IT Security Analyst

American College of Radiology
Reston, VA
Jan 18, 2022
Jan 22, 2022
Full Time
American College of Radiology (ACR) is a progressive membership organization representing nearly 40,000 medical specialists in radiological care. As a member of our team, you will join a world leader in patient-centered care advocacy, policy and clinical research, quality and safety. Our culture encourages innovation, diversity, integrity and leadership. A nonprofit 501(c)(3), ACR (the American College of Radiology) has over 500 purpose-driven employees in the Greater Washington, DC and Philadelphia region.If you share our core values of: Leadership * Integrity * Quality * Innovation, we want you on our team!The security analyst will be responsible for analyzing existing work processes and make recommendations on improvements for the organization. The security analyst will build incident investigation workflows for the different types of security incidents / scenarios. The security analyst needs to be curious, be a creative thinker and highly interested in the latest security developments. They must also be analytical, detailed-oriented, innovative and a problem-solver. The security analysts must be able to continually adapt to stay a step ahead of cyber attackers by staying ahead of cybersecurity trends. The security analyst will work with the rest of the security team to implement countermeasures based on incident investigation findings and research done.The security analyst should be able to explain the root cause of an incident or a breach from start to end and make the appropriate recommendations for improvements. The security analyst should be able to document a security incident/breach and the damage it caused. They should also become familiar with industry standards and regulations including PCI, HIPAA, GCP, HITRUST, and ISO27001.Duties & Responsibilities:Anticipates security threats that generate alerts, incidents and disasters and recommends controls to reduce their likelihoodAnalyzes incidents and security breaches to determine root causesPrepares reports that document security incidents and breaches and the extent of the damage caused by the breachesRecommends appropriate security tools and countermeasuresCreates & maintains Incident Response Playbooks and Runbooks for the different type of security incidents / scenariosPerforms anomaly detection and threat hunting to identify suspicious/anomalous activity that will require further detailed investigation to mitigate possible risksMaintains security monitoring systems and monitors security accessAssists managing network, intrusion detection & prevention systems, making recommendations for improvementsAssists training fellow employees in security awareness and proceduresInvestigates improper access; recommending revocation of access; reports violations; monitors information requests; recommends improvementsAssists establishing system controls, implementing control frameworks, and evaluating levels of access; recommends improvementsAssists establishing plans and protocols to protect digital files and information systems against unauthorized access, modification and/or destructionProduces metrics reporting the state of the security of the organization by means of the performance of security incident response & threat detectionKeeps constantly updating job knowledge by participating in educational opportunities; reading professional publications; maintaining personal networks; participating in professional organizationsResearches security enhancements and make recommendations to management and Sr. Security StaffAssists in managing annual penetration testing services, including both expert consulting and managed servicesRequirements:1 - 3 years' experience in a related field (systems engineer, network engineer, systems analyst, systems administrator, etc.), with a Degree in an IT / IT Security.2 - 5 years' experience in a related field (systems engineer, network engineer, systems analyst, systems administrator, etc.), without an IT / IT Security DegreeIT Security certification(s) a plus~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~ACR offers a rewarding employee experience: innovative culture, professional growth potential, competitive compensation and an exceptional benefits package, including a defined contribution pension plan, 403(b); generous paid time off package; insurance plans with the leading providers; flexible spending; tuition reimbursement; training opportunities; and wellness reimbursement.To learn more about ACR's rewarding employee experience, culture, and benefits, visit Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities The contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor's legal duty to furnish information. 41 CFR 60-1.35(c)