Previous Job
Security Analyst III Risk Management
Ref No.: 17-15179
Location: Phoenix, Arizona
non-negotiable skills needed for a worker to hit the ground running:
Experience with vulnerability management, data analysis, and reporting.
They must have experience with a vulnerability management tool.
Nexpose Rapid 7 is preferred but other vulnerability management tools will be considered.

desirable soft skills:
Good communication and customer service skills.

IT Job Description: IT Security Analyst III - Risk Management

Under the guidance of the GRC Treatment and Measurement Manager, this person is responsible for telling the vulnerability risk story for the organization to leadership and stakeholders. Aggregates and reports on vulnerabilities identified through vulnerability scans, provides guidance to system and data owners on the treatment (avoid, mitigate, or accept), and monitors the progress of the documented treatment. Experience with vulnerability management tools required. Nexpose Rapid7 is preferred but experience with similar tools is required.
• Analyze vulnerability data to identify patterns and establish key performance indicators
• Develop and distribute reports on risks and vulnerabilities for directors, department heads, and data owners and respond to requests for customized vulnerability information
• Identify owners and work with them to document a response plan for identified vulnerabilities
• Monitor vulnerabilities and follow-up as needed to ensure compliance with the approved response plan

3-4 years’ experience in related job area (information security, vulnerability management, IT Audit, data analysis) required.
2-4 years’ experience in programing or system/network operations and administration preferred.
Experience with vulnerability management tools. Preferably with Nexpose Rapid7 but Qualys or similar experience acceptable.
Experience in Windows Office (Work, Excel, etc.) required.
Experience in UNIX/Linux OS and/or Cisco IOS preferred.
1-2 years project management for minor projects experience preferred
3-5 years risk management GRC experience in the healthcare/medical environment preferred
Bachelor’s Degree in Computer Science, Information Security, Information Systems, or related field, or equivalent professional experience required
One or more relevant technical/professional security certifications (such as: COMP-TIA Network+ , Security+, SANS GIAC, CISSP, CRISC, CISA, or vendor-specific)) required
Two or more certifications preferred
Special Training:
Functional understanding of regulatory and compliance mandates, including but not limited to HIPAA, HITECH, PCI, Sarbanes-Oxley preferred.
Strong knowledge of healthcare environments preferred
Essential Functions:
Provides assistance and support as requested to Security Engineering, IDM Engineering, Network Engineering, Security Risk Management and/or Information Security Ops.
• Proactively identifies and escalates incidents as well as operational performance concerns.
• Manage workload, prioritizing tasks and documenting time, and other duties as directed by management.
• Assists in Continual Service Improvement efforts by identifying opportunities for process improvement. Drives some process improvement efforts.
• Pursue continuing education to grow and maintain knowledge of best practices, compliance requirements, threats and trends in information security, translating into operational action items, policies, procedures, standards and guidelines as part of the IT Security team
• Act as a security advocate for IT operations team’s adherence to Dignity Health policies and industry best practices.
• Participate in the collection and documentation of departmental knowledge artifacts, participant in the development and population of knowledge management and collaboration systems for the IT Security team.
• Communicates technical information to team members and across the IT Organization.
• Assists Management in identifying knowledge gaps and providing training to Analysts and Technicians in the IT Security Organization as directed.
• Assists in development of training material.
Core Competencies:
The extent to which an organization’s mode of operation, mission and values are consistent with the type of environment that provides personal satisfaction
Working effectively and cooperatively with others; establishing and maintaining good working relationships
Effectively meeting customer needs; building productive customer relationships; taking responsibility for customer satisfaction and loyalty.
Having achieved a satisfactory level of technical and professional skill or knowledge in position-related areas; keeping up with current developments and trends in areas of expertise
Job Specific Competencies:
Analytical Thinking: Able to breakdown raw information and undefined problems into specific, workable components that, in turn, clearly identify the issues at hand. Makes logical conclusions, anticipates obstacles, and considers different approaches that are relevant to the decision making process.
Communication for Results: Expresses technical and business concepts, ideas, feelings, opinions, and conclusions orally and in writing. Listens attentively and reinforces words through empathetic body language and tone
Conceptual Thinking: Synthesizes facts, theories, trends, inferences, and key issues and/or themes in complex and variable situations. Recognizes abstract patterns and relationships between apparently unrelated entities or situations. Applies appropriate concepts and theories in the development of principles, practices, techniques, tools and solutions.
Consulting: Uses professional or technical expertise to advise, intervene, and/or influence a customer or internal partner over whom there is no direct authority.
Information Seeking: Gathers and analyzes information or data on current and future trends of best practice. Seeks information on issues impacting the progress of organizational and process issues. Translates up-to-date information into continuous improvement activities that enhance performance
Problem Solving:
Anticipates, identifies and defines problems. Seeks root causes. Develops and implements practical and timely solutions
Risk Managment: Identifies risks and obstacles to plans. Defines scarcity and conflicts of resource needs, and potential constraints. Investigates risks within various project elements, assesses impact, and develops contingency plans to address major risks.
Business Enterprise Knowledge: Solicits information on enterprise direction, goals and industry competitive environment to determine how own function can add value to the organization and to customers. Makes decisions and recommendations clearly linked to the organization's strategy and financial goals, reflecting an awareness of external dynamics. Demonstrates awareness by providing clear explanations for actions taken relative to customer requirements, needs, and industry trends
System Thinking: Ability to plan and account for impacts of system development efforts across architectural system components, critical business processes, data and applications. Conceptualizes the impact of changes to system platforms as a result of system acquisition, system merger, or implementation of enterprise-wide systems.