Department/Unit: Information Systems & Services Work Shift: Day (United States of America) Salary Range: $78,773.63 - $122,099.12 The Information Security Analyst is a member of the information security team and works closely with the other members of the team to develop and implement a comprehensive information security program. This includes defining security policies, processes and standards. The Information Security Analyst works to select and deploy technical controls to meet specific security requirements, and defines processes and standards to ensure that security configurations are maintained. Level IV The Information Security Analyst – Level IV will play a lead role in information security at Albany Medical Center, second only to management. This role entails significant responsibility in maintaining overall risk profiles for the organization and major systems; playing lead advisory role for security engineering decision making; and/ or playing a lead role in operational matters related to identity access management, security event monitoring and alerting, fulfilling litigation discovery requirements, and facilitating information security investigations. Typical responsibilities include: + Work within the information security governance process to define control recommendations that are both efficient and effective + Research, evaluate, design, test, recommend and plan the implementation of new or updated information security technologies + Play a lead role in maintaining information security documentation, policies and procedures + Prepare executive level reports on a variety of subjects + Contribute to the development of information security program by working with management + Represent information security work units in meetings across, and at all levels of, the medical center + Maintain risk assessment procedures at enterprise and application level + Coordinate external program assessments for PCI, HIPAA, penetration testing, and others + Develop and define technical security requirements necessary for new products, services, and technologies + Develop and complete security product assessments and evaluations, make recommendations to information security management and coordinate security project implementations + Assure that the controls environment and any related processes, procedures and standards adhere to National Institute of Standards and Technology (NIST) frameworks + Assure that clear and timely business advice is provided to executive management on key information security and assurance issues Supervision + This is a non-managerial role, however individuals in this role may be expected to supervise small to medium projects, project teams, or technical processes Contact with others + This position requires frequent communication within Information Technology, across Albany Med, with C-level executives, and with external individuals including those from various governmental regulatory agencies Other + Provide on-call, extended weekday and weekend support for on-site and off-site locations, as warranted by critical business requirements + Maintain confidentiality by using and communicating information only as needed to perform one’s duties + Perform at or above the Information Technology performance standards + Fulfill department requirements in terms of providing work coverage and administration notification during periods of absence (personnel illness, vacation, education, etc.) + Complete other duties or assignments as designated by management Thank you for your interest in Albany Medical Center!​ Albany Medical is an equal opportunity employer. This role may require access to information considered sensitive to Albany Medical Center, its patients, affiliates, and partners, including but not limited to HIPAA Protected Health Information and other information regulated by Federal and New York State statutes. Workforce members are expected to ensure that: Access to information is based on a “need to know” and is the minimum necessary to properly perform assigned duties. Use or disclosure shall not exceed the minimum amount of information needed to accomplish an intended purpose. Reasonable efforts, consistent with Albany Med Center policies and standards, shall be made to ensure that information is adequately protected from unauthorized access and modification.