Health Care District of Palm Beach County

  • IT Security Analyst

    Posted Date 2 months ago(5/2/2018 8:00 AM)
    Job ID
    2018-1181
    # of Openings
    1
    Job Locations
    US-FL-West Palm Beach
    Category
    Information Technology
  • Overview

    Under the direction of the Chief Information Officer, this position is responsible for the ongoing management of Information Security policies, procedures and technical systems in order to maintain the confidentiality, integrity and availability of all District Health Care Information Systems as mandated by HIPAA.

    Responsibilities

    Recommend security systems that will provide detection, prevention, containment and deterrence mechanisms to protect and maintain the integrity of healthcare data.

     

    Manage and enforce Information Security directives as mandated by the HIPAA Security Rule. These include the development and maintenance of all security related policies and procedures designed to protect computer programs, databases and data files from unauthorized or accidental access, duplication, modification or destruction. 

     

    Ensures the ongoing interaction and flexibility of Information Security with District Business strategies and requirements. 

     

    Ensures that the access control, disaster recovery, business continuity, incident response and risk management needs of the district are properly addressed.

     

    Design and implement security remediation plans. 

     

     

    Demonstrates knowledge and experience with the following tools; Antivirus, intrusion detection/protection software, network access control, provisioning and de-provisioning of users, encryption, SFTP/FTP, security monitoring, data loss prevention, identity and asset management.

     

    Experienced in the following technologies: Cisco ASA firewalls, Cisco VPN connections/client, Cisco IDS, Security information management (SIM), Threat Detection Management , Symantec, log correlations, Authentication, RBAC, single sign on technologies, mobile device security protocols.

     

    Will attend annual security training classes and/or security certification programs. Ensure District Information systems are adequately protected and meet HIPAA certification requirements.

     

    Implement action plans for  information security findings to ensure internal security controls are appropriate and operating as intended.

     

    Provides security project management,  security testing oversight, and risk remediation planning and coordination.

     

    Coordinates internal and external communication, issue resolution, security vendor relationships, testing plans, training plans, and successful transition to additional IT infrastructure teams appropriately.

     

    Analyze and evaluate cyber and information security solutions, including new technologies and new security architectures, security controls and procedures, and contracting documentation.

     

    Analyze changes in the regulatory area including the Payment Card Standard, Privacy Legislation, SOX, SEC guidance, HIPAA etc. and provide the District with appropriate action plans for improving business functions. 

     

    Act as internal consultant to District staff to assist in the implementation of such action plans.

     

    Work with vendors, outside consultants and other third parties to improve District Information Security.

     

    Participate in the incident response teams to contain, investigate and prevent future computer security breaches.  Coordinates quarterly security audits.  Communicates findings to the Chief Information Officer and the Chief Compliance Officer. 

     

    Assists in the ongoing maintenance of the department’s business continuity/disaster recovery plan.

     

    Maintains positive relations with business customers and software vendors. 

     

    Provides clear and concise statuses and project plans to the Chief Information Officer.

     

    Requires on-call coverage as defined by IT management.

     

    Provides the technical leadership  for security based projects.

     

    Assists in the creation and maintenance of security procedural documentation on all systems. 

     

    Emergency duty may be required of the incumbent that includes working in Red Cross shelters or to perform other emergency duties including, but not limited to, responses to threats or disasters, man-made or natural.

     

    Additional Duties:

     

    The list of essential functions, as outlined herein, is intended to be representative of the tasks performed within this classification.  It is not necessarily descriptive of any one position in the class. The omission of an essential function does not preclude management from assigning duties not listed herein if such functions are a logical assignment to the position.

     

    Skills of an IT Security Analyst include but are not limited to: Strong policy and process knowledge including HIPAA, SOX, IT auditing skills, and has the expertise to deal with a variety of technologies and customers.  Interaction with all District departments is imperative.  This position requires IT competency in information security and security risk assessments in the healthcare industry. Proficiency in designing and hands-on implementation of security remediation plans is a must.  Strong technical skills: application and operating system hardware, vulnerability assessments, security audits, TCP/IP, log monitoring, intrusion detection systems, firewalls, etc.  Outstanding communication (oral, written, presentation), interpersonal and consultative skills. Must possess a high degree of integrity and trust along with the ability to work independently and with an infrastructure team. Demonstrated organization, facilitation, communication, and presentation skills. Excellent documentation skills. Ability to weigh business risks and enforce appropriate information security measures. Knowledge and experience in information privacy laws and regulations including access and release of information. In-depth knowledge of the HIPAA Security Rule and other government technology laws including any corollary state law(s).

    Qualifications

    Education: 

    Bachelor’s degree in Information Technology or related field with a concentration in information technology security.

     

    Experience: 

    Two (2) to four (4) years experience in implementing and supporting information security for applications, web architectures, operating systems, databases, and networks in the health care industry.

    Certification:

    CompTIA Security+ certification required.

    CEH: Certified Ethical Hacker preferred.

    Licensure:

    Valid Florida Driver’s License required.

    Registrations:

    N/A

    Training:

    Strong technical skills (application and operating system hardware, vulnerability assessments, security audits, TCP/IP, intrusion detection systems, firewalls, etc. Knowledge and experience in information privacy laws and regulations including access and release of information. In-depth knowledge of the HIPAA Security Rule and other government technology laws including any corollary state law(s).

    Options

    Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
    Share on your newsfeed