YMCA of the USA
The YUSA Security and Compliance team will establish security practices and improve the overall network, data and systems security.
The Network Security and Operations Analyst will ensure the compliance of all YMCA of the USA information systems and data security. The primary focus is on overall data network, systems security practices and compliance procedures for the entire organization
The Information Security and Compliance Analyst will be a member of the Information Technology team responsible for establishing and conducting network security administration, operations, risk management and compliance activities.
The position will also contribute to security related projects and programs, such as information security risk assessments, information security program development, IT policies and procedures, project management, BCP/DRP, compliance audits, cybersecurity audits, among other types of engagements.
Areas of Responsibility:
- Perform operation network security functions to actively monitor and protect the YUSA Network and maintain compliance consistent with established policies and practices:
- Plan, implement and upgrade security measures and controls
- Establish plans and protocols to protect digital files and information systems against unauthorized access, modification and/or destruction
- Maintain data and monitor security access
- Perform vulnerability testing, risk analyses and security assessments
- Conduct internal and external security audits
- Anticipate security alerts, incidents and disasters and reduce their likelihood
- Manage network, intrusion detection and prevention systems
- Analyze security breaches to determine their root cause
- Recommend and install appropriate tools and countermeasures
- Define, implement and maintain corporate security policies
- Train fellow employees in security awareness and procedures
- Coordinate security plans with outside vendors
- Ensure the implementation and consistent operation of YUSA enterprise information security governance, security risk management and compliance program.
- Perform compliance assessments to determine if business systems are aligned with HIPAA and other regulatory requirements, industry standards, and best practices and to information security policy, procedures, and standards.
- Support audit reporting policies, procedures and reports to support required compliance processes (e.g. Systems Access reports, incident reports)
- Conduct risk assessments to evaluate the effectiveness of existing controls and determine the impact of proposed changes to business processes, applications and systems.
- Develop, document and establish formal security policies, practices and procedures that are in compliance with regulations. Update and maintain all documents on an annual basis.
- Collaborate with key stakeholders to validate, verify and address audit findings, control deficiencies and remediation plans. Assist with the management of internal and external audits.
- Report on the status of compliance activities and remediation efforts.
- Develop metrics and reporting around the risk remediation program, feeding gathered information into various reporting trees at established schedule.
- Participate in staff training and awareness development activities.
Skills/Experience:
- Bachelor’s Degree in Computer Sciences or equivalent education and experienced 5+ years of business and/or systems experience including experience with IT industry best practices and structured, analytical approaches to problem solving
- 5 years of experience is working with network security, network operations, audit and/or other governance and management related activities or an equivalent combination of education & experience.
- Experience with Alert Logic, New Relic, Solarwinds and other monitoring, log management, IDS, IPS tools is desired. YUSA is in the process of migrating productions systems to the Azure cloud. Network security practices and standards are being developed using current tools along with Azure OMS.
- Certifications in the following preferred:
Certifications in CISSP, Cisco technologies (CCNA or CCNP)
CompTIA Network +, CompTIA Security +, ITIL Foundations - Experience with industry standard compliance and HIPAA information security compliance and securing e-PHI and PII. Understand information security best practices, including principles, security protocols and standards.
- Ability and experience in developing, documenting and establishing formal security policies, practices and procedures.
- Ability to express verbal and written communications appropriate to the audience, from business stakeholders, to highly technical IT personnel, as well as audit/compliance personnel, and other team members.
- Be highly organized and able to manage work effectively in a constantly shifting environment with multiple simultaneous tasks and deadlines.
- Track and report on status of remediation efforts.
- Ability to identify problems, risks and issues, facilitate and develop solutions with issue owners, and facilitate implementation of remediation efforts.
- Ability to gather data and synthesize information, perform analysis, and demonstrate how the results may impact the organization.
- Ability to read and interpret the results of audit reports and security assessments, associated compensating controls, residual risk, etc.
- Must be able to translate technical language and concepts to non-technical audiences.
- Possess and exercise a strong sense of ethics and confidentiality.
Job Function:
Organization Info
Listing Stats
Post Date:
Oct 31 2017
Active Until:
Dec 1 2017
Hiring Organization:
YMCA of the USA
industry:
Nonprofit