Description
JOB PURPOSE:
Assisting in the development, implementation and management of activities related to Piedmont Healthcare Systems Information Cyber Security Program. This includes but is not limited to: Incident Response/ System Forensics, Vulnerability Management, Intrusion Prevention, Log Correlation/Management, Data Classification and Loss Prevention.
Key Responsibilities
- Monitors network security devices such as Data Loss Protection (Internet monitoring device), Security Event & Incident Monitoring (SEIM), and Vulnerability Management solution(s).
- Investigates various security events and incidents such as denial of service, virus infestations, and network abuse.
- Provides technical information security consulting services to staff responsible for Piedmonts systems. Assist with implementation of counter-measures of mitigating controls.
- Performs detailed analysis of business need, identified IT Security impacts or considerations and translates into secure, viable technical solutions.
- Identifies areas where existing policies and procedures require change and suggests appropriate changes.
- Develops and maintains documentation and procedure of network security systems. Maintains current knowledge of relevant technologies.
- Assists with developing training and awareness material and conducting training classes.
- Assists with and/or performs special projects as requested.
- Assists in the analysis of assessment/ethical hacking findings and provide guidance on remediation recommendations.
Knowledge, Skills, Abilities
Working knowledge of security regulations such as HIPAA, PCI-DSS 3.2 and security standards including ISO 27002, and NIST.
Ability to maintain operational computer and network security, intrusion detection (IDS) and prevention (IPS), vulnerability scanning and data loss protection (DLP) at rest and in motion tools.
Solid understanding of the Information Security & IT controls, security penetration and vulnerability assessments.
Demonstrated knowledge of generally known information technology platforms, standards, and software development languages.
Skill and ability to communicate effectively both verbally and in-writing.
Skill and ability to handle multiple priorities and deadlines.
Ability to work as a member of a team.
Skill and ability in Microsoft Office applications.
Able to translate technical compliance and risk management terminology to non-technical staff.
Demonstrate small or medium project management skills.
#GD
Qualifications
MINIMUM EDUCATION REQUIRED:
Bachelors degree in Information Systems, Computer Science, Programming, Engineering or related field required.
In lieu of degree, four (4) years of relevant work experience will be accepted in addition to the experience requirement.
Minimum Experience Required
One (1) year of progressively responsible work experience in Information Security or related field to include experience in Network Security Protocols and Methodologies and experience with network and systems administration.
(If no degree, a total of five (5) years of experience required.)
Minimum Licensure/Certification Required By Law
None.
Additional Qualifications
Certification in the following area(s) is preferred:
Certified Information Systems Security Professional
(CISSP), Healthcare Certified Information Security and Privacy Professional (HCISPP), GIAC Certified
Intrusion Analyst (GCIA), GIAC Certified Window Security Administrator (GCWN), GIAC Security Essentials Certified (GSEC), Offensive Security Certified Professional (OSCP) or equivalent
certifications.