Sr Info Sec Analyst VAPM

How would you like to work in a place where your contributions and ideas are valued? A place where you can serve with compassion, pursue excellence and honor every voice? At Wellstar, our mission is simple, yet powerful: to enhance the health and well-being of every person we serve. We are proud to have become a shining example of what's possible when the brightest professionals dedicate themselves to making a difference in the healthcare industry, and in people's lives. Work Shift Day (United States of America) Job Summary: The Sr. Information Security Analyst functions as an information security subject matter expert supporting all aspects of WellStar with their knowledge and skills. The individual is experienced in many areas of the information security domains, and can conduct risk assessments, develop appropriate risk responses, and monitor the environment for change. The individual needs to have the capability to participate in several projects and tactical initiatives related to enterprise security, manage critical relationships with key stakeholders and vendors, drive process improvements for the information security program, and review risks assessments for potential security exposures. The Senior Analyst is also expected to mentor others interested in information security. The Sr. Information Security Analyst position reports directly to Mgt Information Security. Key responsibilities of the role include: This position will be responsible for monitoring and analyzing critical internal and external systems to ensure there are no misconfigurations with security standards and benchmarks that could lead to a compliance risk. Analyze management and technical controls to ensure that specific security and compliance requirements are met through the verification of documented processes, procedures and standards in order to validate maintenance of secure configurations. Perform CIS Benchmark assessments to analyze configurations and make recommendations for hardening configurations for Windows operating systems including servers, endpoints, VDI and thin clients. Identify and assess business and technology risks, controls which mitigate risks, and opportunities for control improvement. Analyze, report and track associated vulnerabilities to key stakeholders for remediation. Must be able to provide technical remediation details or workarounds, help track and identify asset inventory, log work tickets and exceptions and research vulnerability findings. Quickly respond and assess exposure and impact of zero-day vulnerabilities and provide management with briefings and course of action for mitigation. Must be able to provide management with security assessments and briefings to advise them of critical and high-risk findings that may impact WellStar operations and critical infrastructure. Identify and assess business and technology risks, internal controls which mitigate risks, and opportunities for internal control improvement. Assist with penetration testing when applicable. Experience with Rapid7 assessment tools - Rapid7 InsightVM and Insight Cloud Security preferred, CIS Benchmarking for endpoint, server and cloud infrastructure. Must be well versed in the Vulnerability Management Lifecycle Impact of this role in the organization is high. This position is important in helping to reduce loss and reputation associated with successful security breaches and resulting business disruption. If a security breach occurs, the costs of containment, recovery, public relations, and fines can quickly add up. Core Responsibilities and Essential Functions: 1. Conduct security assessments a. Test and monitor various systems and network components for vulnerabilities and misconfigurations that could lead to the compromise of Wellstars network. b. Test new toolsets to assist Wellstar in the vulnerability identification process. 2. Remediation a. Assist with efforts related in remediating findings from vulnerability assessments, benchmarks and penetration tests. b. Provide risk-based mitigation strategies for networks, operating systems and applications including technical remediation steps c. Prioritize vulnerabilities discovered along with expected remediation timelines d. Inform various teams of active threats, zero-day vulnerabilities and exploits in the wild that can have a direct impact on Wellstar operations e. Provide retesting services to validate remediation. f. Provide proof of exploitability for vulnerabilities found during the Vulnerability Management process, on an as needed basis. g. Provide actionable reporting so that Wellstar can remediate and mitigate risks discovered. 3. Process improvements and automation a. Continue supporting current process automations for the Vulnerability Management program. b. Create new process automations for the Vulnerability Management program. 4. Security Research a. Actively search for new vulnerabilities in systems and software. b. Report new findings through appropriate private disclosure methodologies. c. Monitor threat feeds for new emerging threats applicable to our environment. Performs other duties as assigned Complies with all WellStar Health System policies, standards of work, and code of conduct. Required Minimum Education: Bachelor's Degree four years additional experience Required Minimum License(s) and Certification(s): All certifications are required upon hire unless otherwise stated. CISSP - Cert Info Sys Security Pro-Preferred Additional License(s) and Certification(s): One of: CISSP, CISM, CISA, HCISPP, CPHIMS, CAHIMS. CRISC, GIAC, OCSP or any other equivalent security certification. Required Required Minimum Experience: Minimum 5 years in information security or a related field conducting security control assessments or audits Required and Rapid7 InsightVM and Insight Cloud Security, CIS Benchmark auditing tools for endpoint, server and cloud infrastructure. Required Minimum Skills: Strategic planning and the development of supporting policies and procedures Experience with information security principles, industry standards, and best practices Technical lead/project leader experience in planning, implementing, and supporting enterprise information security solutions Project management Develop and manage key stakeholder relationships Effectively coordinating work on multiple and diversified tasks while working with conflicting priorities and deadline Ability to balance business requirements, patient safety and security risks Ability to function with highly dynamic results-driven and high-pressure environment in order to achieve required objectives Strong attention to detail and problem solving skills Able to work independently and on a team Creative thinking and ability to "think outside the box" Knowledge of HIPAA Security Rule, PCI DSS and NIST CSF Join us and discover the support to do more meaningful work—and enjoy a more rewarding life. Connect with the most integrated health system in Georgia, and start a future that gives you more. Nationally ranked and locally recognized for our high-quality care and inclusive culture, Wellstar is one of Georgia’s largest and most integrated healthcare systems. Every day, 24,000 of us work together to provide personalized care for patients at every age and stage of life – and our team members are the foundation of that care. Mission, Vision & Values At a time when the healthcare industry is changing rapidly, Wellstar remains committed to exceeding patients’ and team members’ expectations, while transforming healthcare delivery. OUR MISSION: To enhance the health and well-being of every person we serve. OUR VISION: Deliver world-class healthcare to every person, every time. OUR VALUES: We serve with compassion We pursue excellence We honor every voice Culture of Excellence Wellstar consistently receives attention and accolades from national organizations that set the standards for world-class care. Our system-wide practice of safety principles, assessing and addressing errors and seeking feedback from our patients and customers continually earns recognition for advances in safety and quality. Featured on the FORTUNE “100 Best Companies to Work For” list and Seramount 100 Best Companies list, we not only provide top-notch care for our patients, but also foster the culture of Wellstar as a Great Place to Work.