Information Security Analyst

Job Summary

The Information Security Analyst will play a critical role in safeguarding Greenway Health by focusing on vulnerability management. This position is responsible for identifying, assessing, prioritizing, and mitigating security vulnerabilities across our systems, applications, and infrastructure. The analyst will work closely with IT, development, and compliance teams to ensure the confidentiality, integrity, and availability of sensitive healthcare data in compliance with HIPAA and other regulatory standards. This role requires a proactive approach to staying ahead of emerging threats and maintaining a robust security posture for our EHR solutions.

Essential Duties & Responsibilities

• Conduct regular vulnerability scans and assessments of EHR systems, applications, networks, and infrastructure (e.g., Rapid7).
• Analyze scan results, prioritize vulnerabilities based on risk severity, and develop remediation plans in collaboration with system owners and development teams.
• Track and manage vulnerabilities through their lifecycle, ensuring timely mitigation or acceptance of risks with proper documentation.
• Collaborate with DevOps and software development teams to integrate secure coding practices and address vulnerabilities in the software development lifecycle (SDLC).
• Maintain and update vulnerability management policies, procedures, and documentation to align with industry standards (e.g., NIST, HITRUST) and regulatory requirements (e.g., HIPAA).
• Monitor threat intelligence feeds to identify emerging vulnerabilities and threats relevant to EHR systems and recommend proactive measures.
• Assist in penetration testing efforts and coordinate with internal teams and external vendors to validate security controls.
• Provide regular reports and metrics on vulnerability management activities to leadership and compliance teams.
• Participate in incident response activities related to vulnerabilities and support the development of patch management strategies.
• Educate and train internal teams on vulnerability management best practices and secure development principles.
  
  

Experience & Education

• 2-4 years of experience in information security, cybersecurity, or a related role, preferably in the healthcare or technology sector.
• High school diploma or equivalent. Associate degree in Technology/Computers preferred, ideally in Computer Engineering, Computer Science, or Information Systems Management or equivalent work experience in the field of Cybersecurity.
• Possess current security certifications (e.g., CEH, CC, CISM, Security+) or be willing to obtain within 1 year of assignment.
  
  

Minimum Qualifications

• Demonstrated experience with vulnerability scanning tools (e.g., Rapid7, Nessus, Qualys) and interpreting scan results.
• Knowledge of common vulnerability scoring systems (e.g., CVSS) and risk assessment methodologies.
• Understanding of secure software development practices and application security testing (e.g., SAST, DAST).
• Ability to work collaboratively in a cross-functional environment and communicate technical concepts to non-technical stakeholders.
• Ability to manage multiple priorities and meet deadlines in a fast-paced environment.
• Strong communication skills to convey complex security concepts to technical and non-technical audiences.
  
  

Skills & Knowledge

• Proficiency in vulnerability management processes, including identification, assessment, prioritization, and remediation.
• Familiarity with common security frameworks and standards (e.g., NIST 800-53, OWASP, CIS Controls).
• Knowledge of network protocols, operating systems (Windows, Linux), and cloud environments (e.g., AWS, Azure).
• Understanding of EHR system architecture and the unique security challenges in healthcare IT.
• Strong written and verbal communication skills for documenting findings and presenting recommendations.
• Ability to stay current with evolving cybersecurity threats, vulnerabilities, and mitigation techniques.
• Experience with scripting (e.g., Python, PowerShell) for automating vulnerability management tasks is a plus.
• Ability to recommend approaches for new or improved processes.
• Displays and promotes a positive attitude and possesses unwavering integrity and extraordinary adherence to high ethical standards.
• Ability and motivation to learn new skills as required by an evolving information security landscape.
• Working knowledge of and experience with the Linux operating system is a plus.
• Experience working with Rapid7 InsightVM a plus.
• Ability to perform professional tasks independently and to analyze and develop innovative solutions to complex problems.
  
  

Work Environment/Physical Demands

• While at work, this position is primarily a sedentary job and requires that the associate can work in an environment where they will consistently be seated for the majority of the work day
• This role requires that one can sit and regularly type on a key board the majority of their work day
• This position requires the ability to observe a computer screen for long periods of time to observe their own and others’ work, as well as in-coming and out-going communications via the computer and/ or mobile devices.
• The role necessitates the ability to listen and speak clearly to customers and other associates
• The work environment is an open room with other associates and noise from others will be part of the regular work day