NHRMC, established in 1967 in Wilmington, NC, is recognized as a preeminent healthcare organization focused on leading our community to outstanding health. We have an 855 bed network of hospitals and multi-specialty physician group practices with more than 200 physicians. With a network of primary, specialty, neighborhood clinics and regional medical centers; you will find our culture is the very definition of best in practice. Join us and find out how many ways NHRMC offers you the chance to focus on what really matters - our patients and community.
About the Job
Location: NHRMC Business Center A
Department: IS Security
Full Time Equivalent: FTE: 1.000000
Work Type: 64 to 80 Hours Pay Period
Work Schedule: STD HRS - Standard-Exe or Office w flex
Exempt from Overtime: Exempt: Yes
Remote Work Locations: NC, SC, GA, FL, VA, DE, MI, NV, OK, MS, AL, LA, IN, WY
What You'll Do
The IT Security Analyst is a member of the information security team and works closely with the other members of the team to develop and implement a comprehensive information security program. The IT Security Analyst reports to the Chief Information Security Officer. This position is actively involved with the on-going development and support of the IS Security Program including: Identity Access and Management (IAM), Data Protection, Threat and Vulnerability Management, Risk Assessments, and Security Governance. Successful candidates will be familiar with security tools and concepts, and capable of working independently.
1.Works with business units and with other risk functions to identify security requirements, using methods that may include risk and business impact assessments, to produce recommendations of acceptable risk and risk mitigation strategies.
2.Develop, implement, maintain and oversee enforcement of policies, standards, procedures and associated plans for system security administration and user system access based on industry standard best practices. Assist with defining baseline security configurations for operating systems, applications, and networking equipment.
3.Performs control and vulnerability assessments to identify control weaknesses and assess the effectiveness of existing controls, and recommends remedial action.
4.Researches, evaluates, designs, tests, recommends, and implements information-security-related hardware and software, to include playing an advisory role in product acquisitions to assess security requirements and to ensure security controls are implemented as planned.
5.Work closely with the Security Architects, IT Senior Security Analyst, Information Services staff and operational customers to ensure proposed and existing security technologies are aligned and implemented with organizational goals and objectives.
6.Assist with the implementation of information security management frameworks and applicable regulatory requirements.
7.Deploy, manage and maintain security systems and their corresponding or associated software.
8.Participate in incident response exercises with colleagues throughout the organization and incorporate lessons-learned into existing practices.
9.Design, implement and report on security system and end user activity audits
10.Monitor security logs for unusual or suspicious activity. Interpret activity and make recommendations for resolution.
11.Assist in the review of Change Control Requests submitted by IS Security
12.Assist organization in the resolution of reported security incidents.
13.Stays current with security trends and researches new threats, and recommends remedial action.
* Security+ Certification (IT)
* Cert IS Security Prof
* A+ Certification (IT)
* EPIC Certification
* Bachelors Degree
1.Cybersecurity Threat – IT Security Analyst: Working knowledge of multiple security specific product solutions and best practices including: network vulnerability scanners, application vulnerability scanners, data encryption solutions, operating systems, web site filtering tools, endpoint protection systems, firewalls, Intrusion detection and prevention systems, and Security information and event management (SIEM) solutions. Preferred experience with McAfee Enterprise suite of applications
2.Information Security Governance – IT Security Analyst: Working knowledge in the areas of security risk assessments and analysis, vendor security risk management, HIPAA security regulations, information security frameworks such as NIST Cybersecurity framework, ISO/IEC 27001 and 27002, and/or Control Objectives for Information and Related Technologies (COBIT).Working knowledge of operating systems, encryption, MS Active directory and group policy, application development principles and related security best practices.Strong verbal and written communication skills.
3.Identity Access Management team – IT Security Analyst: Experience with enterprise Identity Access Management solutions for on-premise and/or cloud based applications. Working knowledge of multiple specific product solutions and best practices including: MS Active directory, auto provisioning and de-provisioning technologies, federation technologies, multi-factor technologies, and Lightweight Directory Access Protocol (LDAP). Working knowledge of SQL, Web Services, Visual Basic and XML. Preferred experience with Imprivata OneSign solutions.
4.Identity Access Management EPIC -– IT Security Analyst: This position requires completion of an EPIC Security certification within 6 months of completing training. This includes working knowledge of EPIC security as it relates to configuration, setup, and ongoing maintenance of EPIC EMP and SER master files. Capable of working independently with minimal supervision to assists with Identity Access Management solutions and EPIC security related projects as well as access requests related to the security of the electronic health record. Preferred candidates will have an EPIC certification, working knowledge of Imprivata Onesign and how identity access management systems integrate with EPIC.
Experience: If you have Bachelor degree in Information Security, 0 years of experience required. If you have a Bachelor degree which is not related to Information Security, 2 years of experience in Information Technology/Security is required.
Demonstrates standards of performance (ownership, teamwork, communication, compassion) that support patient satisfaction and principles of service excellence.
Performs other duties as assigned.
Individual will possess commensurate combination of education, experience and qualifications.
This position description has been designed to indicate the general nature and level of work performed by employees within this classification. It is not designed to contain or be interpreted as a comprehensive inventory of all duties, responsibilities and qualifications which may be required of the employee assigned to the position. Depending on the location of the job, duties may vary. Receipt of the job description does not imply nor create a promise of employment, nor an employment contract of any kind; my employment with the Company is at will.
- Member Top 100 Hospitals – In 2016 NHRMC was recognized as a Top 100 Hospital demonstrating significant investment and financial sustainability for the communities we serve.
- Newsweek's 2020 list of Best Maternity Care Hospitals - NHRMC Betty H. Cameron Women's & Children's Hospital was named as a Best Maternity Care Hospital by Newsweek.
- Forbes America’s Best Large Employers 2018 and 2019- Link
- Becker’s 150 Top Places to Work in Healthcare- Link
- Healthgrades Outstanding Patient Experience
Consider a career at NHRMC and become part of this award winning team!