Nemours is seeking a Senior Information Security Analyst to join our Nemours Children's Health team in either Wilmington, Delaware, Orlando, Florida or Jacksonville, Florida.
The primary focus of this position is: 1) assessing security risk of new engagements, new partners, and technologies including Cloud security controls 2) evaluating security controls against industry control standards such as the Cybersecurity Framework, HIPAA, and/or PCI standards and 3) maintaining and developing information security policies and procedures. 4) coordinate disaster recovery planning for efforts related to recovering from events that cause service interruption including identifying potential business impacts and recommending recovery options. Leads efforts in developing, implementing, and maintaining policies, procedures, and program documentation for ensuring the security and integrity of company data, databases, information systems, and technology. The position will coordinate clinical and technology planning for efforts related to recovering from information security events that cause service interruption including identifying potential business impacts and recommending recovery options. Conducts risk assessments of all information security dimensions, identifies gaps and recommends corrective actions. Requires relevant job experience in information security technologies and controls with technical systems reviews and hands-on technical security engineering, information security risk analysis, and information security analysis across multiple security control categories. Participates in risk management analysis and assists with the creation of business continuity, contingency, and disaster recovery plans. Responsible for developing and executing the testing processes utilized to validate the disaster recovery plans.
This work means that the analyst has to interact with hospital leadership, technical experts, vendors, and business operations in a collaborative and cooperative manner. Responsible for tracking and managing event response and recovery process and may implement and administer a database and tools for this purpose.
- Complete assessments of risk for new and existing technology, services, sites, site closures or engagements that flow through RVP or other requests and projects. Create InfoSec recommendations that align with our risk appetite and are achievable through organizational tools, process, and understanding. Utilize DR expertise for assessing InfoSec risks and assist others where DR controls should be applied.
- Evaluate security controls against industry control standards for confidentiality, availability, resiliency, integrity, and report on vulnerabilities, risks, and mitigations.
- Coordinate the creation of new, annual review, and testing of system impact analysis and disaster recovery plans for new Tier I, Tier II and as needed for Tier III applications and systems.
- Participate in emergency preparedness activities with Emergency Management.
- Develop criteria and lead tabletop exercises with clinical departments for cybersecurity incident preparedness.
- Identify all legal and regulatory compliance requirements for disaster recovery and create standards for secure lifecycle management of technical storage; conduct tape audits, provide technical expertise in a broad range of emergency response and management issues.
- Analyze exception requests, international travel, and shared device requests, and design secure workarounds with appropriate mitigating controls; conduct annual reviews of exceptions.
- Train relevant staff in the continuity and recovery process.
- Create annual Security Awareness web-based training course, liaison with content vendors, create and manage phishing training exercises, annual PCI training content, and report on results.
- Analyze data loss prevention alerts and escalate corrective actions to management.
- Bachelor's Degree required or equivalent work experience can be considered in lieu of degree.
- Minimum of four (4) + years experience required.
- Ability to effectively communicate complex topics with both technical and non-technical internal and external clients.
- Excellent team and interpersonal skills.
- Strong analysis skills with technical knowledge.