Security Analyst

Summary

As a Professional Security Compliance at Gainwell, you can contribute your skills as we harness the power of technology to help our clients improve the health and well-being of the members they serve — a community’s most vulnerable. Connect your passion with purpose, teaming with people who thrive on finding innovative solutions to some of healthcare’s biggest challenges. Here are the details on this position.

Your role in our mission

• Plan, implement, manage, monitor, and upgrade security solutions to defend against hacking, malware, ransomware, and other threats to Data, and networks.
• Maintain, enforce, and document M&E security policies and procedures that align with current industry standards and Privacy and Security Agreements (PSAs) among California State agencies, and other Account contractors.
• Serve as a resource regarding matters of information security and reports status of ongoing information security activities to Executive Director or designee(s).
• Support the development/adoption and enforcement of Information Security policies, procedures, and standards.
• Provide timely notification to the account and Project sponsors of security breaches.  
• Coordinate with the account and other account contractors in responding to information security data calls, audit requests, and reporting.
• Work with the account to implement, monitor, and maintain appropriate security measures, best practices, controls, and mechanisms to guard against unauthorized access to electronically stored and/or transmitted Data and protect against reasonably anticipated threats and hazards.
• Perform ongoing security monitoring of Systems. 
• Identify and mitigate all security weaknesses, threats, and vulnerabilities in all operational entities including Operations and Network Management.
• Conduct penetration testing, exercises, analyses and simulation on security incidents and response capabilities to determine effectiveness; document results.
• Implement and enforce policies and procedures, which include standards for incident handling (FTI, PHI, etc.).
• Respond to security breaches.
• Provide root cause analysis and remediation of security issues.

What we're looking for

• A minimum of three (3) years of experience as a Security Lead directly responsible for collaborating with application development teams, technical architects, and security policy experts to define and/or implement an integrated framework of solution security architecture.
• A minimum of three (3) years of lead experiences developing, implementing, improving, and monitoring industry standard Security strategies, solutions, and processes on Projects involving large and complex IT systems and/or AWS cloud environment.
• A minimum of three (3) years of experience applying Information Security principles, methods, and techniques in the development of Project security Deliverables on Projects involving large and complex IT systems.
• A minimum of three (3) years of experience assessing system data sensitivity using security categorizations (e.g., FIPS Publication 199) to identify appropriate security controls to protect Personally Identifiable Information (PII), Protected Health Information (PHI) and/or Federal Tax Information (FTI) data.
• A minimum of three (3) years of experience with systems that comply with NIST 800-53 moderate baseline.
• Hold an (ISC)2© Certified Information Systems Security Professional (CISSP) certification, or ISACA Certified Information Security Manager (CISM) and maintain for the duration of the contract.
• Eligibility and Enrollment experience

What you should expect in this role

• Onsite in Sacramento as hybrid remote
• Opportunities to travel through your work (0-10%)