Sutter Health Roseville , CA 95661
The Senior Information Security Analyst possesses superior problem-solving skills and significant experience in leading cross-funtional teams to ensure security policies, procedures, standards, and best practices are effectively in place. The Sr Analyst provides information security support and guidance to Sutter Health privacy and security leadership, affiliates, and operating unit security program, reports to the Affiliate Information Security Officer (ISO), is a hands-on leader in the day-to-day security program administration, and represents the information security office, conducting audits, assessments, investigations, training, and program operational duties. In addition, the Sr Analyst works with Information Services, business, and clinical operations to identify and recommend solutions on security-related issues, and provides senior-level expertise and hands-on security administration of a broad range of security duties and requires a high level of security experience. The Sr Analyst has duties and responsibilities that include, but are not limited to, oversight of design, engineering, analysis, research, testing and monitoring of security controls. The Sr Analyst also serves as the senior advisor to the affiliate ISO and Organizational Unit (OU) Deputy Chief Information Security Officer (DCISO), as well as various other leaders and teams.
Bachelors degree in Computer Science, Information Security, Business, Management, or related field required.
Masters degree in Computer Science, Information Security, Business, Management, or related field preferred.
Certified Information Systems Security Professional (CISSP) required within 12 months of hire. Security HealthCare Information Security and Privacy Practitioner (HCISPP) required.
Certified Ethical Hacker (CEH) preferred.
Senior work experience in information systems and information security as typically acquired in 15 years
Five years of healthcare information technology industry experience highly desired
Significant knowledge of information security concepts and current information security trends and practices including security processes and methods.
Must be an expert in security concepts, practices, and procedures
Significant knowledge of software, hardware, databases, networks, firewalls, encryption, and other system security devices
Must have the ability to provide effort estimation and complete work based on a schedule of activities in coordination with delivery leader
Experience with DNS, DHCP, TCP/IP, Active Directory, network topologies, and intrusion detection systems to enable incident response and investigations.
Well-versed in Active Directory support tools including able to use LDAP tools and interfaces
Superior knowledge of SQL technologies and database architectures
Extensive experience with security tools in the industry
Demonstrates exceptional quantitative, analytical, and conceptual thinking skills
Strong skills in planning, administration, and management of information systems, operational and technical security controls, and security risk analysis and management
Extensive knowledge of federal and state security and privacy-related regulatory requirements
Extensive knowledge regarding NIST, HIPAA, FIPS, and other recognized industry security standards and best practices
Excellent written and verbal communication skills
Strong interpersonal and customer support skills
Strong organizational and problem-solving skills
Prioritize work while multi-tasking on assigned work
Ability to effectively leverage vast detailed knowledge and familiarity with security disciplines
Possess ability to identify key concepts, factors and risks based on conversations and document them in clear and concise narrative or graphic reports
Must possess expertise in developing long-term strategies to address security threats
Must work well within a time-sensitive environment
Ability to work alone as well as in a group, under pressure
Excellent ability to analyze, make decisions, and solve problems
Good leadership qualities to instruct and lead junior analysts
Able to train others on various system security threat mitigations
Maintains a passion for delighting customers
Proven history of executing business impacting projects with defined scope, deliverables and timelines
Strong diagnostic capabilities
Proven security analytics and/or extensive data analytics experience