Vitalant is seeking a dedicated Sr. Information Security Analyst to help protect the digital foundation of our life-saving mission. As a key member of our security operations team, you'll play a critical role in identifying and addressing potential threats to Vitalant’s digital information and network infrastructure. By assessing risks, advising on secure architecture, and collaborating across teams, you'll help ensure that our systems stay strong, so we can continue our mission of bringing life-transforming donations to those in need.    

What to Expect

Our comprehensive total rewards support you, your family, and your future with: 

Medical, dental, and vision insurance 401K + 5% company match Tuition assistance up to $5k per year Free basic life and AD&D insurance Free short-and-long-term disability insurance Paid time off Employee Resource Groups Recognition and perks  

 

As a Sr. Information Security Analyst, you'll get to:

Support information security functions across the enterprise.Define security best practices and provides guidance to Enterprise Application and Infrastructure teams for continuous process improvements.   Assess proposed application solutions for adherence to documented company standards, policies and regulatory responsibilities. Responsible for being familiar with Vitalant’s IT security functions and tools such as network security, firewalls, email security, MFA, Intune, etc.. Collaborate with Infrastructure Operations team to reduce risks to information assets by recommending/implementing controls e.g. encryption, network segmentation, access controls, patch and vulnerability management.   Participate in incident response and investigations of suspected information security and privacy events, misuse or compliance reviews.   May perform assessments to ensure use of established security policies and practicesAnalyze current attack trends, technologies, and methodologies and design and implement technical and process-oriented countermeasures. Assess emerging technologies against security architecture to determine where they fill gaps, overlap with existing solutions or extend capabilities. Participate in assessment and mitigation of phishing emails from external sources and supporting internal phishing education and awareness campaigns. Responsible for all or parts of information security threat detection and response, vulnerability management of traditional networked and Internet of Things (IoT), leveraging capabilities of a third-party SIEM, and supporting data identification, classification, and loss prevention. Responsible for managing vendor relationships and contracts Manage relationships and collaboration with external partners such as CISA, HISAC, CIS, and InfraGuard. Responsible for identifying and completing information security roadmap goals and overseeing specific functions within the information security program. Update and maintain assigned portion of the information security risk register. Knowledge/ Education  Bachelor’s degree or equivalent combination of education and experience required.    Licenses/ Certifications  Relevant information security certification (e.g. GIAC, CISSP) from a nationally recognized organization required. or willingness to obtain with first year of employment.    Experience  Eight years of progressive experience in Information Technology, Cybersecurity, Information Security, Information Assurance, related roles required. Experience in Information Security, including firewall, intrusion detection/prevention systems, anti-malware products, forensics tools, data encryption, data loss prevention (DLP), virtual private networks (VPN), vulnerability management, multiple operating systems (Windows, UNIX, Linux, etc.), and directory services (Active Directory, LDAP), cloud security, artificial intelligence (AI), Internet of Things, leveraging managed detection and response, zero trust architecture (ZTA), identity and access management (IAM), and malicious phishing campaigns preferred. Experience working in a regulated environment, preferably healthcare preferred.   Skills/ Abilities  Must possess the skills and abilities to successfully perform all assigned duties and responsibilities. Must be able to maintain confidentiality.Demonstrated understanding of networks and protocols, Microsoft O365 environment, cloud security, artificial intelligence (AI), data loss prevention, secure development lifecycle, MITRE ATT&CK framework, and risk management. Demonstrated understanding of NIST Cybersecurity Framework, NIST 800-53, CIS Critical Security Controls, HIPAA Security Rule, and risk management fundamentals. Strong business analysis skills. Ability to work and communicate effectively in a collaborative team environment and as an individual contributor. Resourceful, creative, innovative, results driven and adaptable.