Sr Information Security Analyst Job at City of Hope – 3.8 in Irwindale, CA
City of Hope, an innovative biomedical research, treatment and educational institution with over 6000 employees, is dedicated to the prevention and cure of cancer and other life-threatening diseases and guided by a compassionate, patient-centered philosophy.
Founded in 1913 and headquartered in Duarte, California, City of Hope is a remarkable non-profit institution, where compassion and advanced care go hand-in-hand with excellence in clinical and scientific research. City of Hope is a National Cancer Institute designated Comprehensive Cancer Center and a founding member of the National Comprehensive Cancer Network, an alliance of the nation’s leading cancer centers that develops and institutes standards of care for cancer treatment.
The Senior Information Security Analyst supports the Information Security Department (ISD) in evolving the confidentiality, integrity, and, availability of the information assets related to City of Hope business and information systems. The incumbent in this role must have a professional image, the ability to work under pressure, and be able to resolve problems and conflicts. The incumbent takes a technical leadership role in the information security program by contributing to the development of an enterprise wide security risk program, policies and standards, vulnerability life-cycle management and remediation, evaluation of new security technologies, and contributes to security incident and event management. The incumbent takes a leadership role in supporting and assisting with coordination and implementation of all process and technical aspects of the Information Security Program.
Key Responsibilities include:
Develop and publish and risk analysis and assessment protocols for information security risk management purposes.
Work directly with business and technical teams to implement risk-related activities including accessing, planning, testing, reporting and recommending appropriate remediation measures.
Perform information security evaluations for information technology projects to ensure compliance with policies and regulatory requirements.
Contributes to the forensic analysis of security violations.
Conduct periodic self-assessments and gap analysis related to information security controls and manage the remediation to correct the gaps.
Participate in verifying network, wireless and firewall security systems by conducting reviews and policy assessments.
Provide analysis to support and maintain information security related technologies and architectures, such as, but not limited to, IDS (intrusion detection systems), VPNs (virtual private networks), data loss prevention tools, VLANs, firewall architectures, proxy servers, internet access policy servers, authentication systems, and content screening servers.
Ensures compliance to regulations, business requirements and City of Hope policies, standards, and procedures.
Design, document, and support network security design changes including wireless network.
Oversee and monitor risk mitigation and coordination of policies, standards and controls with the ISO and Compliance Officer.
Perform data security event correlation between various systems.
Supports the vulnerability life cycle management.
Provide incident response functions when appropriate and coordinate activities with other information technology teams.
Assist with the evaluation of new information security technologies with recommendations to management on the different products.
Review alerts and data collected from data security systems on a daily basis and report findings.
Contribute to the development of information security policies and procedures designed to meet the changing needs of the City of Hope.
Prepare documentation to support the development of information security policies, standards, guidelines, procedures and awareness training.
Performs special projects as assigned by the ISO.
Internal Contacts: Across all ITS departments, COH business, research and clinical areas, and VP/Director/Managers.
External Contacts: Software/hardware vendors.
Evaluate current information technology systems for information security gaps, identify, and implement remediation solutions.
Basic education, experience and skills required for consideration:
Bachelor’s Degree; experience may substitute for educational requirement
Five or more years in a technology related field and/or 5 years in information security specific experience. Hospital/healthcare industry experience is desirable, but not required.
Working knowledge of Information Security tools, practices, policies and processes in a multi-vendor environment with an emphasis on risk analysis, risk assessment and risk management.
Management/Computer Information Systems (MIS/CIS), Computer/Electrical Engineering, Computer Science or related field
CISSP – Certified Information Systems Security Professional or Equivalent
Any other certification is highly desirable:
CISM – Certified Information Security Manager
CISA – Certified Information Systems Auditor
GIAC – Certified Cyber Security
GISP – Information Security Professional,
GSEC – Security Essentials Certification,
SSCP- Systems Security Certified Practitioner,
GISF- Information Security Forensics,
Preferred education experience and skills:
Strong verbal and written communication skills and clear articulation of complex issue and problem-resolution skills a must.
Comprehensive understanding of the regulatory environment including HIPAA/HITECH, PCI, Red Flags; and, information security frameworks i.e. NIST, ITIL, FIPS, FISMA, ISO, and Cobit.
Knowledge of design, implementation, and maintenance of: security incident and event management (SIEM), local area networks and firewalls, Active Directory, group policy objects, scripting, vulnerability scanning, encryption, IDS/IPS, web filtering, LDAP, multi-factor authentication systems, exploits and hacker techniques, and, network and operating system security principles.
Strong verbal and written communication and organizational skills
Interpersonal and negotiating skills
Foster/promote a professional image
Works well independently or on multiple projects as a project team member
Software: MS-Word, Excel, Project and Visio
Knowledge of any of the following is desirable:
Security Incident and Event Management systems
Identity and Access Management solutions
Log monitoring software
Vulnerability Management tools
Database vulnerability and monitoring tools
VMware (virtual machine software)
Anti-malware and anti-virus detection software
Event Collection software
Event Correlation software
Microsoft Windows 2008 servers
Microsoft Windows 7 and 8
Network Analysis Software
Routers / Switches
IIS, HTTPS, SSL, SSH, POP3, DNS, FTP
Snort, Nmap, Snoop, Tcpdump, Wireshark
Company: City of Hope – 3.8
Company Location: Irwindale, CA