Overview:
Our team members are the heart of what makes us better.
At Hackensack Meridian Health we help our patients live better, healthier lives and we help one another to succeed. With a culture rooted in connection and collaboration, our employees are team members. Here, competitive benefits are just the beginning. Its also about how we support one another and how we show up for our community.
Together, we keep getting better - advancing our mission to transform healthcare and serve as a leader of positive change.
The Cybersecurity Analyst III, Security Operations (Sec Ops) is responsible for maintaining the security and integrity of Hackensack Meridian Health (HMH) data, leveraging an in-depth understanding of cybersecurity threats, technologies, and countermeasures to ensure secure computer systems. Knowledge and experience with cybersecurity issues across all platforms and across all business units to include networking, applications, identity and access management, operating systems, cloud services, email gateway, privileged access management, vulnerability management, database security, data loss prevention, endpoint security and software development. Assists in safeguarding information system assets, data and all cybersecurity risks. Assists in researching cybersecurity controls, vulnerabilities, enterprise and cloud risks, and develops effective strategies and control measures to mitigate all cybersecurity risks. Assists in reducing cybersecurity threats by examining infrastructure, devices, processes, procedures and identifying security flaws, threat vectors, and using control analysis to follow up with a prompt solution. This is a mid-level technology-oriented position protecting the confidentiality, integrity, and availability of information systems and data of employees, partners, and patients.
This is mostly a remote position and you will need to come into the Edison, NJ office 2-4 times a year, unless there is a a reason for the team members to be onsite (DTS event, troubleshooting event/incident, etc.).
Responsibilities:
A day in the life of a Cybersecurity Analyst III, Security Operations (Sec Ops) at Hackensack Meridian Health includes:
- Demonstrate an in-depth understanding of business processes and risk management in areas such as cybersecurity, cloud security, cloud governance and compliance, DevOps, cloud data protection, cloud monitoring and incident response, enterprise security architecture, and technology risk management, and others.
- Oversee planning, design, implementation, testing, and operation of cybersecurity tools, processes, and systems.
- Identify and evaluate complex business and technology risks and remediation methods to mitigate risks.
- Advanced knowledge of cybersecurity architecture technology solutions such as firewalls, intrusion prevention systems, Security Information and Event Management (SIEM), vulnerability scanning and management, anti-virus management, certificate management, and data loss prevention (DLP).
- Responsible for executing processes within all activities within the cybersecurity incident response lifecycle. These activities include detection, triage, analysis, containment, recovery, and reporting.
- Remediate cybersecurity risks and exposures, assists in determining the causes of cybersecurity violations.
- Keep abreast of emerging threats, patterns, and trends in healthcare cybersecurity, privacy, and compliance.
- Advanced skills and hands-on experience in the cybersecurity domains as defined by the NIST Cyber Security Framework (CSF).
- Administer cybersecurity software or systems to prevent attacks, monitor and audit systems and protect against network breaches.
- Manage relationships with management and vendors to develop and implement new solutions to meet business requirements. Assist in reviewing proposed new systems, networks, and software designs for potential cybersecurity risks; implement mitigation or countermeasures and resolve integration issues related to the implementation of new systems within the existing infrastructure.
- Monitor cybersecurity trends, standards, and practices to assist in identifying areas that lack the appropriate cybersecurity controls and make the necessary recommendations.
- Install, implement, administer, monitor, and maintain cybersecurity architecture technology solutions with limited supervision.
- Monitor network, systems, and logs for events that could negatively impact the confidentiality, integrity, or availability of HMH systems and data. Investigate and respond to all potential incidents in accordance with prescribed procedures.
- Research, evaluate and recommend cybersecurity related hardware and software to maintain a strong cybersecurity posture, including developing business cases for cybersecurity investments.
- Other duties and/or projects as assigned.
- Adheres to HMH Organizational competencies and standards of behavior.
Qualifications:
Education, Knowledge, Skills and Abilities Required:
- Bachelor's degree in IT, Computer Science, Management Information Systems, or equivalent degree. Work experience may be substituted.
- Minimum of 7 years of general IT experience with at least 5 years of that experience in cybersecurity.
- Minimum of 5 years experience in an environment that has adopted a common security framework.
- Experience with cybersecurity tools such IPS, SIEM, Web Secure Gateway, Email Gateway, DLP, Firewalls (network and application), Malware Protection, MDM, Forensic Tools, etc.
- Demonstrated experience translating technical concepts into business and capability terminology.
- Exceptional collaboration ability; experience as an intermediate-level negotiator.
- Experience to interact effectively with organizational senior leadership.
- Demonstrated effective verbal and written communication and presentation skills.
- Ability to travel to other HMH locations as needed.
- Excellent written and verbal communication skills.
- Proficient computer skills that may include but are not limited to Microsoft Office and/or Google Suite platforms.
Education, Knowledge, Skills and Abilities Preferred:
- Proficient understanding of regulatory and compliance mandates, including but not limited to HIPAA, HITECH, and PCI.
- Strong knowledge of healthcare environments.
- In-depth understanding of cybersecurity practices for the network, servers, databases, applications, and advanced use of cybersecurity assessment techniques.
- Broad understanding of Public Key Infrastructure (PKI), encryption, network security controls tools and functionalities.
Licenses and Certifications Required:
- Certified in at least one of the following at hire or must obtain within 1 year of hire: a. Certified Information Systems Security Professional (CISSP) b. Certified Information Systems Auditor (CISA) c. Certified Security+ | CompTIA d. Global Information Assurance Certification (GIAC) e. Or other related cybersecurity
Certification Licenses and Certifications Preferred:
- Certified in at least one of the following: a. Risk and Information Systems Control (CRISC) b. Governance of Enterprise IT (CGEIT) c. Or related IT certification