A career at Community Health Centers offers a unique opportunity to join a team that makes a real impact in our community every day, by improving individuals' health while enhancing their quality of life.

Top Reasons to Work at Community Health Centers

• No weekends for the majority of our centers, 10 Paid Holidays and early Fridays
• A great benefits package that includes healthcare coverage, paid time off, paid holidays, retirement plan, and more.
• Competitive compensation with advancement opportunities and tuition / training reimbursement.
• Awarded "Best and Brightest Companies to Work for in the Nation" for 5 consecutive years.
• Awarded "Top 100 Workplaces for Growing Families" by Orlando Sentinel.
• Modernized and attractive health centers, that patients love.

Job Summary:

The Cybersecurity Risk Analyst accomplishes IS objectives by enforcing IS security for all systems within the Information Services domain, leads IS security related initiatives, and provides guidance during security events. The position will also participate in initiatives involving the technical evaluation of new technologies and projects across the organization, including the scope and prioritization of work assignments, paying strong attention to detail and deadlines.

The Cybersecurity Risk Analyst promotes the use of enterprise tools and development/support standards. The position also monitors change requests to ensure appropriate controls are in place and best practices are being utilized. Also core to the position is participation in management of a Security Risk Analysis Plan including identification of risks, mitigation and action plans, and reconciliation trending. Performs other duties as required.

Primary Responsibilities and Specific Duties:

• Enforcement of IS Security policy and procedure across the organization.
• Provide technical oversight and guidance of threat hunting operations, specifically around hypothesis generation and hunt execution.
• Collaborates with Information Security analysts related to alert triage and analysis.
• Operates to perform in-depth technical analysis and to provide input in coordination with the ISOT team regarding areas for investigation.
• Identify detection gaps based on the threat landscape and threat profile of CHC, considering technical footprint and capabilities both within Cloud-based and on-prem environments.
• Develop new detections based on identified gaps where technically feasible; recommend other security options and workarounds where not economically feasible.
• Iterate on tuning and refinement of CHC-developed detections through CI/CD techniques
• Define visibility/telemetry/logging needs to address expected risks and threats
• Define workflows and processes to enable Cyber operations
• Validate visibility requirements and potential gaps for new cloud services to ensure proper monitoring, alerts and response as possible
• Contributes to the configuration, support, and evaluation of security tools.
• Active oversight of SIEM as it relates to cybersecurity metrics and deliverables.
• Responsible for proposing, establishing, and enforcing baseline computer related security practices within the organization. This includes system rights, data security such as Data Loss Prevention (DLP) strategies, access control to sensitive information and encryption of sensitive data both at rest and in motion.
• Participates in internal and external security audits and provides organizational recommendations to mitigate risks. This includes third party and vendor-driven audit activities. Follows up on all audit action items in collaboration with Director of Information Security.
• Ongoing participation in the Corporate Security Risk Analysis Plan.
• Assists in content creation for Corporate communication and training, including the creation of education materials as it relates to cybersecurity initiatives (phishing campaigns, phish alert, CHC Wiki documents, CHC News Now Updates).
• Assists in initiating cybersecurity drills and audits to test internal and external controls, reviewing quarterly and following up with business owners to ensure state of readiness across the organization for any unplanned threats.
• Responsible for the routine analysis of the vulnerability assessments completed against the IT infrastructure.
• Analyzes and provides recommendations on new and existing technological solutions based upon organizational needs and objectives.
• Other duties include Audit log management, AI based alerting, AV alert response, and other computer-based security events.
• Reviews required security documentation provided by vendors related to vendor partnerships.
• Participates in breach response activities in collaboration with CIO and Director of Information Security.
• Provides security related guidance to other IS staff.
• Completes work requests and projects as assigned by the Director of Information Security.
• May be required to provide guidance to external vendors.
• Performs other duties as assigned.

Qualifications:

Education:

• Bachelor's Degree required.
• Healthcare IT experience preferred.

Experience:

• Five years direct experience within a business environment and information systems required
• 3 years of experience in a hands-on Security Incident Response Role
• 3 years of experience using tools for monitoring and incident response both within Cloud and on-prem environments
• Proficient in the practice of using various tools to collect diversified information for analyzing behaviors indicative of threat (etc., Splunk UBA)
• Experience with Windows environments required
• Experience with Linux environments preferred
• Ability to manage security needs for multiple ongoing projects communicating the priorities, dependencies and risks.

Certification:

• Certification in Security+ required.
• Certification in CISSP preferred.

Special Skills:

• Security auditing, review and response.
• Knowledge of HIPAA, HITECH and NIST Standards as they relate to Healthcare
• Some knowledge of cloud technology (GCP or AWS or Azure)
• Knowledge of pen testing methodologies.
• Working knowledge of network architecture, topology, and usage
• Workstation knowledge must include hardware configuration, software installation and usage, and network security
• Ability to read, understand and follow oral and written instructions

Other Requirements:

• Able to work flexible hours and travel throughout CHC locations
• Current Florida Driver's License required