Information Security Analyst, Asimily/PCI - Brentwood, United States - Ardent Corporate

Description

Ardent Health Services is a leading provider of healthcare in communities across the country. Through its subsidiaries, Ardent owns and operates nearly 200 sites of care and 30 hospitals across six states. Together, our 24,000 employees and 1,200 employed providers touch more than 10,000 lives each day. With six Ardent entities earning recognition on Modern Healthcare's Best Places to Work list in 2022, Ardent and its facilities continue to earn recognition for outstanding workplace cultures where team members feel a sense of belonging and have opportunities to grow their careers. Ardent has also been recognized by Comparably's Best Places to Work Awards, earning honors in the Best CEO, Best Company for Women, Best Leadership Teams and Best Work Life Balance categories among others.

POSITION SUMMARY

The goal of an Information Security Analyst, Asimily/PCI is to identify, schedule, administer and perform assigned technical Information Security analyses functions, ensuring all applicable Information security requirements are met. This role will assist other members of the Ardent Information Security Operations team and key corporate/partner/business units in support of the AHS Company Mission and strategic business initiatives.

• Assist building the IOT security program.
• Manage IOT security software and work with other teams to enhance device security.
• Performs vulnerability scanning of PCI environment and works with others to remediate vulnerabilities timely.
• Assessing security configurations on personal computers, mid-range systems and enterprise networks.
• Monitor/analyze system and network activity, transactions and anomalies to ensure compliance with applicable laws, regulations, and industry standards, such as SOC 2, GDPR, HIPAA, PCI-DSS, and NIST.
• Review user access levels to ensure compliance and access justification.
• Participate in red/blue team activities.
• Routinely and proactively test information systems to perform risk or threat assessment and analysis.
• Assisting with interface interactions with departments, vendors, and extranet partners.
• Works with other business units, partners and customers to maintain secure methods of data management.
• Assist in designing secure internal trust domains, web access zones, B2B, B2C, third-party connections and remote access technology.
• Assist technology group in implementing threat detection solutions to include intrusion detection systems, malicious code and program monitoring, unauthorized technology identification, and log activity monitoring.
• Assess vulnerability detection solutions to include compliance testing, vulnerability scanning (including attack and penetration studies), and business and disaster recovery solutions.

Education and Experience:

• Associates degree or equivalent technical training/experience.
• Reputable security certifications (Security +, GSEC, CAP, OWASP, HCISSP or CISA) preferred.
• Advanced certifications (CISSP, CISSP w/specialization, SSCP, GIAC, CISM) preferred.
• Experience with IOT device security products and working knowledge of IOT devices.
• Experienced in assessing and/or administering intrusion detection/prevention.
• ITIL familiarization or experience - managing incidents, requests, and changes.

Knowledge, Skills and Abilities:

• Knowledge of PCI Compliance and monitoring tools.
• Working knowledge of general computing concepts (OSI reference model, multi-tiered application architecture, operating systems, etc.).
• Understanding of the technical components of a network infrastructure/architecture and their interactions (routing, switching, WLAN, LDAP, etc.).
  • General knowledge of related third-party software products (firewalls, intrusion detection systems, filtering routers, VPNs, security scanners).
  • Knowledge of network authentication services.
  • Knowledge of static and dynamic routing protocols.
  • Knowledge of LAN and WAN packet analyzers.
  • Knowledge of DNS, DHCP, WINS and HSRP.
  • Knowledge of Ethernet and virtual local area networks.
  • Knowledge of secure virtual private networking.
  • Knowledge of common networking protocols and services and their relevant security issues (TCP/IP, DNS, SNMP, SMTP, etc.).
• Must have good communication skills: both oral and written.
• Must display the ability to be a team player and work cohesively with Ardent employees throughout all organizational levels.
• Must be willing to travel occasionally.
• Must be willing to respond to security issues 24x7.