Under the direction of the Manager, Security Operations, the Security Operations Analyst protects organizational assets by ensuring an effective information security control environment for Memorial Health System. This role is a combination of project management and incident response through identification, analysis, prioritization, communication and mitigation of incidents as they occur.

Minimum Qualifications:
Education:
• Bachelor’s degree in health information management, Computer Science, Business, Cybersecurity, Health Care, or related discipline required. Four or more years of relevant prior work experience may be considered in lieu of degree.
Licensure/Certification/Registry:
• Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), or similar security related certification preferred.
Experience:
• Minimum 2 years of security experience required.
• Minimum 2 years of compliance experience preferred.
• Minimum 2 years of project management experience preferred.
• Demonstrated experience with healthcare clinical and financial applications required.
• Experience with audit methodologies and control frameworks (such as ISO27001 or NIST) required.
• Experience with MS365 Office suite and collaboration tools required.
Other Knowledge/Skills/Abilities:
• Demonstrated strong communication skills and diplomacy to work between technical and administrative teams at all organizational levels, as well as to write and update concise and accurate documentation.
• Demonstrated knowledge of Microsoft Windows systems, administrator and client/server communications protocol, UNIX, Oracle, LDAP, XML and directory administration. Demonstrated knowledge of computer systems, architecture and process flow.
• Evidence of leadership, creativity, integrity, and initiative. Evidence of ability to achieve results and inspire others to do the same, personal accountability, and dedication to continue learning and investigating relevant technology required.
• Demonstrated planning, problem-solving, decision-making, analytical and change management skills.
• Demonstrated ability to maintain confidentiality, professionalism, and trustworthiness.
• Demonstrated ability to drive projects forward and achieve objectives aligned with strategic direction, even in the face of stakeholder resistance or ambiguity.
• Must be personally motivated to achieve results alone and through others particularly related to providing exceptional customer service. Must be results oriented and be able to manage time appropriately in order to meet assigned goals.

Principle Duties & Responsibilities:
1. Performs various daily operational tasks as assigned by Security Operations Manager to ensure the continued security and protection of MH data.
2. Provides ongoing consulting on industry best practices regarding the securing of information assets.
3. Analyzes department processes and identifies security gaps between teams.
4. Documents control gaps; proactively develop plans to address identified gaps with subject matter expert and stakeholder input.
5. Investigate security incidents and breaches
6. Responds to computer security incidents according to the incident response policy and procedures.
7. Coordinate containment, eradication, and recovery efforts
8. Works with business areas to develop, document, and update policies, plans, processes, procedures, and guidance to ensure a safe, effective control environment.
9. Maintains the organizational security control baseline for security-related compliance.
10. Collaborate with vulnerability management teams to assess and remediate risks
11. Embodies the Memorial Health System Performance Excellence Standards of Safety, Courtesy, Quality, and Efficiency that support our mission, vision and values:
• SAFETY: We put safety first. We speak up and take action to create an environment of zero harm. We build an inclusive culture where everyone can fully engage.
• INTEGRITY: We are accountable for our attitude, actions and health. We honor diverse abilities, beliefs and identities. We respect others by being honest and showing compassion.
• QUALITY: We listen to learn and partner for success. We seek continuous improvement while advancing our knowledge. We deliver evidence-based care to achieve excellent outcomes.
• STEWARDSHIP: We use resources wisely. We are responsible for delivering equitable care. We work together to coordinate care.
12. Develops, maintains, and tests incident response plans to ensure organizational compliance with required laws and regulations.
13. Supports the Security Operations Manager in continued development and refinement of Disaster Recovery plans
14. Supports security awareness training, working to expose all departments to new and improved processes.
15. Perform triage on incoming alerts to determine severity and relevance, working with system, application, and network owners to explain, remediate, and document as needed

The intent of this job description is to provide a representative summary of the major duties and responsibilities performed by incumbents of this job. Incumbents may be requested to perform tasks other than those specifically presented in this description.