Job Closed
This listing is no longer active.
Better Data & Client Management For Whole Person Care
Senior Cybersecurity Analyst
Location
United States
Posted
113 days ago
Salary
$90K - $125K / year
Seniority
Senior
Job Description
Senior Cybersecurity Analyst
CaseWorthy, Inc.
• Conduct regular security assessments and audits of systems and networks to identify vulnerabilities and risks. • Monitor and analyze security threats and incidents and provide recommendations for remediation. • Assist with the implementation of internal controls to maintain compliance with regulatory and statutory security frameworks (e.g., NIST, SOC 2, HITRUST). • Collaborate with other IT teams to ensure security is integrated into all aspects of the company's technology infrastructure. • Develop and implement security policies and procedures. • Participate in incident response and disaster recovery planning. • Stay up to date with the latest security threats, trends, and technologies, and make recommendations to improve our security posture. • Research/evaluate emerging cyber security threats and ways to manage them. • Plan for disaster recovery and create contingency plans in the event of any security breaches. • Test and evaluate security products. • Design new security systems or upgrade existing ones. • Use advanced analytic tools to determine emerging threat patterns and vulnerabilities. • Engage in 'ethical hacking', for example, simulating security breaches. • Identify potential weaknesses and implement measures, such as firewalls and encryption. • Monitor identity and access management, including monitoring for abuse of permissions by authorized system users. • Consult with stakeholders in relation to cyber security issues and provide future recommendations. • Generate reports for both technical and non-technical staff and stakeholders. • Maintain an information security risk register and assist with internal and external audits relating to information security. • Assist with the creation, maintenance, and delivery of cyber security awareness training for colleagues. • Performs other related duties as assigned.
Job Requirements
- Strong teamwork skills in order to collaborate with team members and clients.
- Solid understanding of Internet fundamentals (DNS, TCP/IP, HTTP) preferred.
- Knowledge of cloud-based systems, particularly Microsoft Azure.
- Strong knowledge of security frameworks such as NIST, SOC 2, and HITRUST.
- Ability to use strategic and critical thinking to approach problems and create solutions.
- A passion for cyber security and a keen interest in IT.
- Analytical and problem-solving skills to identify and assess risks, threats, patterns, and trends.
- 4-year degree or equivalent experience/skills and practical, relevant work experience.
- Professional certification(s), e.g., Security+, CISSP, SSCP, etc. preferred.
- Excellent IT skills, including knowledge of computer networks, operating systems, software, hardware, and security.
- An understanding of the cyber security risks associated with various technologies and ways to manage them.
- A good working knowledge of various security technologies such as network and application firewalls, host intrusion prevention and anti-virus.
- An ability to work under pressure, particularly when dealing with cyber threats and at times of high demand.
- Verbal communication skills, including presentation skills, with an ability to communicate with a range of technical and non-technical team members and other relevant individuals.
- Written communication skills (example – the ability to write technical reports).
- Time-management and organizational skills to manage a variety of tasks and meet deadlines.
- The ability to multi-task and prioritize your workload.
- Excellent attention to detail.
- Familiarity with and some ability to code preferred.
Related Guides
Related Categories
Related Job Pages
More Security Analyst Jobs
Information Security Analyst – Intermediate
Highmark HealthCreating remarkable health experiences, freeing people to be their best.
• Move beyond traditional CVSS-based patching to prioritize actionable resolutions • Serve as a detective for the attack surface, correlating data to identify critical assets • Perform rapid risk assessments of newly acquired infrastructure • Support the end-to-end remediation pipeline within ServiceNow SecOps • Proactively manage the team's RAID Log and escalate blockers • Act as a bridge between Security and IT Operations to prioritize security tasks • Monitor the efficacy of scanning agents to ensure visibility across environments
Case Manager, Threat Assessment and Management
Crisis24Crisis24 is a global, AI-enhanced provider of travel risk management, mass communications, critical event management, crisis-security consulting, personal protection solutions and global medical concierge capabilities. We operate at the intersection of precision, discretion, and elite readiness. Delivering world-class security solutions to high-profile clients, executives, and organizations across the globe. Our Threat Assessment and Management Division provides consultation and training. We deliver our services with discretion and care, allowing our clients to make informed decisions with confidence.
