Sr Information Security Analyst

About City of Hope

City of Hope, an innovative biomedical research, treatment and educational institution with over 5,000 employees, is dedicated to the prevention and cure of cancer and other life-threatening diseases and guided by a compassionate, patient-centered philosophy.

Founded in 1913 and headquartered in Duarte, California, City of Hope is a remarkable non-profit institution, where compassion and advanced care go hand-in-hand with excellence in clinical and scientific research. City of Hope is a National Cancer Institute designated Comprehensive Cancer Center and a founding member of the National Comprehensive Cancer Network, an alliance of the nation's 20 leading cancer centers that develops and institutes standards of care for cancer treatment.

Position Summary:

The Senior Information Security Analyst supports the Information Security Department (ISD) in evolving the confidentiality, integrity, and, availability of the information assets related to City of Hope business and information systems. The incumbent in this role must have a professional image, the ability to work under pressure, and be able to resolve problems and conflicts. The incumbent takes a technical leadership role in the information security program by contributing to the development of an enterprise wide security risk program, policies and standards, vulnerability life-cycle management and remediation, evaluation of new security technologies, and contributes to security incident and event management. The incumbent takes a leadership role in supporting and assisting with coordination and implementation of all process and technical aspects of the Information Security Program.

Essential Functions:

  • Develop and publish and risk analysis and assessment protocols for information security risk management purposes.
  • Work directly with business and technical teams to implement risk-related activities including accessing, planning, testing, reporting and recommending appropriate remediation measures.
  • Perform information security evaluations for information technology projects to ensure compliance with policies and regulatory requirements.
  • Contributes to the forensic analysis of security violations.
  • Conduct periodic self-assessments and gap analysis related to information security controls and manage the remediation to correct the gaps.
  • Participate in verifying network, wireless and firewall security systems by conducting reviews and policy assessments.
  • Provide analysis to support and maintain information security related technologies and architectures, such as, but not limited to, IDS (intrusion detection systems), VPNs (virtual private networks), data loss prevention tools, VLANs, firewall architectures, proxy servers, internet access policy servers, authentication systems, and content screening servers.
  • Ensures compliance to regulations, business requirements and City of Hope policies, standards, and procedures.
  • Design, document, and support network security design changes including wireless network.
  • Oversee and monitor risk mitigation and coordination of policies, standards and controls with the ISO and Compliance Officer.
  • Perform data security event correlation between various systems.
  • Supports the vulnerability life cycle management.
  • Provide incident response functions when appropriate and coordinate activities with other information technology teams.
  • Assist with the evaluation of new information security technologies with recommendations to management on the different products.
  • Review alerts and data collected from data security systems on a daily basis and report findings.
  • Contribute to the development of information security policies and procedures designed to meet the changing needs of the City of Hope.
  • Prepare documentation to support the development of information security policies, standards, guidelines, procedures and awareness training.
  • Performs special projects as assigned by the ISO.
  • Internal Contacts: Across all ITS departments, COH business, research and clinical areas, and VP/Director/Managers.
  • External Contacts: Software/hardware vendors.
  • Evaluate current information technology systems for information security gaps, identify, and implement remediation solutions.

Follows established City of Hope and department policies, procedures, objectives, performance improvement, attendance, safety, environmental, and infection control guidelines, includingadherence to theworkplaceCode of Conduct and Compliance Plan. Practices a high level of integrity and honesty in maintaining confidentiality.

Performs other related duties as assigned or requested.

The following shared, organization-wide competencies describe the desired behaviors that will facilitate success at City of Hope:
  • Communication - Expresses ideas clearly and constructively (written and spoken, upward and downward, one-on-one and with groups).
  • Customer Service - Seeks to understand customer needs and works to exceed customer expectations (internal and external).
  • Initiative - Looks for opportunities to improve performance; manages time, work, and relationships effectively and efficiently.
  • Professionalism - Treats others with respect; abides by the institutional values; displays a positive and cooperative attitude; adheres to the workplace Code of Conduct and compliance policies.
  • Stewardship - Identifies efficiencies to reduce redundancy and/or elimination of tasks resulting in savings of cost, resources, and or/time.
  • Teamwork - Works proactively and collaboratively with others to streamline work and achieve mutual goals.

  • Position Qualifications:

    Minimum Education:

    Bachelor degree, Experience may substitute for minimum education requirements

    Minimum Experience:
    • Seven or more years in a technology related field, with a minimum of 5 years in information security specific experience. Hospital/healthcare industry experience is desirable, but not required.
    • Working knowledge of Information Security tools, practices, policies and processes in a multi-vendor environment with an emphasis on risk analysis, risk assessment and risk management.
    • Management/Computer Information Systems (MIS/CIS), Computer/Electrical Engineering, Computer Science or related field.

    Req. Certification/Licensure:

    CISSP - Certified Information Systems Security Professional (or within 6 months of hire) or Equivalent

    Preferred Education:

    Preferred Courses/Training:

    Pref. Certification/Licensure:
    • Any other certification is highly desirable:
      • CISM Certified Information Security Manager
      • CISA Certified Information Systems Auditor
      • GIAC:
        • GISP Information Security Professional,
        • GSEC Security Essentials Certification,
        • SSCP- Systems Security Certified Practitioner,
        • GISF- Information Security Forensics,

    Preferred Experience:

    • Strong verbal and written communication skills and clear articulation of complex issue and problem-resolution skills a must.
    • Comprehensive understanding of the regulatory environment including HIPAA/HITECH, PCI, Red Flags; and, information security frameworks i.e. NIST, ITIL, FIPS, FISMA, ISO, and Cobit.
    • Knowledge of design, implementation, and maintenance of: security incident and event management (SIEM), local area networks and firewalls, Active Directory, group policy objects, scripting, vulnerability scanning, encryption, IDS/IPS, web filtering, LDAP, multi-factor authentication systems, exploits and hacker techniques, and, network and operating system security principles.
    • Strong verbal and written communication and organizational skills
    • Interpersonal and negotiating skills
    • Foster/promote a professional image
    • Works well independently or on multiple projects as a project team member

    City of Hope is committed to creating a diverse environment and is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, religion, color, national origin, sex, sexual orientation, gender identity, age, status as a protected veteran, or status as a qualified individual with disability.

    Back to top