Security Analyst

Posted Date 14 Nov 2024



Experience Icon Experience 2 Years Salary Salary 58000USD
Job Type Icon Job Type Full Time Company Company Northwestern Medicine
Job Category Icon Job Category Security Qualification Icon Qualification BS Data Analytics
Gender IconGender Both Date Last Date 12 Feb
Vacancies IconVacancies 10 Remote IconRemote No
Location Location(s) Chicago , United States

Description Job Description


Mission & Values:

The Security Analyst is responsible for embodying the mission, vision, and values of Northwestern Medicine (NM). This position adheres to NM’s Code of Ethics, Corporate Compliance Program, and all relevant policies, procedures, and regulatory standards.

Key Responsibilities:

  • Third Party Risk Management:

    • Conduct cybersecurity risk assessments to ensure third-party partners meet NM’s security requirements.
    • Collaborate with third-party partners and internal departments to ensure compliance with NM security standards.
    • Review third-party contracts for the accuracy of cybersecurity language and provisions.
    • Perform annual cybersecurity assessments of third-party partners and create reports and audits.

  • Cybersecurity Assessments & Compliance:

    • Participate in HIPAA, PCI, and other security assessments.
    • Analyze architectural diagrams and recommend security measures to safeguard valuable information assets, including third-party solution diagrams.
    • Perform risk assessments on cloud services, applications, servers, mobile devices, medical devices, and IT resources.

  • Policy and Procedure Management:

    • Conduct annual security policy reviews to keep policies updated with changing technologies and services.
    • Follow up with Information Security teams to ensure risk assessments are updated in the Governance, Risk, and Compliance (GRC) tracking tool.

  • Operational Support:

    • Respond to daily security tickets and requests.
    • Participate in an on-call rotation for security-related incidents and issues.

Competencies / Performance Expectations:

  • Third-Party Risk Management Proficiency
  • Familiarity with HIPAA Security and Privacy Rules
  • Understanding of Cybersecurity Contract Language
  • Security Operations Experience
  • Knowledge of PCI Compliance

Qualifications:

Required:

  • Bachelor’s degree or equivalent work experience.
  • At least two years of professional IT experience, including cybersecurity.
  • Working knowledge of the following:
    • Network protocols and topologies
    • Security controls (proxies, IPS, IDS, firewall, packet analyzers)
    • Systems (Windows, Linux/UNIX)
    • Software Development (development/scripting languages)
    • Incident Response
    • Threat and Vulnerability Management
    • Experience with at least two major security vendors relevant to the position.
    • Knowledge of security standards/controls under various IT governance and compliance models (NIST, HIPAA, PCI, ISO 27001 & 27002, ITIL).
  • Excellent problem-solving skills.
  • Strong organizational skills, including task tracking, follow-up, and collaboration with peers.
  • Verbal and written communication skills.

Preferred:

  • Relevant certifications or courses such as:
    • Associate of (ISC)/CISSP, GSEC, GCWN, GCED, or CEH.

Equal Opportunity Employer:

Northwestern Medicine is an affirmative action/equal opportunity employer. They do not discriminate in hiring or employment on the basis of age, sex, race, color, religion, national origin, gender identity, veteran status, disability, sexual orientation, or any other protected status.

Filter Results Clear all

By Application Type

By Category