Position: Senior Security Analyst - Remote
Posted on: October 7, 2021
Job Title: Senior Security Analyst
Location: Remote (Eastern Time Zone Hours)
Status: Full-time, Exempt
PatientPoint ® is the patient engagement platform for every point
of care. Our innovative, tech-enabled solutions create more
effective doctor-patient interactions and deliver high value for
patients, providers, and healthcare sponsors. Through our nearly
140k unique healthcare provider relationships, PatientPoint's
solutions impact roughly 750 million patient visits each year,
further advancing our mission of making every doctor-patient
engagement better®. Learn more at patientpoint.com.
As the Senior Security Analyst, you will own PatientPoint's IT
governance, risk management, and compliance (GRC) programs. This
mission-critical individual will actively develop security policy,
best practices, and security awareness across the organization. In
addition, you'll conduct quarterly access reviews, perform IT risk
assessments & audits, resolve risk register items, and support
third-party/vendor risk management.
- Own the day-to-day management of the IT GRC program and
identify opportunities to improve existing processes and controls
- Perform and manage IT Risk assessments and audits to support
requirements of various security frameworks and professionally
articulate technical risks in terms of business impact.
- Manage quarterly access reviews and conduct regular phishing
- Identify critical risks and issues and drive issue resolution,
escalating to senior management/stakeholders, using contingency
planning, and demonstrating appropriate risk management .
- Manage all Risk Register items by assigning owner, tracking
status, and actively managing corrective actions.
- Facilitates the overall planning, execution, and reporting of
risk assessments and audits to support CIS, NIST, ISO types of
requirements, and other compliance-related initiatives.
- Develop risk assessment standards and processes for 3 rd party
- Work with the Legal to establish and maintain policies and
ensure continuous compliance with state privacy laws.
- Participate in the development and execution of the
enterprise-wide Information Security Awareness and Education
Program, a critical component of the Information Security Program
- 5+ years of professional information technology
- 2+ years of experience in an IT security position with
oversight for GRC process .
- Experience building and managing GRC frameworks and processes
- Experience with GRC tools such as KnowBe4, Proofpoint,
Riskonnect, or similar.
- Experience using a ticketing system such as JIRA or
- Experience working in either a HIPPA compliant or PCI
- Knowledge of Information Security concepts and technologies
such as networking ( on-premises and cloud), network segmentation,
vulnerability scanners, firewalls, IPS\IDS, network analyzers, data
loss prevention, security event management, encryption
technologies, proxies, cloud services, mobile devices .
- Direct experience with implementation and management of
security frameworks such as ISO 27001, NIST, or CSF .
- Experience with GDPR, CCPA, VCDPA or related state or federal
privacy laws .
- Certification such as Certified Information Systems Auditor
(CISA), or Certified Internal Auditor (CIA), Certified Information
Systems Security Professional (CISSP), Certified Information
Systems Auditor (CISM), Certified Ethical Hacking (CEH), GIAC
Information Security Professional (GISP) .
Keywords: PatientPoint, Middletown , Position: Senior Security Analyst - Remote, Other , Middletown, Ohio
Didn't find what you're looking for? Search again!