This description is a summary of our understanding of the job description. Click on 'Apply' button to find out more. Role Description This role involves assessing and managing threat assessment cases with the oversight of a senior leader on complex cases. - Assess and manage threat assessment cases (i.e., executive/public figure pursuit, workplace violence, domestic violence). - Analyze investigative and OSINT findings in the development of management plans. - Write reports and communicate with Executive Protection teams and clients on inappropriate communications and threats directed to public figures and C-suite executives. - Assist in training Analysts and approving Analyst reports. - Conduct threat assessment trainings for clients on threat assessment topics. - This role requires after-hours on-call availability, including nights, weekends, and holidays as needed. - While a fully remote position in the U.S., the position may require up to 10 percent travel. Qualifications - 5+ years of experience in the threat assessment field. - Bachelor’s degree in a related field, such as Psychology or Criminal Justice, preferred. - Strong writing and communication skills. - Ability to multi-task with little supervision in a fast-paced environment required. - Ability to work independently and as a member of a team required. - Previous experience conducting OSINT or overseeing OSINT analysts a plus. - Previous experience working at (or consulting to) a corporation in threat assessment, OSINT, investigations, etc. and/or working with Executive Protection teams a plus. Requirements - Integrity and unwavering discretion on confidential issues. - Curiosity with excellent writing and communication skills. - Comfortable with different challenges and working on urgent projects in a fast-paced environment. - Detail-oriented and driven to deliver the best product to clients in a timely manner. - Excel at delivering written and verbal reports to clients and enjoy training and mentoring staff. Company Description Crisis24 is a global, AI-enhanced provider of travel risk management, mass communications, critical event management, crisis-security consulting, personal protection solutions and global medical concierge capabilities. - We operate at the intersection of precision, discretion, and elite readiness. - Delivering world-class security solutions to high-profile clients, executives, and organizations across the globe. - Our Threat Assessment and Management Division provides consultation and training. - We deliver our services with discretion and care, allowing our clients to make informed decisions with confidence.
Information Security Risk Specialist
SupportYourAppSupportYourApp is an industry leader in premium outsourced customer support that provides tech companies with reliable, cost-effective services. A multinational
Role Description Ми шукаємо Information Security Risk Specialist, який прагне застосувати свої знання з інформаційної безпеки, отримати досвід роботи у міжнародній IT-компанії, взаємодіяти з командою та партнерами з усього світу, а також брати участь у цікавих та складних проектах у сфері інформаційної безпеки разом з нашою Security командою. З нами ти зможеш займатися: - Управлінням ризиків постачальників: - Проведення перевірок безпеки постачальників; - Пошук та збір інформації з відкритих джерел (OSINT); - Ведення та актуалізація реєстрів оцінки ризиків. - Комунікацією: - Опрацювання запитів від інших підрозділів та клієнтів; - Участь у заповненні та обробці клієнтських анкет з інформаційної безпеки відповідно до міжнародних стандартів (ISO 27001, SOC 2, NIST); - Залучення до первинного перегляду договорів із клієнтами (DPA/MSA) для виявлення розбіжностей між внутрішніми процесами компанії та вимогами клієнтів. - Забезпеченням відповідності пристроїв вимогам інформаційної безпеки: - Моніторинг, аналіз та перевірка доказів (логи, скріншоти) для підтвердження відповідності пристроїв співробітників вимогам безпеки; - Комунікація з користувачами для усунення невідповідностей вимогам безпеки; - Ведення реєстру затверджених пристроїв. - Документацією та операційною діяльністю: - Створення та оновлення внутрішніх інструкцій, процедур і матеріалів бази знань з інформаційної безпеки. - Підвищенням обізнаності співробітників з питань інформаційної безпеки: - Участь у фішингових симуляціях; - Допомога у підготовці матеріалів та листів з інформаційної безпеки для