Works with the Information Services (IS) Security Manager to ensure that security requirements are in place to protect the organization’s mission and business processes. Responsible for day-to-day operations, monitoring, and maintenance of in-place security solutions. Manages detected security related events or audits as required. Ensures compliance with the organization’s security goals and regulatory obligations. Participates in the design of the security strategy and plan.
This is a 100% remote position. Candidates must reside in one of these U.S. states: WA, OR, CA, AZ, CO, TX, IL, IN, MA, MD, VA, NC, GA, FL.
What we offer
- $72,000 – $100,000 salary DOE, with ability to go higher for highly experienced candidates.
- 100% employer-paid health insurance for employees including Medical, Dental, Vision, Rx, 24/7 telemedicine; profit sharing, 403(b) retirement plan, generous paid time off, paid holidays, and more
- Operates, monitors, and maintains security controls and solutions including ensuring proper configuration to allow maximum protection while maintaining user availability of appropriate resources.
- Serves as the Subject Matter Expert (SME) for security best practices and associated regulatory requirements and assists Network and Systems Engineers in designing architecture to ensure proper protections are in place.
- Performs the identification, investigation, and resolution of security-related events including audits and potential breaches. Ensures that proper investigative protocol is followed to ensure evidence integrity and legal permissibility. Ensures proper root-cause analysis and future mitigation is completed.
- Creates and maintains security policies, standards, guidelines and procedures incorporating industry best-practices.
- Maintains a security program that aligns with department and organizational strategic goals and incorporates the enterprise risk framework.
- Maintains the IS Business Contingency/Disaster Recovery plan under direction of manager. Participates in the security, risk, and disaster recovery procedure testing including table-top discussions, live tests, and event scenarios.
- Proactively monitors and analyzes the security systems infrastructure and logs. Performs regular capacity planning and performance tuning/configuration management. Recommends improvements to provide better confidentiality, integrity, and availability of systems.
- Performs periodic and as-needed security risk analyses, tracks gaps, and makes recommendations for mitigation to ensure compliance with regulatory requirements and industry best-practices. Conducts vulnerability audits and assessments ensuring that results are tracked, reported, and mitigated.
- Participates in security group meetings, including scheduling, managing discussion topics, actions items, and follow-up.
- Creates communication materials and training for IS personnel and end-users, including security awareness posters, corporate orientation materials, intranet articles, in-person classes, and annual training.
- Conducts research on new enterprise security solutions, services, and standards, evaluating them for their applicability to the department and organization and makes recommendations for adoption.
- Works with manager to recommend, coordinate, test, and implement key process improvements as they relate to any new or existing equipment, hardware, or software.
- Ensures maintenance of security infrastructure documentation and technical specifications on all security-related systems and processes.
- Provides reports for senior IS management as required for presentation to organizational leadership.
- May have duties related to Epic Security that include attendance at governance committee meetings and the Security Advisory Board. Designs the access and identity management maintenance program. Coordinates and facilitates significant user and/or Provider security modifications and additions.
- Education: Bachelor’s Degree in Information Assurance, Cybersecurity or Information Technology. Four years’ experience in security design, maintenance and implementation may be substituted for the required education.
- Required Experience:
- With a relevant Bachelor’s degree, 2 years of experience as a Security Analyst, Systems Analyst, and/or Systems Engineer, and securing web-based environments.
- With an Associate’s Degree, 4 years of experience as a Security Analyst, Systems Analyst, and/or Systems Engineer, and securing web-based environments.
- With a high school diploma/GED, 6 years of experience as a Security Analyst, Systems Analyst, and/or Systems Engineer, and securing web-based environments.
- Preferred Experience:
- Two years’ experience in a Security Analyst role in a healthcare environment preferred.
- Experience working in a highly regulated environment with Health Insurance Portability and Accountability Act (HIPAA) and/or Criminal Justice Information Service (CJIS) governance preferred.
- Professional Licenses/Certificates/Registration: Epic certification may be required if overseeing the Epic application. IT Security Implementation/Investigation related certifications such as CISSP or GSE highly preferred.
- Knowledge/Skills/Abilities Required or Preferred: Knowledge of industry trends in security in a corporate environment. Knowledge of security fundamentals related to networking environments. Knowledge of proper security event investigative protocol. Knowledge of security governance concepts and practices and their applications inside an organization. Knowledge of Microsoft Windows Active Directory and Unix server environments. Knowledge of disaster recovery best practices. Effective project management capability throughout the project lifecycle of planning, organizing, managing, and finalizing outcomes. Ability to prioritize and execute tasks in a fast paced environment. Ability to analyze and conduct in-depth research into IS related security events for root-cause analysis. Strong listening and verbal communication and interpersonal skills. Ability to work in a team-oriented, collaborative environment. Intermediate proficiency with a variety of computer programs including Microsoft Outlook, Word, Excel and PowerPoint.
We serve more than 181,000 patients across 25 medical clinics, 14 dental clinics, 10 pharmacies, and 64 program sites in two states. We are Level 3 Certified as a Patient-Centered Medical Home (PCMH). With integrated services including medical, dental, pharmacy, orthodontia, primary care nutritional counseling, autism screening, and primary care behavioral health, YVFWC’s patient-centered model of care offers patients the full spectrum of care and shelter assistance, energy assistance, weatherization, HIV and AIDS counseling and testing, home visits, and four mobile medical/dental clinics.
Working at YVFWC
Working in our organization means being the passionate champion for those who have no voice. It means having the opportunity to work with underserved populations and with peers committed to the same work.
At Farm Workers Clinic
- We will consistently trust one another to work for the common good.
- We will foster integrity by demonstrating ethical behavior and insisting on doing what we say we will do.
- We will demonstrate transparency by being candid and truthful no matter the risk.
- We will create partnerships to strengthen ourselves and our community.
- We will fight for just treatment for all individuals.
- We will let joy in.
- We have the courage to be an agent of change and refuse anything short of excellence.
Our mission celebrates diversity. We are committed to equal opportunity employment