOccasionallyTravels regularly from the office to various work sites or from site-to-siteOccasionallyWorks primarily out-of-the office selling products/services (Sales employees)Does Not ApplyPhysical Work Site RequiredYesLifting: up to 10 poundsDoes Not ApplyLifting: 10 to 25 poundsDoes Not ApplyLifting: 25 to 50 poundsDoes Not ApplyDisclaimer: The job description has been designed to indicate the general nature and essential duties and responsibilities of work performed by employees within this job title. It may not contain a comprehensive inventory of all duties, responsibilities, and qualifications required of employees to do this pliance Requirement: This position adheres to the ethical and legal standards and behavioral expectations as set forth in the code of business conduct and company policies.As a component of job responsibilities, employees may have access to covered information, cardholder data, or other confidential customer information that must be protected at all times. In connection with this, all employees must comply with both the Health Insurance Portability Accountability Act of 1996 (HIPAA) as described in the Notice of Privacy Practices and Privacy Policies and Procedures as well as all data security guidelines established within the Companyu2019s Handbook of Privacy Policies and Practices and Information Security Policy. Furthermore, it is every employeeu2019s responsibility to comply with the companyu2019s Code of Business Conduct. This includes but is not limited to adherence to applicable federal and state laws, rules, and regulations as well as company policies and training requirements.u00aighmark Health and its affiliates prohibit discrimination against qualified individuals based on their status as protected veterans or individuals with disabilities, and prohibit discrimination against all individuals based on their race, color, religion, sex, national origin, sexual orientation/gender identity or any other category protected by applicable federal, state or local law. Highmark Health and its affiliates take affirmative action to employ and advance in employment individuals without regard to race, color, religion, sex, national origin, sexual orientation/gender identity, protected veteran status or disability.EEO is The LawEqual Opportunity Employer Minorities/Women/ProtectedVeterans/Disabled/Sexual Orientation/Gender Identity (endeavor to make this site accessible to any and all users. If you would like to contact us regarding the accessibility of our website or need assistance completing the application process, For accommodation requests, please contact HR Services Consumer Privacy Act Employees, Contractors, and Applicants Notice

Keywords: West Penn Allegheny Health System, Harrisburg , Senior Information Security Analyst - data protection, Other , Harrisburg, Pennsylvania

Click here to apply!

Didn't find what you're looking for? Search again!

I'm looking for
in category

Log In or Create An Account

Get the latest Pennsylvania jobs by following @recnetPA on Twitter!

Harrisburg RSS job feeds