Information Security Administrator

INFORMATION SECURITY ADMINISTRATOR

Position Summary:

Under the general direction of the IT Manager (Infrastructure, Security and Service Desk) and MedCost Security Official, the Information Security Administrator role requires a broad range of implementation and analytical skills to assess, diagnose and remediate security events. This individual will be responsible for proactively monitoring systems for threats, vulnerabilities, and trend analysis. This position is responsible for managing the organization’s information security tools and technologies including but not limited to access control, network monitoring, intrusion prevention, threat/vulnerability, unauthenticated access, data loss prevention and antivirus/malware. This candidate will also work collaboratively and consult with other IT teams to maintain a strong security posture, such as networking/infrastructure, developers, and other IT departments. This candidate should have background knowledge of network infrastructure, security operations, incident management experience and will be capable of multi-tasking between multiple projects and tactical initiatives.

The Information Security Administrator will also be responsible for providing guidance, input and oversight to security awareness, governance, and departmental disciplines in adherence to security policies. This individual will work closely with the Information Security Engineer, IT Services, Compliance, and other business leaders to select and deploy technical controls necessary to support HIPAA and NIST compliance. The Information Security Administrator role is accountable for contributing to security awareness through effective communication, incident management and change control.

Position Responsibilities:

• Monitor, maintain, and analyze security alert and requests necessary to mitigate cybersecurity threats and vulnerabilities and collaborate with the Information Security Engineer for remediation instruction. The analysis of the output of these requests should include proactive measures/tasks to maintain the overall security posture of the organization.
• Upgrade, optimize and implement key information security technologies, such as access control, network monitoring, intrusion prevention, threat/vulnerability, unauthenticated access, data loss prevention and antivirus/malware. The analysis of the output of these tools should include proactive measures/tasks to maintain the overall security posture of the organization.
• Document processes, procedures and incident reports based on security incidents and events. Adherence to incident management and change control are essential components.
• Planning, meetings, and collaboration discussions with other departments within the organization.
• Administrative tasks specific to forms, spreadsheets, calendaring, time entry and structured efficiencies.
• Ability to adhere to technical system controls by processes and technologies against NIST framework
• Ability to quickly respond to network and host-based security events.
• Coordinates with third parties regarding software upgrades, releases, and information management.
• Analyze reporting, incidents, and adherence to security controls. Ability to prepare and present information to effectively communicate information security posture improvement opportunities to leadership.
• Organize meetings, governance, and security awareness opportunities through creative, yet effective means of communication.
• Applies system analysis techniques and procedures to reinforce secure, automated solutions.
• Keeps management abreast of the state of applications and key systems through the use of automated reports and monitoring solutions.
• Provides on-call support after normal working hours to address security events.
• At times, to meet business needs, are required to work beyond 40 hours per week and on an on-call rotating basis.
  
  
  

Please note this job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee for this job. Duties, responsibilities, and activities may change at any time with or without notice.

Position Qualifications:

Required:

• 2-year college degree or equivalent IT experience
• Security+, CySA+, SSCP, CCNA Cyber Ops or equivalent security certification
  
  
  

Preferred:

• 5+ years of IT experience with 3+ years of Information Security
  
  
  

Skills, Knowledge, And Abilities

• Excellent organizational skills
• Excellent communication skills, verbal and written
• Ability to handle multiple tasks with varying priorities
• Ability to work with other MedCost departments in an effective and congenial manner
• Ability to prioritize and demonstrate attention to detail
• Ability to work independently while recognizing the importance of teamwork
• Familiarity with Information Security frameworks, such as NIST, HIPAA, HITRUST, PCI/DSS, ISO, SSAE, or others strongly preferred.
• Awareness of security projects, including defining requirements and developing project plans for review
• Knowledge of SIEM principles, vulnerability management expectations, firewalls, endpoint protection strategies, and similar technologies (Palo Alto Networks, IBM QRadar, Cortex XDR is a plus).
  
  
  

MedCost provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws. This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training.

MedCost participates in the Electronic Verification system (E-Verify) to electronically verify the work authorization of newly-hired employees. E-Verify is an internet-based program that compares information from an employee's Form I-9 to data contained in the federal records of the Social Security Administration and the Department of Homeland Security to confirm employment eligibility. MedCost does not use E-Verify to pre-screen job applicants.