Senior Security Analyst

Exactech, Inc.
Job Description

Job Details

Description

 Purpose:

The Senior Security Analyst will focus on designing and developing security policies, procedures and practices that meet regulatory, internal and data protection requirements as well as align with the business and corporate security strategy. The Senior Security Analyst will work collaboratively with the Global Infrastructure and Applications teams to implement and maintain security controls and solutions compliant with approved architecture frameworks and standards.

Duties and Responsibilities (Key Deliverables):

Strategy & Planning

1. Perform security assessments, identify gaps in existing security architecture, and recommend changes or improvements. 

2. Design security architecture elements to mitigate threats.

3. Create and maintain the enterprise’s security documents (policies, standards, baselines, guidelines, and procedures).

4. Participate in developing approved standard responses to security related inquiries.

5. Participate in risk assessments for new technologies and projects.

6. Participate in risk assessment procedures, policies and requirements for systems or data interfaces with 3rd party partner organizations and vendors.

7. Participate in company audits as required.

8. Employ secure configuration management processes.

9. Assist in developing a disaster recovery and business continuity plan.

10. Provide recommendations on security road map and planning for the purpose of maintaining operating and capital budgets for security related services.

11. Work with the legal team to establish and maintain the framework (policies, procedures, and platforms) to comply with data protection, E-Discovery, and legal hold requirements.

Operational Management

1. Ensure the enforcement of enterprise security policies and procedures.

2. Monitor detection and assessment tools to respond in accordance with security policies to any identified threats or vulnerabilities with potential network, information, systems or application implications.

3. Work closely with IT team on corporate technology development to fully secure information, computer, network, and processing systems.

4. Provide administration guidance and review of all computer security systems and their corresponding or associated software, including firewalls, intrusion prevention systems, cryptography systems, threat assessment, anti-virus, and anti-spam/phishing platforms.

5. Create, and maintain the enterprise’s security awareness training program.

6. Recommend and implement changes in security policies and practices in accordance with changes in regulatory requirements and industry best practices.

7. Creatively and independently provide resolution to security problems.

8. Assess and communicate security risks associated with purchases or practices performed by the company.

9. Ensure that compliance with e-discovery and legal hold requests is achieved.

10. Work closely with sales and product development teams responding to security questionnaires from customers.

11. Work closely with other IT team members on identity/access management, single sign-on and multi-factor authentication practices.

12. Remain informed on trends and issues in the security industry, including current and emerging technologies.

Communication

1. Document security requirements and controls for protecting information, systems, and technology assets. 

2. Define and document how the implementation of a new technology impacts the security posture of the current environment. 

3. Provide input on security requirements to be included in request for proposals (RFPs), statements of work (SOWs), and other procurement documents. 

4. Communicate current and emerging security threats to team members.

General

1. Assist and support other employees, teams, and sales personnel as necessary.

2. Know and apply the Quality System and any appropriate Federal and International standards.

Job Requirements:
Education:

Bachelor’s Degree in a related field from an accredited institution required.

Experience:

•University degree in Computer Science, Information Security, or related field or 7 years relevant experience.

• Minimum of 5 years of experience in Security Analysis. 

• CISSP, SSCP, CAP, CSX-P, CRISC or other relevant security related designation(s) appreciated, but not required.  

Knowledge & Experience 

• Experience applying security best practices in a medical device environment is a major plus.

• Experience in identifying gaps in existing architectures.

• Experience in designing security architectures to mitigate threats. 

• Knowledge of risk management processes and experience in conducting risk assessments. 

• Familiarity with the application of privacy principles to organizational requirements. 

• Knowledge of identity and access management methods. 

• Experience with Windows, Unix, and Linux operating systems.

• Knowledge of business continuity and disaster recovery operation plans. 

• Strong knowledge of software evaluation principles and practices.

• Proven project planning and management experience.

• Good knowledge of applicable data privacy and retention practices and laws.

• Experience in planning and executing security policies and standards development.

• Substantial exposure to data processing, hardware platforms, enterprise software applications, SAAS and PAAS systems

• Knowledge to design, manage and secure data, applications and infrastructure in the cloud using best practices, policies and procedures.

• Knowledge of network access, identity, and access management (public key infrastructure, Oauth, OpenID, SAML, SPML).

• Knowledge of capabilities and applications of network equipment including routers, switches, servers, transmission media, and related hardware. 

• Experience in planning and executing security policies and standards development

• Knowledge of application firewall concepts and functions (single point of authentication enforcement, data anonymization, DLP scanning, SSL security).

• Work experience in cybersecurity designs for systems, networks, and multi-level security requirements or requirements for processing multiple classification levels of data.

• Knowledge of risk management processes and experience in conducting risk assessments.

• Knowledge of identity and access management methods to include SSO and MFA. 

• Experience with Windows and Linux operating systems.

• Knowledge of business continuity and disaster recovery operation plans. 

Functional/Technical Knowledge, Skills and Abilities Required:

• Strong analytical and problem-solving skills capable of managing projects. 

• Exceptional written, oral, and interpersonal communication skills.

• Ability to work in team environments and to negotiate with multiple stakeholders.

• Ability to meet tight deadlines and to prioritize tasks.

• Innovative thinker who is self-directed and resourceful.

• Ability to present ideas in business-friendly and user-friendly language.

• Exceptional service orientation.

Qualifications

Education

Required

Bachelors or better.

 

Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities

The contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor’s legal duty to furnish information. 41 CFR 60-1.35(c)

Contact Information