InfoSec Risk Analyst
Austin, Texas, United States
Applications have closed
WellSky
WellSky® offers health care software solutions for every kind of care including home health, hospice, blood management, and more. Request a free demo today!The InfoSec Risk Analyst provides operational and administrative support for the information security program at WellSky. This position creates, implements, and monitors policies, procedures and controls as required by WellSky, its clients, and federal and state governments. The analyst will respond to security assessments from sales prospects and support WellSky’s internal and external audit requirements under its SOC2, Type 2 certification. The Information Security Analyst may also conduct incident response investigations to ensure appropriate reporting and corrective actions are taken. The position will conduct workforce training, raise awareness of security threats and best practices, and monitor the environment for threats.
Key Activities:
Design Controls, Policies and Procedures
- Ensure that appropriate security measures are included in application design
- Evaluate and recommend technical solutions for risk mitigation or controls
- Design appropriate policies and procedures as identified by risk assessment activities or awareness of emerging threats
- Monitor existing policies for compliance
- Participate in disaster recovery planning and business continuity planning
- Evaluate risk profile of WellSky’s SaaS and on-premise software products
Monitor the Risk Environment and Support Client Risk Assessments
- Drive or participate in risk assessment activities
- Assess risk of third parties with whom we do business
- Respond to the security questionnaires and security risk assessments of WellSky’s clients and sales prospects
- Review Business Associate Agreements (BAA) and other contract documents as needed
- Monitor information system activities for suspicious events such as logins, administrative rights usage, abandoned sessions or their vulnerabilities
- Perform vulnerability testing, risk analysis and security assessments utilizing security scanning tools, standards and best practices
- Keep current on best practices in risk mitigation
- Conduct third party risk assessments
Training and Awareness
- Conduct formal workforce training as required by law or regulation
- Conduct awareness activities to reinforce best practices
- Design and administer Phishing simulation campaigns
- Conduct incident response investigations. Document and report findings and make recommendations for corrective action.
- Interact with regulatory agencies, auditors or other compliance entities to support investigations
- Create management reports summarizing accomplishments in security controls as well as suspicious activities
- Strong written and oral communication skills
- Works with organizational objectives in mind and a team player
Required Competencies:
Create and review change management cases
Install, configure and maintain various computer platforms
Expert knowledge of datacenters and datacenter technologies and commonly used concepts, practices and procedures in Information Technology with excellent analytical skills
Lead others in designing, configuring, deploying and maintaining enterprise class and best of breed infrastructure networks, SAN’s, servers, systems and solutions
Required Qualifications:
- BS in Computer Science or a related technical field with 3 to 5 years’ experience in Information Technology Security or related functions (IT Audit, IT Risk Management); or an equivalent combination of education and experience.
- CISSP, CISA, CISM or other relevant certification
Preferred Experience:
- An understanding of healthcare from an operational and functional perspective preferred
- Technical experience with security related technologies such as Active Directory, encryption, anti-virus, or Experience with regulated data and government regulations (HIPPA, PCI-DSS) firewalls
- Knowledge of internal controls and Information Technology risk assessment and mitigation procedures
- Skilled at advocating and championing technical and non-technical solutions
- Strong analytical skills and capable of translating complex business problems into conceptual solutions that fit the business need
- Excellent interpersonal and communication skills
- Excellent critical thinking and analytical skills
- Customer service orientation
- Experience with at least one external audit standard (e.g. SOC2 Type 2, HITRUST, ISO 27001)
About WellSky
WellSky is a technology company leading the movement for intelligent, coordinated care worldwide. Our next-generation software, analytics, and services power better outcomes and lower costs for stakeholders across the health and community care continuum. In today’s value-based care environment, WellSky helps providers, payers, health systems, and community organizations solve tough challenges, improve collaboration for growth, harness the power of data analytics, and achieve better outcomes by further connecting clinical and social care. WellSky serves more than 20,000 client sites around the world — including the largest hospital systems, blood banks, cell therapy labs, blood centers, home health and hospice franchises, post-acute providers, government agencies, and human services organizations. Informed by more than 40 years of providing software and expertise, WellSky anticipates clients’ needs and innovates relentlessly to ultimately help more people thrive.
We're looking for talented individuals who want to use their skills to build a strong, technology-driven company. We offer competitive salaries, great benefits, including generous paid time off programming, and a casual and fun environment that encourages quality, creativity, and excellence. Enjoy all we have to offer. We invite you to join us. Apply today!
WellSky provides equal employment opportunities to all people without regard to race, color, national origin, ancestry, citizenship, age, religion, gender, sex, sexual orientation, gender identity, gender expression, marital status, pregnancy, physical or mental disability, protected medical condition, genetic information, military service, veteran status, or any other status or characteristic protected by law. WellSky is proud to be a drug-free workplace.
Applicants for U.S.-based positions with WellSky must be legally authorized to work in the United States. Verification of employment eligibility will be required at the time of hire. All U.S.-based employees must be fully vaccinated against COVID-19 unless a medical or religious exemption is approved.
Tags: Active Directory Analytics Audits CISA CISM CISSP Compliance Computer Science Encryption Firewalls HITRUST Incident response ISO 27001 Risk analysis Risk assessment Risk management SaaS Security assessment SOC 2 Vulnerabilities
Perks/benefits: Health care Team events
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Ethical hacker / Pentester H/F jobs
- Open Information Security Specialist jobs
- Open Manager Pentest H/F jobs
- Open Senior Cyber Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Cyber Security Specialist jobs
- Open Product Security Engineer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Principal Security Engineer jobs
- Open Staff Security Engineer jobs
- Open Senior Information Security Analyst jobs
- Open Cybersecurity Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Chief Information Security Officer jobs
- Open IT Security Analyst jobs
- Open Consultant SOC / CERT H/F jobs
- Open Cybersecurity Consultant jobs
- Open Security Specialist jobs
- Open Senior Information Security Engineer jobs
- Open Cybersecurity Specialist jobs
- Open Senior Penetration Tester jobs
- Open Security Researcher jobs
- Open Sr. Security Engineer jobs
- Open Senior Security Architect jobs
- Open Security Operations Analyst jobs
- Open Clearance-related jobs
- Open ISO 27001-related jobs
- Open Windows-related jobs
- Open Application security-related jobs
- Open Network security-related jobs
- Open Agile-related jobs
- Open Pentesting-related jobs
- Open Vulnerability management-related jobs
- Open GCP-related jobs
- Open Analytics-related jobs
- Open SaaS-related jobs
- Open CISA-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Security assessment-related jobs
- Open Java-related jobs
- Open IDS-related jobs
- Open DevOps-related jobs
- Open Malware-related jobs
- Open Security Clearance-related jobs
- Open EDR-related jobs
- Open Kubernetes-related jobs
- Open CEH-related jobs
- Open IPS-related jobs