Information security analyst

Company Name:
Objectwin Technologies
Position: IT Security Analyst
Location: Newport Beach, CA
Duration: 4 Months Contract
Maintains Clients Information Technologies (IT) security policies, procedures, standards, and guidance consistent with client and other (ex. HIPAA, State and Government) requirements.
Leads and conducts reviews that ensure all systems have effective, quality IT security documentation in place including a risk assessment, effective IT security plans, and tested contingency plans. Coordinates design and management of firewalls. Develops security plans and technical environments to manage effective security operations
Reviews security configurations of acute and ambulatory applications to assure client Security Polices are adhered to.
Conducts assessments of the operating unit's IT Security Program to ensure effective implementation of and compliance with established policies and procedures. Establishes a process to track remedial actions to mitigate risks in accordance with standards for plans of action and milestones.
Develops policies, procedures and processes for ongoing activities that serve to provide appropriate access to and protect the confidentiality and integrity of patient, provider, and employee, and other business information in compliance with law, regulations, policies and standards for Client. Responsible for the execution and use of security measures to protect data related to clients applications and systems.
Actively serves as an internal information security consultant related to IT security. Supports security related to applications and systems in a way that provides appropriate, demonstrable, consistent and coordinated security procedures, and practices that are compliant with related law, regulation, policy and professional standards. Cultivates and maintains awareness related to information security among the workforce members. Leads or participates in risk assessments and risk management planning related to the information security features of systems, networks, and related administrative activities. Performs review and monitoring of assessments, plans, implementations, operations, and usage related to information security throughout client. Consults in disaster recovery and contingency planning and testing for Clients information systems.
Provides direction, writing, educating, and administering the implementation of the client IT security policies, best practices, architecture, and system security across the organization. Conducts studies within and outside the organization to ensure compliance with standards and currency with industry security norms. Participates in the planning and implementation of security administration for IT projects. Leads or supports the evaluation and selection of security applications and systems. Supports key security tasks including reviews, access audits, and developing role-based access for enterprise IT systems. Provides response to support related security inquiries and works with department leads, Human Resources and Medical Staff in addressing issues. Acts as Level II support for incidents. Develops and uses department Incident Management processes. Provides technical assistance and guidance in developing IT security and disaster recovery programs.
Provides key support to client Privacy and Compliance, Legal, and HR departments in investigations related to use of and activity on client systems and applications. Gathers data, performs analyses and shares conclusions as appropriate. Produces data extracts and documentation as needed in support of legal and HR cases.
Position may require travel between various client locations and its affiliates.
Position may require participation in 24/7 department on-call program. Position may require participating in meetings outside of normal business hours and/or alternate shifts including occasional evenings and/or weekends.
Operating Model Relationships:
IT Security Analyst and Security Analyst Senior will interact with the following groups:
All IT users and groups:
o To: incident and service request support; security awareness and best practices; security policies and procedures
o From: incident reports; service requests; IT security reviews and reports
o To: architecture inputs; requests for standards; IT process coordination; SLAs, incident resolution support (Level II and III); service request implementation
o From: standards; IT process coordination, incident resolution support requests; service request execution support
o To: project support
o From: project support requests
Follow clients Privacy and Corporate Compliance:
o To: notification of IT security violations
o From: analysis and notification of HIPAA violations; corporate compliance direction
Human Resources:
o To: IT security violation data
o From: information requests
o To: IT security violation data
o From: information requests
Corporate Communications::
o To: input for IT security-related corporate communications
o From: communications guidelines and feedback
Regulatory related: HIPAA, HIPAA Security Rule, HIPAA Privacy Rule, ISO 17799/27002, PCI, SB1386, AB1298, FERPA
General Security technical function: Logs, Log management, Mobile Device Management (MDM), Security Information Management (SIM), Security Event Management (SEM), SIEM, firewall, IDS, IPS, ACL, encryption, PKI, SSL, SSH, IPSec, VPN, VDI, Active Directory, AD, Web Security, Application Security, Database Security, Identity and Access Management (IAM), Antivirus (AV), malware, Single Sign On (SSO), Forensics, eDiscovery, Security Operations Center (SOC), penetration test
General Security administrative function: audit, assessment, policy, procedure, privacy, compliance, standards, project management, incident management, vulnerability assessment
Clients specific vendors / products: Symantec, SEP, Cisco, IronPort, Brightmail, Nessus, Websense, Loglogic, Citrix, Imprivata, MobileIron, VMWare, FairWarning, Check Point, Pointsec, Bitlocker, NMap, WireShark.
To learn more about the position, please reach me at 832-485-3640/

Don't Be Fooled

The fraudster will send a check to the victim who has accepted a job. The check can be for multiple reasons such as signing bonus, supplies, etc. The victim will be instructed to deposit the check and use the money for any of these reasons and then instructed to send the remaining funds to the fraudster. The check will bounce and the victim is left responsible.

More Jobs

Information Security Analyst
Santa Clara, CA Silver Peak Systems Inc
Information Security Analyst
Pleasanton, CA Patelco Credit Union
Credit Union - Information Security Analyst
Los Angeles, CA University of Southern California
Senior Information Security Analyst
Mountain View, CA Verb Surgical
Information Security Analyst - Vulnerability ...
Irvine, CA U.S. Bank
Sr. Information Security Analyst - Vulnerabil...
Irvine, CA U.S. Bank