Information Security Analyst

Summary

Join Vytalize Health, a leading value-based care platform, as an Information Security Analyst and play a critical role in protecting the company from adverse events and developing incident response capabilities.

Responsibilities

• Assess risks
• Identify control weakness
• Conduct access reviews for the technology ecosystem
• Conduct awareness and training in accordance with the awareness and training program
• Monitor vulnerability and software patching processes
• Assist with incident response and disaster recovery planning and exercises
• Assist in the development, maintenance, and test of the incident response plans to effectively address and mitigate security breaches or compliance violations
• Assist in the test of the business continuity plans and disaster recovery plan to effectively sustain business process and to effectively restore the operability of a system, application, or infrastructure during and after a cyber incident disruption
• Coordinating and leading efforts to detect, analyze, and respond to security incidents and breaches
• Conduct both logical and physical access reviews for all information systems and physical security systems to identify non-compliance with the information security policies
• Summarize the access review and submit tickets for any corrective actions
• Monitor and track tickets to ensure timely completion
• Develop identity and access management procedures for the all the information systems and physical security systems to provide consistent processes
• Maintain the cyber security risk register with the risks, risk ratings, risk mitigation strategies and action plans
• Prepare and distribute regular reports to management and stakeholders summarizing risk assessments, compliance status, risk treatments plans, and recommendations for improvement
• Assist with data gathering and coordination with the various teams for audits and risk assessments
• Regularly test the controls implemented to identify controls weaknesses or modifications
• Conduct regular simulated phishing exercises to educate and detect malicious emails and other malicious events
• Schedule and conduct training to educate workforce members regarding cyber security best practices, regulatory compliance and other cyber security requirements
• Monitor the training campaigns to demonstrate the effectiveness of the training program and improve phishing detection and response
• Monitor remediation of the vulnerability assessment findings, including penetration test, application security test, and internal and external vulnerability scans
• Communication vulnerability assessment remediation and risks with IT and information security team members
• Collaborate with cross-functional teams
• Communicate security risks, issues, and recommendations to senior management and stakeholders, advocating for investments in cybersecurity and risk mitigation initiatives