IT Security Analyst II, Fully Remote

Role Summary:

The IT Security Analyst II manages systems to protect data from unauthorized users. Identifies, reports, and resolves security incidents. Knowledge of commonly-used concepts, practices, and procedures within IT and security. This position audits information systems, platforms, and operating procedures in accordance with established corporate standards for efficiency, accuracy, and security. Evaluates IT infrastructure in terms of risk to the organization and recommend controls to mitigate loss. Determines and recommends improvements in current risk management controls, system changes, or upgrades. Provides support for client/customer security assessments, pre-delegation security audits for select vendors/subcontractors, and external security/compliance assessments, certification, accreditation, and audit processes, including HITRUST, SOC, ONC, and related industry and regulatory frameworks and standards.

Role Responsibilities:

Serves as Security Analyst

• Coordinate and implement security measures for information systems to regulate access to computer data files and prevent unauthorized modification, destruction, or disclosure of information
• Implement plans to safeguard computer files against accidental or unauthorized modification, destruction, or disclosure and to meet emergency data processing needs
• Participate in risk assessments and execute tests of systems to ensure security measures perform as intended
• Participate in the design and implementation of security solutions
• Configure, maintain, and support EDR, SIEM, firewalls, remote access, DMZ, proxy servers, VPNs, vulnerability management, and a variety of security tools
• Manage IDS/IPS and DLP services or software
• Monitor system and security logs and investigate and report incidents
• Participate in the execution and remediation of vulnerability scans
• Participate in the development and implementation of security-related policy, usage, training and documentation
• Knowledge of HIPAA
• Monitor and limit use of data files and regulate access to safeguard information in computer files
• Produce and maintain security documentation and reports
• Help promote security awareness to ensure system security

Internal Business Audits:

• Perform internal audits to ensure policies, procedures, and controls are being followed and applied appropriately
• Continually monitor the progress of internal audits and report to the Director of IT Security on audit status, challenges, potential risks, and remediation status; project manage audits to timely completion of audit deliverables through to audit closure
• Maintain an internal audit record for audit activity, including reports, findings, recommendations, and internal corrective action plans
• Develop a solid working knowledge of the features, functions, and applicable security standards for all Centauri products, services, and solutions
• Drive Centauri’s internal audit function towards continuous readiness for various audit types
• Work with internal leaders to ensure compliance and successful completion of audits such as SOC2 and HITRUST
• Work with internal teams to assist in the completion of client audits, questionnaires, attestations, review contracts, and amendments for technical compliance
• Maintain Centauri’s Vendor Management Program
• Assist with pre-delegation/contract audits and annual audits as required by both Centauri and HITRUST
• Assist with annual vendor audits and audits of potential vendors
• Assist with client/customer security assessment/audits
• Maintains a direct line of communication with the VP of Compliance and General Council to ensure separation of duties when auditing internal processes

Security Industry Compliance:

• • Reviews government regulations and state laws, HIPAA, and HITRUST for changes impacting our business.
• Communicates with appropriate individuals where appropriate.
• Manage HITRUST, SOC, and similar industry and regulatory accreditation and certification compliance assessments, prioritizing engagement tasks, including supervising the tests of business process and IT general controls, managing engagement progress and communicating
• Assess IT security policies, procedures, and controls of business applications, networks, operating systems, and other components of technology to ensure we are meeting current standards
• Develop a solid working knowledge of the features, functions, and applicable security standards for all Centauri products, services, and solutions
• Develop a solid working knowledge of the features, functions, and applicable security standards for all
• Develop strong relationships with internal teams through a comprehensive understanding of operations and communicating expectations, control needs, control exceptions, or engagement issues to the engagement team and SOC, HITRUST, and related accreditation and certification teams in a timely manner
• Manage the day-to-day aspects of multiple, concurrent engagements, prioritizing and managing engagement tasks, communicating engagement progress to the engagement teams

Business Support:

• Recommends improvements to policies, procedures, efficiency, and controls.
• Drives development and annual reviews of
• Business Impact Analysis (BIA)
• Business Continuity Plans (BCP)
• Disaster Recovery Plans (DR)
• Risk Assessment (RA)
• Policies and Procedures

Role Requirements:

• 1-3 years experience in IT or a technical-related position. Possesses project management and presentation experience.
• Bachelor’s degree preferred (MIS, CIS, or equivalent); or equivalent work experience.
• ble to develop and implement policies and procedures across the corporation
• • Able to establish and maintain working relationships with all departments, clients, and vendors
• • Excellent organizational skills
• • Good analytical skills
• • Good conflict management skills