Health elevated.

Information Security Analyst

Vytalize Health

Vytalize Health

IT
Remote
Posted on Oct 8, 2024

About Our Company

Vytalize Health is a leading value-based care platform. It helps independent physicians and practices stay ahead in a rapidly changing healthcare system by strengthening relationships with their patients through data-driven, holistic, and personalized care. Vytalize provides an all-in-one solution, including value-based incentives, smart technology, and a virtual clinic that enables independent practices to succeed in value-based care arrangements. Vytalize's care delivery model transforms the healthcare experience for more than 250,000+ Medicare beneficiaries across 36 states by helping them manage their chronic conditions in collaboration with their doctors.

About our Growth

Vytalize Health has grown its patient base over 100% year-over-year and is now partnered with over 1,000 providers across 36-states. Our all-in-one, vertically integrated solution for value-based care delivery is responsible for $2 billion in medical spending. We are expanding into new markets while increasing the concentration of practices in existing ones.

Visit www.vytalizehealth.com for more information.

Why you will love working here

We are an employee first, mission driven company that cares deeply about solving challenges in the healthcare space. We are open, collaborative and want to enhance how physicians interact with, and treat their patients. Our rapid growth means that we value working together as a team. You will be recognized and appreciated for your curiosity, tenacity and ability to challenge the status quo; approaching problems with an optimistic attitude. We are a diverse team of physicians, technologists, MBAs, nurses, and operators. You will be making a massive impact on people’s lives and ultimately feel like you are doing your best work here at Vytalize.

Your Opportunity

As an Information Security Analyst, you play a critical role in protecting Vytalize from adverse events and developing incident response capabilities. Responsibilities involve assessing risks, identifying control weakness, conducting access reviews for the technology ecosystem, conducting awareness and training in accordance with the awareness and training program, monitoring vulnerability and software patching processes, assisting with incident response and disaster recovery planning and exercises. Assisting and coordinating the information security assessments and audit.

Incident Response

  • Assist in the development, maintenance, and test of the incident response plans to effectively address and mitigate security breaches or compliance violations.
  • Assist in the test of the business continuity plans and disaster recovery plan to effectively sustain business process and to effectively restore the operability of a system, application, or infrastructure to effectively restore the operability of a system, application, or infrastructure during and after a cyber incident disruption.
  • Coordinating and leading efforts to detect, analyze, and respond to security incidents and breaches.

Identity and Access Management

  • Conduct both logical and physical access reviews for all information systems and physical security systems to identify non-compliance with the information security policies.
  • Summarize the access review and submit tickets for any corrective actions.
  • Monitor and track tickets to ensure timely completion.
  • Develop identity and access management procedures for the all the information systems and physical security systems to provide consistent processes.

Risk Assessment and Audits

  • Maintain the cyber security risk register with the risks, risk ratings, risk mitigation strategies and action plans.
  • Prepare and distribute regular reports to management and stakeholders summarizing risk assessments, compliance status, risk treatments plans, and recommendations for improvement.
  • Assist with data gathering and coordination with the various teams for audits and risk assessments.
  • Regularly test the controls implemented to identify controls weaknesses or modifications.

Training and Awareness

  • Conduct regular simulated phishing exercises to educate and detect malicious emails and other malicious events.
  • Schedule and conduct training to educate workforce members regarding cyber security best practices, regulatory compliance and other cyber security requirements.
  • Monitor the training campaigns to demonstrate the effectiveness of the training program and improve phishing detection and response.

Vulnerability Management

  • Monitor remediation of the vulnerability assessment findings, including penetration test, application security test, and internal and external vulnerability scans.
  • Communication vulnerability assessment remediation and risks with IT and information security team members.

Collaboration and Communication

  • Collaborate with cross-functional teams
  • Communicate security risks, issues, and recommendations to senior management and stakeholders, advocating for investments in cybersecurity and risk mitigation initiatives.

Qualifications

  • Work experience in healthcare information security field.
  • Previous Health Information Technology (HIT) experience implementing controls to meet federal security and privacy regulations.
  • 3+ years of relevant work experience in IT security in a complex enterprise environment, preferred
  • Demonstrated knowledge of information technology processes, risks, infrastructure, and information security.
  • Experience with incident response and vulnerability management.
  • Knowledge of Health Insurance Portability and Accountability Act (HIPAA), Health Information Technology for Economic and Clinical Health (HITECH), and Payment Card Industry Data Security Standards (PCI DSS).
  • Experience with information security assessments and audits.
  • Strong written and verbal communication skills
  • Ability to articulate complex issues to both technical and non-technical stakeholders.
  • Effective collaboration with stakeholders across departments and affiliated organizations.
  • Ability to analyze complex security issues and develop effective solutions.
  • Knowledge of security frameworks, cyber threats, and technology trends.
  • Detailed oriented
  • Preferred expertise in security assessment methodologies.
  • Ability to work effectively in a complex enterprise environment.

Please note at no time during our screening, interview, or selection process do we ask for additional personal information (beyond your resume) or account/financial information. We will also never ask for you to purchase anything; nor will we ever interview you via text message.