Department/Unit:

Information Systems & Services

Work Shift:

Day (United States of America)

Salary Range:

$78,773.63 - $122,099.12

The Information Security Analyst is a member of the information security team and works closely with the other members of the team to develop and implement a comprehensive information security program. This includes defining security policies, processes and standards. The Information Security Analyst works to select and deploy technical controls to meet specific security requirements, and defines processes and standards to ensure that security configurations are maintained.

Level IV

The Information Security Analyst – Level IV will play a lead role in information security at Albany Medical Center, second only to management. This role entails significant responsibility in maintaining overall risk profiles for the organization and major systems; playing lead advisory role for security engineering decision making; and/ or playing a lead role in operational matters related to identity access management, security event monitoring and alerting, fulfilling litigation discovery requirements, and facilitating information security investigations.

Typical responsibilities include:

Work within the information security governance process to define control recommendations that are both efficient and effectiveResearch, evaluate, design, test, recommend and plan the implementation of new or updated information security technologiesPlay a lead role in maintaining information security documentation, policies and proceduresPrepare executive level reports on a variety of subjectsContribute to the development of information security program by working with managementRepresent information security work units in meetings across, and at all levels of, the medical centerMaintain risk assessment procedures at enterprise and application levelCoordinate external program assessments for PCI, HIPAA, penetration testing, and othersDevelop and define technical security requirements necessary for new products, services, and technologiesDevelop and complete security product assessments and evaluations, make recommendations to information security management and coordinate security project implementationsAssure that the controls environment and any related processes, procedures and standards adhere to National Institute of Standards and Technology (NIST) frameworksAssure that clear and timely business advice is provided to executive management on key information security and assurance issues

Supervision

This is a non-managerial role, however individuals in this role may be expected to supervise small to medium projects, project teams, or technical processes

Contact with others

This position requires frequent communication within Information Technology, across Albany Med, with C-level executives, and with external individuals including those from various governmental regulatory agencies

Other

Provide on-call, extended weekday and weekend support for on-site and off-site locations, as warranted by critical business requirementsMaintain confidentiality by using and communicating information only as needed to perform one’s dutiesPerform at or above the Information Technology performance standardsFulfill department requirements in terms of providing work coverage and administration notification during periods of absence (personnel illness, vacation, education, etc.)Complete other duties or assignments as designated by management

Thank you for your interest in Albany Medical Center!​

Albany Medical is an equal opportunity employer.

This role may require access to information considered sensitive to Albany Medical Center, its patients, affiliates, and partners, including but not limited to HIPAA Protected Health Information and other information regulated by Federal and New York State statutes. Workforce members are expected to ensure that:

Access to information is based on a “need to know” and is the minimum necessary to properly perform assigned duties. Use or disclosure shall not exceed the minimum amount of information needed to accomplish an intended purpose. Reasonable efforts, consistent with Albany Med Center policies and standards, shall be made to ensure that information is adequately protected from unauthorized access and modification.