Security Analyst

📋 Description

• • Join Altera, a distinguished member of the N. Harris Computer Corporation family, and play a pivotal role in shaping the future of health IT solutions. At Altera Digital Health, we are at the forefront of a new era in healthcare technology, where innovation and expertise converge to elevate care delivery and foster healthier communities globally. We are seeking a dedicated and skilled Security Analyst to become an integral part of our Corporate IT Security Team, contributing significantly to our expanding risk program.
• • This is a unique opportunity to make a substantial impact by strengthening our overall security posture, maintaining our ISO certification, and strategically positioning Altera for sustained future growth. As a Security Analyst, you will leverage your deep expertise in risk management, security frameworks, and compliance to provide comprehensive support across all Altera group of companies. Your role will involve effective communication with a diverse range of stakeholders, from technical teams to executive leadership, ensuring alignment and understanding of security initiatives.
• • Your responsibilities will encompass a broad spectrum of critical security functions:
• • *Risk Assessment & Analysis:**
• • Conduct thorough risk and security assessments for a wide array of assets, including applications, databases, servers, and network hardware. Your objective will be to identify, evaluate, and prioritize potential risks, ensuring that critical vulnerabilities are addressed proactively.
• • Assess potential risks and vulnerabilities to establish robust security baselines. You will also be responsible for assisting with deviation responses, ensuring that any departures from established security standards are managed effectively.
• • Perform detailed risk assessments against key compliance standards such as HIPAA and PCI, as well as recognized security frameworks including NIST, CIS, and ISO 27001. This ensures adherence to industry best practices and regulatory requirements.
• • Evaluate emerging technologies to determine their suitability and integration within our existing security architecture, ensuring that new innovations do not introduce undue risk.
• • Review security controls meticulously before any hardware or software is deployed to production environments, guaranteeing that security is embedded from the outset.
• • Collaborate closely with business units to review vendor security practices and ensure full compliance with all applicable regulations and contractual requirements.
• • *Remediation & Incident Response:**
• • Provide clear, actionable recommendations designed to mitigate identified vulnerabilities and significantly strengthen our overall security posture.
• • Develop and execute comprehensive remediation plans for all identified issues, risks, or vulnerabilities, ensuring timely resolution and risk reduction.
• • Analyze, assess, and diligently track security incidents, ensuring a systematic approach to managing and resolving security events.
• • Develop and maintain standardized operating procedures for responding effectively to identified threats, ensuring consistency and efficiency in incident handling.
• • Monitor system activities and events in real-time to detect, classify, and respond rapidly to potential threats, minimizing potential damage.
• • Work collaboratively with the broader information security team to support incident escalation processes and ensure effective remediation.
• • *Governance & Strategy:**
• • Advise on security architecture for both new and existing systems, ensuring strict alignment with industry best practices and internal company policies.
• • Oversee risk management related to access control, including regular auditing of controls and recommending strategic improvements to enhance security.
• • Develop and maintain comprehensive risk registers and other essential risk management documentation, providing a clear overview of the organization's risk landscape.
• • Monitor and report on the effectiveness of implemented risk mitigation strategies, providing insights for continuous improvement.
• • Support the development and rigorous testing of disaster recovery and business continuity plans, ensuring organizational resilience.
• • Contribute to the development and achievement of strategic security objectives, aligning security initiatives with business goals.
• • *Collaboration & Awareness:**
• • Collaborate effectively with various IT teams to resolve information security issues in a timely and efficient manner.
• • Participate actively in annual security audits, incident response exercises, and compliance reporting activities, ensuring preparedness and adherence.
• • Oversee the security awareness program, which includes conducting phishing campaigns, delivering training, and tracking compliance, fostering a security-conscious culture throughout the organization.