- Purpose of Job
- Perform monitoring of the environment and respond to all types of information security events. Provides assistance and support in the development and maintenance of information security protocols for the enterprise. Act as escalation point for departmental staff with issues.
- Job Requirements
- Bachelor's Degree in Computer Science, Business Information Systems, Information Technology, Information Security or a related field required.
- Relevant equivalent work experience may be substituted for degree.
- Minimum 6 years of IT experience (e.g., Security Operations Center, Network Operations Center, System Administrator, Helpdesk support, etc.) required.
- Active Directory and Windows desktop and Server Administration experience required.
- Experience with enterprise-wide security architecture and/or security procedures required.
- Certified Information Systems Security Professional (CISSP) required within 1 year of hire.
- Skill organizing and managing workload.
- Skill troubleshooting technical issues.
- Skill providing customer service to all levels in the organization.
- Fundamental knowledge of information security technologies and best practices.
- Knowledge of network, software, and hardware configuration, maintenance, and performance tuning.
- Knowledge of LAN/WAN and wireless technology.
- Knowledge of network protocols, operating systems and concepts.
- Knowledge of Office 365 Suite.
- Knowledge of endpoint security solutions.
- Knowledge of Identity and Access Management systems.
- Knowledge of Asset Management systems and processes.
- Knowledge of enterprise CCTV cameras and systems.
- Knowledge of enterprise physical access control systems.
- Knowledge of firewall administration, multi factor authentication.
- Ability to capture and analyze log files.
- Ability to effectively communicate verbally and in writing.
- Ability to work in an environment of change.
- Ability to work in the absence of direct supervision.
- Ability to work a call schedule.
- Ability to automate manual functions.
- Physical Requirements
- Weight Demands
- Light Work - Exerting up to 20 pounds of force.
- Not neccessary for the position (0%):
- Occasionally Performed (1%-33%):
- Distinguish colors
- Frequently Performed (34%-66%):
- Repetitive Motions
- Constantly Performed (67%-100%):
- Not Related:
- Chemical agents (Toxic, Corrosive, Flammable, Latex)
- Biological agents (primary air born and blood born viruses) (Jobs with Patient contact) (BBF)
- Physical hazards (noise, temperature, lighting, wet floors, outdoors, sharps) (more than ordinary office environment)
- Explosives (pressurized gas)
- Electrical Shock/Static
- Radiation Alpha, Beta and Gamma (particles such as X-ray, Cat Scan, Gamma Knife, etc)
- Radiation Non-Ionizing (Ultraviolet, visible light, infrared and microwaves that causes injuries to tissue or thermal or photochemical means)
- Mechanical moving parts/vibrations
- Essential Job Functions
- Essential Functions I
Strategy and Planning
- Research and stay informed of potential information security threats, industry trends, emerging technologies, and response alternatives.
- Recommend improvements to information security policies, procedures, and guidelines.
- Assess, monitor, and assist with recommended improvements to health system security procedures for user access creation, modification, and removal.
- Lead and conduct research and provide insight to identify, assess, and deploy security technology solutions and through vendors, including but not limited to encryption, firewalls, authorization, authentication, intrusion detection, and gateway security controls.
- Complete and guide the team with approval, tracking and reporting any security exceptions as the need arises.
- Perform Pre-procurement Risk Assessments as the need arises.
- Prepare status reports on security matters to analyze security risk and response of vendor security controls.
- Monitor and proactively recommend solutions for correcting issues related to security technology performance and capabilities of vendors.
- Assist with defining recommendations for security improvements and tool acquisition to Board and Senior Management.
Acquisition and Deployment
- Lead the evaluation and use of security technologies and tools.
- Provide insight on and the deployment of security technology solutions, which may include technology for encryption, firewalls, authorization, authentication, intrusion detection, and gateway security controls.
- Work with teams to demonstrate processes and ensure appropriate levels of access are applied throughout the information and identity lifecycles.
- Lead the planning, selection, and implementation of new systems and technology solutions as defined by the Security Architect and leadership.
- Work in an advisory role in system deployment or acquisition projects to assess security requirements and controls to ensure that security controls are implemented as planned.
- Maintain, manage and monitor health system compliance with security control frameworks such as HIPAA, PCI and other law/regulations.
- Engage in regular assessment of the current IT security environment to identify weaknesses and work with IT management to develop opportunities for improvements such as reducing complexity, reducing time and cost, and increasing effectiveness.
- Serve as a technical subject matter expert for assigned systems and backup on assigned systems.
- Serve as a technical subject matter expert providing expertise in the security domain and provide technical direction to lead appropriate work on security related projects.
- Lead, facilitate, analyze, execute, govern and represent plans or identified approaches for contracted security assessments, driving remediation through partnering with the business and I.T.
- Assessment of potential threats and risks to systems and management of those risks.
- Weigh business needs against security concerns to articulate issues and recommend options.
- Participate in the design, development, and delivery of security training programs.
- Create playbooks and procedures for responding to and reporting on Security Incidents.
Incidents and Tasks
- Runs point for security incidents, investigations, running forensics tools and event documentation/reporting. Provides sound problem determination and resolution.
- Respond with a sense of urgency.
- Escalate to supervisor any situation outside the employee's control that could adversely impact services.
- Ensure quality resolution and thorough and accurate documentation of incidents and tasks.
- Provide analysis regarding recurring incidents, recommending improvements aimed at reducing future occurrences.
- Provides on-call availability.
- Communicates with the appropriate individuals prior to reassigning an incident or task.
- Leads root cause analysis to prevent recurrences (Problem Management).
- Ensure that team members are addressing incidents in a timely fashion and are communicating with others as needed when issues occur.
- Technical resource for admins and other IT department personnel to troubleshoot and resolve security incidents.
Teamwork and Documentation
- Updates system documentation in designated systems as new issues and fixes are identified.
- Defines and implements support procedures and protocols for Desktop, Service Desk, and other team members.
- Defines, develops, and implements procedures for system maintenance.
- Considered a knowledgeable resource for documenting KB Articles and SharePoint documentation.
- Documents system architecture and proficient in creating accurate system diagrams.
- Actively mentors and trains teammates to assure needed support coverage.
- Does not exhibit territorialism toward responsibilities.
- Shares responsibilities and knowledge with any/all team members, and learns from them in return.
- Seeks the root causes of problems without seeking to lay blame.
- Review and approval of Standard Change templates.
- Work with management to ensure that documentation standards are in place.
Essential Functions II
Participates in mandatory in-services and/or CE programs as mandated by policies and procedures/external agencies and as directed by management.
Follows and understands the mission, vision, core values, Employee Standards of Behavior and company policies/procedures.
Other duties as assigned.
Methodist Health System