JOB DESCRIPTION

Position title: Information Security Analyst
Reports to: Privacy and Security Officer
FLSA status: Exempt

This role is 100% in-office. No hybrid or remote work arrangements are available. 

Position Summary
The Information Security Analyst (ISA) will work alongside the Privacy and Security Officer to implement and administer IT security and privacy functions across the organization

Responsibilities (Position may include additional functions not listed) 

• Primarily responsible for monitoring the IT security infrastructure, assisting with articulating technical security requirements, monitoring the effectiveness of existing IT security framework, making recommendations for enhancements, and raising the level of security awareness.
• Manage security information and event management (SIEM) platforms.
• Establish controls to support security and privacy policies/procedures and oversee their implementation. 
• Ensure access to all information systems is controlled, both internally and externally, commensurate with the level of potential risk.  
• Responsible for responding to information security incidents, to include coordination, root cause analysis, and other security investigation activities. 
• Facilitate development, design, and implementation of proposed updates, enhancements and new functionality so that enterprise privacy and security is maintained. 
• Participate in execution of IT security projects, such as risk assessments, security audits, vulnerability scans, and related. 
• Participate in development of techniques, procedures, and utilities for improving the overall security posture of Your Health Idaho. 
• Participate as a member of a team providing pertinent security information and input to strategic and tactical planning, initiatives and project planning. 
• Identify emerging privacy and security practices and technologies to be assimilated, integrated, and introduced within the organization.
• Participate in ongoing improvements of system enhancements from an Information Security perspective.
• Assess new security threats and vulnerabilities and make recommendations on appropriate avoidance and mitigation strategies.
• Stay informed of evolving regulations, statues, threats, risks, technology, and recognized best practices and to regularly coordinate with counterparts at CMS, NIST, SANS and other privacy and security authorities. 
• Participate in ensuring Idaho’s Authority to Operate by administering Your Health Idaho’s Authority to Connect (ATC) compliance package.
• Perform other duties as assigned.

Qualifications (Required knowledge, skills, abilities, education, experience, etc.)

• BA/BS in computer science or business-related field or equivalent
• Certified Information Systems Security Professional (CISSP) certification preferred
• Minimum three years’ related experience to include enterprise IT operations and/or privacy/security responsibilities preferred
• Thorough understanding of the CIA Triad (Confidentiality, Integrity, Availability)
• Skilled across all areas of Information Security including Operations, Physical, Network, OS, Application Security
• Demonstrated project management skills, vendor management, and analytical skills
• Ability to balance strict regulations with the ambiguity seen in fast paced operations and a start-up organization
• A committed team player with exceptional interpersonal, problem-solving, and communication skills with ability to develop and maintain cooperative and productive work relationships. 
• Ability to assume responsibility and maintain confidentiality consistent with the values and integrity of YHI.

Physical & Other Requirements 

• Ability to work in an office environment. Frequent facilitation of meetings or group discussions. 
• Ability to listen to and understand others as well as ability to give and receive instructions via telephone, electronically, face-to-face, and in writing. Must possess the ability to write and compose correspondence, memorandums, and reports manually and via computer or email.
• Occasional lifting or movement of materials up to 25 pounds. 
• Availability to work additional hours or weekends as projects demand. Some travel may be required.

*The functions described herein are not the only responsibilities and tasks to be performed by the individual occupying this position. The individual will be required to follow any other instructions and to perform any other job-related duties as required by his/her supervisor or manager. Requirements stated herein are minimum levels of knowledge, skills, and/or abilities to qualify for this position. To perform the responsibilities of this position successfully, the individual will possess the abilities and aptitudes to perform each task proficiently. “Ability” means to possess and apply both knowledge and skill.

 This job description includes the essential functions of the job that an incumbent must be able to perform with or without reasonable accommodation.

 This document does not create an employment contract, implied or otherwise. The organization maintains “at will” employment. This job description is subject to review and may be revised or updated at management’s discretion.