IT Security Analyst II - IV
Medical Mutual of Ohio
- Columbus, OH
- Permanent
- Full-time
This role supports the enterprise’s compliance with the HIPAA Security, SOC 2, SOC 1, and other internal audits. This individual is responsible for policies, procedures, and risk management projects. This role will fulfill these duties by collaborating with internal, IT staff, and other stakeholders to ensure compliance project deliverables are met.IT Security Analyst – III
This role supports the enterprise’s compliance with the HIPAA Security, SOC 2, SOC 1, and other internal audits. This individual is responsible for policies, procedures, and risk management governance (GRC). This role will fulfill these duties by collaborating with internal, IT staff, and other stakeholders to ensure compliance project deliverables are met.IT Security Analyst – IV
This role provides complex analysis and accurate and timely assessment of risk metrics. Leads the enterprise’s compliance with the HIPAA Security, SOC 2, SOC 1, and other internal audits. Works independently to solve problems, complete special projects, and conduct monthly activities. This individual is responsible for policies, procedures, and risk management governance. Acts as a best practice/quality resource for colleagues with less experience and guides others in resolving complex issues.ResponsibilitiesIT Security Analyst – II
Policy Development and Maintenance:
- Manages and ensures Policies are in place to meet relevant federal and state laws and regulations.
- Maintains IT Policies repository and facilitates annual review process.
- Assists internal and external IT audits (SOC2, HIPAA, ITCG) evidence collection.
- Assists in the conducting of risk assessments to identify vulnerabilities within the organization and third-party products.
- Manages Risk Register and mitigation tracking
- Develops and reports on information security metrics.
- Presents reports to various stakeholders
Policy Development and Maintenance:
- Manages and ensures Policies are in place to meet relevant federal and state laws and regulations.
- Maintains IT Policies repository and facilitates annual review process.
- Assists internal and external IT audits (SOC2, HIPAA, ITCG) including engagement management and evidence collection.
- Conduct risk assessments to identify vulnerabilities within the organization and third-party products.
- Prioritize risks based on impact and likelihood.
- Manages Risk Register and mitigation tracking
- Develops and reports on information security metrics.
- Provide insights to senior leadership regarding risk management.
Policy Development and Maintenance:
- Manages policies and recommends new policies based on risk and changes in regulations or processes.
- Develops IT Policies framework and tracking repository and leads annual review process.
- Leads internal and external IT audits (SOC2, HIPAA, ITCG) including engagement management and evidence collection.
- Conduct risk assessments to identify vulnerabilities within the organization and third-party products and presents results to leadership.
- Prioritizes risks based on impact and likelihood and facilitates risk tolerance decisions by management.
- Manages Risk Register and mitigation tracking
- Develops information security metrics and recommendations based on identified risks.
- Provide insights to senior leadership regarding risk management.
- Bachelor’s Degree - Information Technology or related field or the equivalent combination of education and experience.
- 3 years relevant IT experience.
- Certified in Risk and Information Systems Control (CRISC) preferred.
- Certified Information Systems Security Professional (CISSP) preferred.
- Intermediate understanding of current technical architecture including but not limited to server, network, application firewall.
- Bachelor’s Degree - Information Technology or related field or the equivalent combination of education and experience.
- 5 years relevant IT experience.
- Certified in Risk and Information Systems Control (CRISC) Preferred.
- Certified Information Systems Security Professional (CISSP) Preferred.
- Intermediate Understanding of current technical architecture including but not limited to server, network, application firewall.
- Bachelor’s Degree - Information Technology or related field or the equivalent combination of education and experience.
- 7 Years Relevant IT Experience.
- Certified in Risk and Information Systems Control (CRISC) Preferred.
- Certified Information Systems Security Professional (CISSP) Preferred.
- Advanced Understanding of current technical architecture including but not limited to server, network, application firewall.