Description

Job Title: Security Analyst

Hours: 20-25 hours per week - Part Time

ROLE IS PART-TIME

- Position can be remote, but must be in Eastern or Central Time Zone
- Should have an Associates degree at least, or Certifications and experience mean more to the manager
- Will be a Security Analyst
- At least 1 year of experience would be helpful, would consider entry level with certifications
- Will be doing Security Assessments
- Must have an understanding with Security / IT architecture (ex- access controls)
- Certifications: NIST, HITRUST, SOC Type 2, CISSP, CISA
- Salesforce.com experience helpful, but not required
- Certifications more important than the degree
- Will be reviewing and assessing vendor security controls (preferred)
- Must be organized
- Must be familiar with process opitimization
- Immediate Team is about 4-5 workers, and will work with SMEs as well

About the Role:

• We are seeking a motivated and detail-oriented Security Analyst to support the completion of required IT security assessments for onboarding new hospitals and clinical sites.
• The ideal candidate will have experience with Salesforce.com and a strong understanding of cybersecurity controls and frameworks including NIST, HITRUST, SOC 2, etc.

Key Responsibilities:

• Security Assessments: Manage and respond to security risk assessments from hospital networks collaborating as CAR-T customers.
• Question Review: Thoroughly review security questions, ensuring accurate and comprehensive responses.
• Knowledge Acquisition: Develop a deep understanding of Client's Information Asset Protection Policies (IAPPs) and application-specific controls implemented within our CAR-T systems.
• Documentation: Maintain all relevant documentation required to track, manage and complete IT security assessments, including a Q&A bank, Assessment Tracker, etc.
• Collaboration: Consult with technical and security teams and subject matter experts to address more complex questions or requests.
• Process Leadership: Lead a weekly stand-up meeting or review call to report on ongoing assessments, gather updates, and identify any bottlenecks in the process.
• Communication Management: Monitor a shared inbox for customer communications and input relevant information into our internal communication tracker in Microsoft Teams.

Qualifications:

• Familiarity with standard security controls, including access controls, the principle of least privilege, and encryption protocols.
• Thorough understanding of cybersecurity frameworks and certifications like NIST, HITRUST and SOC Type 2.
• Strong analytical and problem-solving skills.
• Excellent communication and interpersonal abilities.
• Proficiency in Excel and Microsoft Teams.