Why VITAS Healthcare and What Do They Offer Me?
VITAS Healthcare is the nation’s leading provider of end of life care. We provide our employees opportunities for professional growth, advancement and competitive benefits.
The Senior Information Security Analyst will act in a security operations and tactical defense capacity, having accountability of various information security tools and processes.
- Ensure computer assets, protected health information, personal identifiable information, and other intellectual property are protected while maintaining compliance obligations to HIPAA/HITECH/PCI-DSS and Sarbanes-Oxley (SOX).
- Conduct audits with internal and external auditors and make recommendations as needed to improve compliance and the security culture.
- Be fully accountable for the management, maintenance and configuration of endpoint security protection, intrusion prevention/detection systems, vulnerability management systems, data loss prevention, and others.
- Assist in the development of VITAS’s security metrics program. Work closely with the IT and Technical Services teams to identify, document and mitigate security risks related to Authentication, Authorization and Accounting across all assets..
- Enforces authorized access by investigating improper access; revoking access; reporting violations; recommending improvements.
- Monitor and escalate security incidents discovered throughout the organization.
- Investigate and document incidents as needed to ensure the confidentiality, integrity and availability of business critical systems and data protection.
- Monitor and review user provisioning for account databases.
- Maintain, monitor and review database auditing reports.
- Configure and automate consistent security alerting and reporting capabilities for network, application and host-based security systems
- Help protect network boundaries, keep computer systems and network devices hardened against attacks and provide security services to protect highly sensitive data like passwords and customer information. Work hands-on with network equipment logs and actively monitor our systems for attacks and intrusions.
- Work with software developers to proactively identify and fix security flaws and vulnerabilities.
- Competitive compensation
- Health, dental, vision, life and disability insurance
- Pre-tax healthcare and dependent care flexible spending accounts
- Life insurance
- 401(k) plan with numerous investment options and generous company match
- Cancer and/or critical illness benefit
- Tuition Reimbursement
- Paid Time Off
- Employee Assistance Program
- Legal Insurance
- Roadside Assistance
- Affinity Program
- Minimum five years’ work experience in information technology and/or information security, preferably in the healthcare industry.
- Must possess a highly technical and analytical background.
- Operational knowledge of current information systems technology and security assessment in a variety of platforms.
- Knowledge of networks; network operating system, firewalls, penetration testing and vulnerability assessment tools is required.
- Experience with Netflow analysis and configuration
- Knowledge of virtualization Security Standards a plus.
- Experience with Mobile Device Management solutions
- Solid understanding of Active Directory.
- Strong understanding of database security.
- Strong understanding of SOX, PCI-DSS and HIPAA/HITECH requirements.
- Understanding of database redaction and auditing tools is a plus
- Familiarity with other types of auditing tools.
- Should have an understanding of SOX, HIPAA,HITEC and PCI-DSSstandards..
- Detail, task oriented and ability to work on various assignments simultaneously.
- Ability to communicate tactfully, verbally and in writing with business users, managers and coworkers.
- Programming or powershell experience a plus but not required
- Linux/Unix platform knowledge is required.
- 5 years or more of relevant work experience analyzing the security of systems (penetration testing, Web Application security testing, vulnerability scanning, threat modeling, etc.).
- General security background in the use of cryptography, network/systems/physical security, authentication, authorization and usability.
- Knowledge of current threats, vulnerabilities, exploits (network-based and system-level) and mitigation methods.
- Bachelor’s degree in computer science or related field from an accredited college required.
Certification & Licensure:
- Certification as a Certified Information Systems Security Professional (CISSP) and/or Systems Security Certified Practitioner (SSCP) is desirable.