співробітників. - Інцидентами: - Первинна обробка інцидентів безпеки: збір доказів, базове розслідування та координація комунікації між залученими сторонами. Qualifications - Розуміння принципів інформаційної безпеки (Confidentiality, Integrity, Availability); - Розуміння вимог найбільш поширених стандартів інформаційної безпеки та законодавства у сфері безпеки й захисту персональних даних; - Аналітичне мислення та здатність працювати з документацією, даними та інцидентами безпеки; - Розвинені soft skills: комунікаційні навички, грамотна комунікація, уважність до деталей і точність, самоорганізація та вміння працювати з дедлайнами; - Рівень англійської мови B1–B2. Benefits - Надання послуг у бізнес-години; - Унікальні артпростори в Києві на ст. м. Васильківська або можливість співпраці у віддаленому форматі; - Комунікація, заснована на довірі, та відсутність трекерів активності; - Гармонія між проєктною завантаженістю та особистим часом, а також – внутрішня медична політика; - Креативна спільнота і культура, орієнтована на людей та взаємний фідбек; - Привабливі винагороди за запрошення друзів; - Конкурентна компенсація в USD; - Оплачуваний онбординг і доступ до корпоративної бібліотеки.
Role Description Serve as a liaison between the CISO’s strategic initiatives and the IT operational teams. Translate business IT risk requirements into technical control specifications. Develop risk metrics for performance measurement and reporting. Coordinate enterprise-level security and risk management efforts. Act as a subject matter expert (SME) on information security and regulatory compliance. Key Responsibilities - Security & Risk Management - Maintain and enforce the enterprise information security and risk management framework. - Conduct risk analysis and develop mitigation strategies. - Monitor and assess the enterprise threat landscape. - Provide realistic risk reporting to the CISO and leadership teams. - Track and document internal risk reviews, assessments, and exceptions using a GRC tool. - Governance & Compliance - Document and maintain risk governance methodologies, policies, and procedures. - Ensure compliance with: - HIPAA - Joint Commission - DSRIP - COBIT - State privacy laws - Conduct and support internal and external audits (operational, compliance, reputational, security). - Serve as SME for EMR and PHI-related security risks. - Risk Assessments & Gap Analysis - Perform enterprise security risk assessments and gap analyses for new technologies and products. - Develop and manage risk remediation plans and work plans. - Identify information asset owners for data classification initiatives. - Support risk exception and risk acceptance documentation processes. - Technical & Cross-Functional Collaboration - Partner with enterprise architecture teams to align business, technical, and security requirements. - Collaborate with security engineering teams to implement security controls. - Facilitate meetings between stakeholders and IT teams. - Provide written and verbal reports to leadership and committees (including Operational Risk Committee). Qualifications - Experience - Minimum 7 years of IT experience. - At least 5 years in IT Security Risk Management / Risk Audit / Data Privacy Investigation. - Minimum 2 years in a supervisory capacity. - Healthcare Industry Expertise (Required) - Strong understanding of EMR systems. - PHI data privacy. - Healthcare regulatory environment. - Experience with HIPAA, Joint Commission, CMS regulations. - GRC & Security Framework Knowledge - Hands-on experience with GRC tools (ServiceNow, Archer, MetricStream preferred). - Working knowledge of: - NIST CSF - HITECH - ISO 27001/27002 - PCI DSS - COBIT - Technical Skills - Experience reviewing IT solution requirements and implementing security controls. - Strong analytical and risk assessment skills. - Ability to design compensating controls for security vulnerabilities. - Ability to assess business impact of security tools and policies. Education & Certifications - Bachelor’s degree in Information Systems or related field. - Preferred Certifications: - CISSP - CISA - CRISC - Other relevant security certifications. Preferred Soft Skills - High integrity and ability to work independently. - Strong communication and reporting skills. - Ability to work in fast-moving environments. - Experience participating in special projects. - Ability to support various locations and flexible shifts if required.
