Hub International Limited
Receive alerts when this company posts new jobs.
IT Security Analyst
at Hub International Limited
The IT Security Analysis is responsible for maintaining appropriate levels of information security throughout the organization; ensure effective use of security measures and technical solutions to protect data. This person will develop and implement practical and achievable policies and practices for the protection of business information regardless of media or delivery mechanism. Will also ensure the company is compliant with regulatory requirements and security best practices as defined by industry experts and internal audit. This position is responsible for handling highly sensitive and confidential information.
- He/she is also responsible for the tracking and monitoring of system or network security incidents; Enforcing security policies and procedures through internal controlled self-assessments.
- Work with all areas of IT to ensure system vulnerabilities are addressed and remediated effectively and efficiently.
- Provides second level support and analysis during and after a security incident
- Acts as a liaison between incident response leads and subject matter experts
- Coordinating investigation and reporting of security incidents
- Provides monthly reporting and security metrics as it relates to current security vulnerabilities, security incidents and other security
- Assists in providing direct support to all staff for security related issues; educating the staff about security policies and consults on security issues regarding user built/managed systems.
- Assists management in the development of effective security processes and procedures, responding to client security questionnaires, and supporting the organization’s security awareness program
- Develop and implement an on-going security monitoring process surrounding the organization’s critical business systems and applications.
To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the knowledge, skill and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
EDUCATION LEVEL/EXPERIENCE REQUIRED
- Bachelor's degree in discipline appropriate to assignment or an equivalent combination of education and experience. Related certifications (e.g., CISSP, CISM) will be helpful.
- 6-8 years of combined IT and security work with a broad range of exposure to systems analysis, applications development, database design and administration; at least 4 years of experience in information security.
- Professional IT experience, specifically in security or network administration.
- Knowledge of computer systems, networks, telecommunication, internet, intranet and extranet technologies; strong technical acumen: application and operating system hardening, vulnerability assessments, security audits, forensics investigations, intrusion detection systems, and firewalls; ability to weigh business risks and enforce appropriate information security measures; excellent documentation and presentation skills; ability to explain information security concepts to audiences outside of the field.
- Security designations (CISSP, CISM, CISA, SSCP) and knowledge of "best practice" frameworks (COBIT, NIST, ITIL, ISO17799) are preferred but not required.
- Ability to evaluate business processes and IT technology, identify risks, process gaps, and evaluate control
- Knowledge of HIPAA, PCI, GLBA and other data privacy regulations and standards that apply to the insurance industry
- Extensive knowledge of data security and access control systems, encryption and related matters.
- Extensive knowledge of information protection methodologies and concepts, such as identification and authentication, access control, inception and audit trails.
- Knowledge of system and network exploitation, attack pathologies and intrusion techniques, such as denial of services, Sync attack, malicious code, password cracking, etc.
- Knowledge of Directory Services (LDAP, AD) and Internet/Intranet architecture and design.
- Extensive knowledge of addressing and remediating malware security incidents
- Ability to conduct network security assessments and audits against policies/procedures/best practices.
- Demonstrate knowledge of all equipment and systems/technology necessary to complete duties and responsibilities.
- Ability to research and keep up to date of industry technical/business security requirements and translate those requirements into the healthcare information environment
- Excellent communication skills (both written and verbal)
- Competent interpersonal skills, demonstrating the ability to lead projects
- Ability to coordinate and perform multiple tasks/projects simultaneously, balancing priorities and deliverables
- Basic organizational and time-management skills.
- Must identify opportunities for and contribute to the improvement of quality and cost, as well as customer, and employee satisfaction.
- May also be required to perform other duties as assigned
The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.