Information Services Security Analyst

Works with the Information Services (IS) Security Manager to ensure that security requirements are in place to protect the organization’s mission and business processes. Responsible for day-to-day operations, monitoring, and maintenance of in-place security solutions.

Manages detected security related events or audits as required. Ensures compliance with the organization’s security goals and regulatory obligations. Participates in the design of the security strategy and plan.

• Operates, monitors, and maintains security controls and solutions including ensuring proper configuration to allow maximum protection while maintaining user availability of appropriate resources.
• Serves as the Subject Matter Expert (SME) for security best practices and associated regulatory requirements and assists Network and Systems Engineers in designing architecture to ensure proper protections are in place.
• Performs the identification, investigation, and resolution of security-related events including audits and potential breaches. Ensures that proper investigative protocol is followed to ensure evidence integrity and legal permissibility. Ensures proper root-cause analysis and future mitigation is completed.
• Creates and maintains security policies, standards, guidelines and procedures incorporating industry best-practices.
• Maintains a security program that aligns with department and organizational strategic goals and incorporates the enterprise risk framework.
• Maintains the IS Business Contingency/Disaster Recovery plan under direction of manager. Participates in the security, risk, and disaster recovery procedure testing including table-top discussions, live tests, and event scenarios.
• Proactively monitors and analyzes the security systems infrastructure and logs. Performs regular capacity planning and performance tuning/configuration management. Recommends improvements to provide better confidentiality, integrity, and availability of systems.
• Performs periodic and as-needed security risk analyses, tracks gaps, and makes recommendations for mitigation to ensure compliance with regulatory requirements and industry best-practices. Conducts vulnerability audits and assessments ensuring that results are tracked, reported, and mitigated.
• Participates in security group meetings, including scheduling, managing discussion topics, actions items, and follow-up.
• Creates communication materials and training for IS personnel and end-users, including security awareness posters, corporate orientation materials, intranet articles, in-person classes, and annual training.
• Conducts research on new enterprise security solutions, services, and standards, evaluating them for their applicability to the department and organization and makes recommendations for adoption.
• Works with manager to recommend, coordinate, test, and implement key process improvements as they relate to any new or existing equipment, hardware, or software.
• Ensures maintenance of security infrastructure documentation and technical specifications on all security-related systems and processes.
• Provides reports for senior IS management as required for presentation to organizational leadership.
• May have duties related to Epic Security that include attendance at governance committee meetings and the Security Advisory Board. Designs the access and identity management maintenance program. Coordinates and facilitates significant user and/or Provider security modifications and additions.
• May require periodic travel by automobile to various YVFWC sites located across our service regions (Washington and Oregon) to engage with business partners and provide IS support as needed.