Fallon Health Information Security Analyst - Growing Healthcare Organization in Worcester, Massachusetts
About Fallon Health
Founded in 1977, Fallon Health is a leading health care services organization that supports the diverse and changing needs of those we serve. In addition to offering innovative health insurance solutions and a variety of Medicaid and Medicare products, we excel in creating unique health care programs and services that provide coordinated, integrated care for seniors and individuals with complex health needs. Fallon has consistently ranked among the nation’s top health plans, and is accredited by the National Committee for Quality Assurance for its HMO, Medicare Advantage and Medicaid products. For more information, visit fallonhealth.org
The Information Security Analyst works under the guidance and direction of the Manager, Information Technology Security and Risk and is responsible for proper handling of escalated support calls related to application and database security, participating in cyber security incident response as needed, monitoring application and database access, understanding application exploitation techniques, and providing a strategy to mitigate risk while maintaining intrusion containment.
In addition, this position will be tasked with proactive vulnerability assessment, threat detection, forensic investigation support, and support of systems development and deployment with security best practices
Conduct Application Access reviews with Application owners
Prepare and formalize Access review results for testing by Internal and External auditors
Document business and IT processes, identify key controls and identify process improvements opportunities.
Extract and compile data for audit testing using standard software such as Microsoft Access, Excel, or audit software.
Review and assess systems and controls for compliance with policies and regulations, adequacy of design and execution, and security of data and access to identify weaknesses and other areas for improvement.
Communicate IT Audit results and recommendations to IT Management
Finalize audit reports, incorporating management responses.
Promote implementation of best practices to strengthen internal controls.
Tested various controls including: Application Access Controls.
Performed walk-through and detail internal IT testing of controls to determine if controls are properly designed and operating effectively.
Train Application owners in Access review responsibilities
Documented internal testing exceptions and procedural improvements.
Maintained a good working relationship with Enterprise application owners
Minimum 3 years’ experience in information security, information technology or related field
Working knowledge of information security risk remediation.
Experience in security aspects of multiple platforms, programming languages, database technology, software, and networking technology
Must be highly skilled and proficient in problem solving, with an aptitude and willingness to learn new technologies
Ability to research, review, identify and articulate the potential impact of new or revised technologies or processes on the organization's security posture
Strong written and oral communication skills
The ability to communicate effectively (clear, concise and professionally) with customers, team members and upper management
Demonstrated sound judgment and integrity
Knowledge of and experience with the NIST Cybersecurity Framework, HIPAA, and PCI-DSS
Ability to work collaboratively with a broad range of constituencies.
Associate or Bachelor’s degree in Information Technology field (dependent upon experience)
CISSP, GCIA, or CISA preferred
Job ID 5699
# Positions 1
Category Information Technology