The IT Security Analyst develops and implements a comprehensive information security programs including defining security policies, processes and standards. They perform audit assessments and define processes and standards to ensure that security configurations are maintained and comply with Payment Card Industry Data Security Standard (PCI DSS), HITRUST, and controls/requirements outlined in other security framework/standards.

• Serves as a liaison with IT and business area partners to identify, understand, document and advise on security requirements, impacts and risks.
• Analyze HITRUST and PCI DSS requirements, evaluate controls already in place, and work with appropriate resources to adjust or implement controls.
• Support PCI Program and Governance initiatives/activities.
• Monitor and test security controls, and work with appropriate owners to implement corrective measures to address gaps in compliance or reduce risk.
• Develops and maintains documentation for security systems, procedures and security diagrams.
• Analyzes, proposes and implements solutions concerning residual risk, vulnerabilities and other security exposures.
• Enhance Governance, Risk, and Compliance processes including improving and facilitating exception governance and risk assessment/management activities.
• Participates on IT projects to ensure that security issues are addressed throughout the project life cycle.
• Participates in initiatives to identify, select and implement technical controls.
• Develops information security processes, policies and procedures. Advises on service level agreements and works to ensure that security controls are managed and maintained.
• Researches, evaluates and recommends information security related hardware and software including development of businesses cases for securityinvestments.
• Serves as a liaison and lead on audit-related initiatives managing relationships, collection of data, progression tracking, assessment and remedialactivities.
• Assists and supports the development of security architecture.
• Other duties as assigned

Requirements:

Required:

• 6 or more years of work experience in IT Security or equivalent combination of transferrable experience and education.
• Bachelor’s degree in an IT related field or equivalent work experience
• Knowledge of information security principles, including risk assessment and management, threat and vulnerability management, incident response and identity and access management
• Experience with, and knowledge of, security frameworks and standards including the PCI DSS and HITRUST CSF.
• Knowledge of network infrastructure including routers, switches, firewalls and associated network protocols and concepts.
• Strong technical knowledge of current systems, software, protocols and standards. (including TCP/IP and network administration/protocols).
• Experience developing, documenting and maintaining security procedures.
• In-depth knowledge of operating systems and security applications, as well as a working knowledge of basic network protocols and tools.
• Proven leadership abilities including effective knowledge sharing, conflict resolution, facilitation of open discussions, fairness and displaying appropriate levels of assertiveness.
• Proven ability to work under stress in emergencies with flexibility to handle multiple high-pressure situations simultaneously.
• Ability to communicate highly complex technical information clearly and articulately for all levels and audiences.
• Ability to manage tasks independently and take ownership of responsibilities
• Ability to learn from mistakes and apply constructive feedback to improve performance
• Strong customer focus with ability to manage customer expectations and experience and build long-term relationships.
• Strong team-oriented interpersonal skills with the ability to interface with a broad range of people and roles including vendors and IT business personnel.
• Ability to adapt to a rapidly changing environment
• High critical thinking skills to evaluate alternatives and present solutions that are consistent with business objectives and strategy.

Preferred: