Senior IT Security Analyst will be responsible for enhancing and maintaining the company-wide Security Awareness program. The candidate must have strong communication skills and the ability to explain cyber threat concepts in simple, presentable terms to M Health Fairviews diverse audiences. We are looking for a creative individual who is highly motivated, energetic, has a take-charge leadership attitude and able to build strong relationships with various stakeholders across the enterprise. The successful candidate will possess an understanding of security principles, frameworks, company policies, and the risk and compliance needs of M Health Fairview. Operational duties include enhancing and delivering a first-class security awareness program by improving user awareness on current cyber threats, create awareness training and measuring training progress through phishing campaigns.
Enhance and maintain the security awareness program, including phishing campaigns, training, and other initiatives associated to the overall program
Identify security awareness training opportunities through analysis and phishing campaigns
Create metrics and dashboards for Senior Leadership
Enhance and maintain the cybersecurity training site and its content, including relevant training material related to current cybersecurity events
Maintain and administer Security Awareness tools
Development and assist in the development of training policies and protocol for cybersecurity
Develop organizational understanding of security policies, standards, risk enumeration techniques, and cybersecurity frameworks
Perform analysis to validate established security requirements and to recommend additional security requirements and safeguards
Define and document processes and enhance existing processes partnering with business and IT teams
Assist in defining security policies and standards and train/educate/measure security awareness and mentor junior Security Awareness Analyst on their activities
Basic understanding of various domains of security including authentication, authorization, network security, data, system device and Operating Systems, coding principles, development methodologies, web/mobile applications, use of public and private networks, devices and applications hosted in public/private/hybrid cloud environments
Experience in one or more areas of IT Risk assessments, risk management, regulatory compliance needs for PCI/HIPAA/SOX, Security & Risk Policies, IT & Security Governance, Disaster Recovery/Business Continuity Management, Internal Audit, Risk Matrix & IT General Controls
Lead complex projects related to information security regulatory compliance and the implementation and maintenance of all cybersecurity programs, processes and technologies. Assure the implementation of appropriate security configurations or re-configurations and work with appropriate teams to execute them as required.
Foster a culture of improvement, efficiency gains and innovative thinking. Coach and mentor team members as needed. Adapt and embrace change and demonstrate flexibility in taking up and fulfilling other duties as assigned.
Bachelors degree in Computer Science, Computer Engineering, Technology Information Systems, Engineering or related technical discipline or combination of relevant experience/education
7+ years of cumulative experience in policy, risk management, audit, compliance, governance, development and/or support of IT or Business Systems
3+ years of experience in two or more areas of managing/supporting Security policy, security standards, risk management, internal/external security audit, threat modeling, security access governance, deployment/support of Cybersecurity tools and technologies
Ability to thrive in a sense-of-urgency environment and leverage best practices
3+ years of experience executing a Security Training and Awareness program, or equivalent training or communications
Proven experience with successfully communicating technical principles to audiences of all levels
Experience with Proofpoint or other security awareness platforms
Language & Communication Skills
Ability to effectively communicate both verbally and written with all levels within the organization
Ability to explain technical concepts and adjust messaging based on the audience, including non-technical groups
Ability to influence through outstanding interpersonal skills, collaboration, and negotiation skills
Ability to work well within a team environment, as well as independently
Bachelors degree in Computer Science, Computer Engineering, Technology Information Systems, Engineering or related technical discipline
Experience developing and implementing a successful enterprise security awareness training program
Industry specificcertifications Security+, CASP, CEH, Pentest+ or equivalents, Technical certifications such as SANS GIAC, OCSP, CSAP are a plus
Together with the University of Minnesota and University of Minnesota Physicians we have created M Health Fairview. M Health Fairview is the newly expanded collaboration among the University of Minnesota, University of Minnesota Physicians, and Fairview Health Services. The healthcare system combines the best of academic and community medicine — expanding access to world-class, breakthrough care through our 10 hospitals and 60 clinics.
Fairview Health Services (fairview.org) is an award-winning, nonprofit health system providing exceptional care across the full spectrum of health care services. Fairview is one of the most comprehensive and geographically accessible systems in the state, with 10 hospitals—including an academic medical center and long-term care hospital—serving the greater Twin Cities metro area.
Its broad continuum also includes 60 primary care clinics, specialty clinics, senior living communities, retail and specialty pharmacies, pharmacy benefit management services, rehabilitation centers, counseling and home health care services, medical transportation, an integrated provider network and health insurer PreferredOne. In partnership ...with the University of Minnesota, Fairview’s 32,000 employees and 2,400 affiliated providers embrace innovation to drive a healthier future through healing, discovery and education.