Information Security Analyst (Hybrid)

Cloud Services & Technology | Minnesota, US

Description

As an Information Security Analyst at MEDITECH, you are responsible for the security of MEDITECH’s corporate infrastructure as well as the infrastructure hosting MEDITECH’s SaaS and IaaS offerings. In addition, you would be consulting with MEDITECH customers and partners regarding the security of MEDITECH products and services. As a member of our Cloud Services & Technology team, your job would involve:

 

  • Staying current with all matters relating to application, database, and network security including the latest threats, solutions, trends, regulations, standards, guidelines, and industry best practices

  • Ensuring corporate data privacy and security:

    • Vulnerability management

      • Evaluating output from various security monitoring tools

      • Coordinating with monitoring group to prioritize action

      • Planning and implementing remediation and/or mitigating controls

    • Risk management

      • Carrying out security based risk assessments

      • Planning and implementing remediation and/or mitigating controls

      • Advising on any potential risk acceptance

    • Identity and access management

      • Implementing controls and working with other teams to ensure appropriate access to corporate assets

      • Maintaining knowledge of security/regulatory concepts such as least privilege

    • Incident response and management

      • Providing security feedback and expertise

      • Implementing any controls needed to end the current incident and protect against future occurrences

  • Maintaining documentation, processes and procedures in support of MEDITECH’s ISO 27001 certification

  • Ensure compliance with regulations such as HIPAA, GDPR and PHIPA

  • Designing, implementing, and maintaining secure system configurations

  • Communicating and coordinating with other security and IT groups within the company regarding security

  • Working with partner vendors to evaluate, test, and promote within MEDITECH any products which use technology to enhance end-user authentication

  • Guiding relevant MEDITECH and third party application security audits, assessments, and attestation initiatives

  • Addressing the security questions and concerns of both external (customer, prospect, partner, auditor, certification body, etc.) and internal (development, regulatory, executive, etc.) stakeholders

  • Making recommendations on security-related matters during customer-related hardware implementations, application security, and performance assessments

  • Engaging with customers both individually and during large forums to explain MEDITECH’s security practice and acting as an advocate within MEDITECH’s development organization on customer behalf

  • Creating and maintaining security-related documentation and external statements related to our EHR products and best practice implementation

What You Should Have
  • Bachelor’s or associate degree preferred, and/or 2-3 years of applicable work or military experience

  • Security specific certifications preferred, but not required:

    • General

      • Certified Information Systems Security Professional, (ISC)² - CISSP

      • Certified Information Systems Auditor, ISACA - CISA

      • Global Information Assurance Certifications, GIAC - GISF, GCED, GNFA, etc.

    • Cloud

      • Certified Cloud Security Professional, (ISC)² - CCSP

      • Certificate of Cloud Security Knowledge, CSA - CCSK

      • Certified Cloud Security Specialist, GSTF - CCSS

  • Knowledge and awareness of applicable information security standards, guidelines, regulations, and industry standard best practices:

    • Information Security Management (ISO 27001 /27002 / 27017)

    • Security Operations Center (SOC I & II)

    • Quality Management (ISO 9001)

    • National Institute of Standards & Technology (NIST)

  • Scripting experience (especially in IT operations)

  • Multiple years of experience or education dealing with information security tools and techniques

  • Ability to identify and work with application and system experts from around the company to help identify and remediate vulnerabilities

  • Ability to work with various monitoring resources to understand current security threats and engineer solutions

  • Advanced knowledge of information security principles and practices, including any of the following: security risk assessment standards, risk assessment methodologies, and vulnerability assessment

  • Strong analytical, reasoning, and problem solving skills and technical aptitude

  • Exceptional written and verbal communication skills

  • Ability to work well with stakeholders and interested parties of varying position and tenure

  • Demonstrated experience implementing security initiatives that require partnership with other IT areas and business units

  • Ability to use discretion when handling confidential information

  • Ability to set priorities and adapt to changes in a quick, professional manner

  • Exceptional project management and organizational skills

  • Strong attention to detail

  • Ability to learn new tools and technology quickly

 

In compliance with federal law, all persons hired will be required to verify identity and eligibility to work in the United States and to complete the required employment eligibility verification form upon hire. MEDITECH will not sponsor applicants for work visas.

This opportunity is available at our following location(s):
  • Minnetonka

Working at MEDITECH Minnesota

Learn why our Minnesota employees think MEDITECH is a great place to work!