SR. INFORMATION SECURITY (INFOSEC) ANALYST - RISK AND COMPLIANCE

Job Title: Sr. Information Security (InfoSec) Analyst - Risk and Compliance



ABOUT CITY OF HOPE:



City of Hope, an innovative biomedical research, treatment and educational institution with over 4000 employees, is dedicated to the prevention and cure of cancer and other life-threatening diseases and guided by a compassionate, patient-centered philosophy.



Founded in 1913 and headquartered in Duarte, California, City of Hope is a remarkable non-profit institution, where compassion and advanced care go hand-in-hand with excellence in clinical and scientific research. City of Hope is a National Cancer Institute designated Comprehensive Cancer Center and a founding member of the National Comprehensive Cancer Network, an alliance of the nation's 20 leading cancer centers that develops and institutes standards of care for cancer treatment.



POSITION SUMMARY & KEY RESPONSIBILITIES:



Reporting to the Information Security Risk and Compliance Manager, theInformation Security Risk and Compliance Senior Analyst is responsible for security risk activities management, security policy management and security incident response & security awareness. In addition, the incumbent will oversee and support security administration activities, including monitoring and reporting security activity, user access reviews, internal and external audit requests, vulnerability management and physical/logical security system administration. The Senior Analyst is responsible for identifying risks relating to information security, IT risk management, IT governance, Compliance, Payment Card Industry (PCI), Incident response and Vendor Risk management. The role also directs the adoption and implementation of policies and procedures across the enterprise.





Additionally this role will work with the Security Engineering and Architecture team, responsible for ensuring overall enterprise security architectural design complies with identified policies and procedures. This role will also be responsible for defining Enterprise Architecture processes such as the Enterprise Architecture process and for leading the integration of these processes with other related business and IT processes.



ESSENTIAL FUNCTIONS:





  • Lead or assist in the planning, implementation and introduction of projects for new systems, technologies, processes and procedures


  • Monitors information security risk through strict governance processes and procedures


  • Skilled collaboration with subject matter experts, business partners, business units, and executive leadership to ensure alignment of expectations


  • Experience with information security risk assessments


  • Ensure adherence to project schedules; monitor project milestones; and recommend resource allocation to avoid budget or schedule variances


  • Provide strategic reports for executive leadership, business stakeholders, and IT team


  • Collaborate with business units and vendors to build effective relationships and collaborative team environments




TECHNICAL SKILLS & EXPERIENCE:



  • Perform current state risk assessments, continual risk assessments, gap analysis, risk metrics and reporting, risk convergence IT risk and control framework design, and integrated operational risk management


  • Identify and prioritize risk based on impact and likelihood, inherent vs residual


  • Maintain and monitor Information Security Risk Exception process to ensure identification of areas of high risk


  • Monitor and advise on information security issues related to the systems and workflow to ensure the internal security controls for the campus are appropriate and operating as intended


  • Provides coordination and support for execution of IT security projects


  • Monitors regulatory compliance with enterprise security policies and educates department leaders on compliance efforts


  • Create and manage an information security awareness program to customize communication tools and campaigns for each department and the roles


  • Coordinates business continuity planning efforts across departments


  • Understands the different levels of risk tolerance and risk exposure across the organization and balance this with risk investments


  • Sets standards and policies for information sharing on internal and external platforms


  • Collaborate with IT management, the legal department, safety and security, others to manage security vulnerabilities


  • Consults with program/project teams to fit solutions to architecture across all viewpoints


  • Understands, advocates, and supports the enterprise's business and IT strategies


  • Ensures that the optimal governance structure and compliance activities (such as exception requests) are associated with identified risks


  • Analyzes industry, technology, and market trends to determine their potential impacts on the enterprise


  • Analyzes the current business and IT environment to detect critical deficiencies and recommends solutions for improvement


  • Proactively shares knowledge of technology risks and opportunities to improve efficiency and effectiveness of the Cyber Security and Enterprise ArchitectureS/he partners with business leadership and other key stakeholders to define opportunities and prioritize IT Business Requests and projects based on predefined criteria (e.g. return on investment, productivity, compliance, legal, operational risk reduction, and contractual requirements)


  • POSITION QUALIFICATIONS:



    EDUCATION / EXPERIENCE / CERTIFICATIONS:


  • Bachelor's Degree


  • Master's Degree (Preferred)


  • 5 years of experience of working in Information Security


  • Preferered oneor more industry certifications such as CISSP, CISM, CRISC, GSEC and CISA required within 6 months of hire


  • City of Hope strongly supports and values the uniqueness of all individuals and promotes a work environment where diversity is embraced. City of Hope is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, religion, color, national origin, sex, sexual orientation, gender identity, age, status as a protected veteran, or status as a qualified individual with disability. *LI-DA | *CB-DA






      Login with Facebook


    Sr. Information Security (InfoSec) Analyst - Risk And Compliance Located At CA, Irwindale - Job Post By: City Of Hope






    [Browse Jobs] - [Back to Previous Page] - [Random Jobs]


    Site Sponsors