Vitalant is seeking a dedicated Sr. Information Security Analyst to help protect the digital foundation of our life-saving mission. As a key member of our security operations team, you'll play a critical role in identifying and addressing potential threats to Vitalant's digital information and network infrastructure. By assessing risks, advising on secure architecture, and collaborating across teams, you'll help ensure that our systems stay strong, so we can continue our mission of bringing life-transforming donations to those in need.
What to Expect
Our comprehensive total rewards support you, your family, and your future with:
Medical, dental, and vision insurance
401K + 5% company match
Tuition assistance up to $5k per year
Free basic life and AD&D insurance
Free short-and-long-term disability insurance
Paid time off
Employee Resource Groups
Recognition and perks
As a Sr. Information Security Analyst, you'll get to:
Support information security functions across the enterprise.
Define security best practices and provides guidance to Enterprise Application and Infrastructure teams for continuous process improvements.
Assess proposed application solutions for adherence to documented company standards, policies and regulatory responsibilities.
Responsible for being familiar with Vitalant's IT security functions and tools such as network security, firewalls, email security, MFA, Intune, etc..
Collaborate with Infrastructure Operations team to reduce risks to information assets by recommending/implementing controls e.g. encryption, network segmentation, access controls, patch and vulnerability management.
Participate in incident response and investigations of suspected information security and privacy events, misuse or compliance reviews.
May perform assessments to ensure use of established security policies and practices
Analyze current attack trends, technologies, and methodologies and design and implement technical and process-oriented countermeasures.
Assess emerging technologies against security architecture to determine where they fill gaps, overlap with existing solutions or extend capabilities.
Participate in assessment and mitigation of phishing emails from external sources and supporting internal phishing education and awareness campaigns.
Responsible for all or parts of information security threat detection and response, vulnerability management of traditional networked and Internet of Things (IoT), leveraging capabilities of a third-party SIEM, and supporting data identification, classification, and loss prevention.
Responsible for managing vendor relationships and contracts
Manage relationships and collaboration with external partners such as CISA, HISAC, CIS, and InfraGuard.
Responsible for identifying and completing information security roadmap goals and overseeing specific functions within the information security program.
Update and maintain assigned portion of the information security risk register.
Requirements
Knowledge/ Education
Bachelor's degree or equivalent combination of education and experience required.
Licenses/ Certifications
Relevant information security certification (e.g. GIAC, CISSP) from a nationally recognized organization required. or willingness to obtain with first year of employment.
Experience
Eight years of progressive experience in Information Technology, Cybersecurity, Information Security, Information Assurance, related roles required.
Experience in Information Security, including firewall, intrusion detection/prevention systems, anti-malware products, forensics tools, data encryption, data loss prevention (DLP), virtual private networks (VPN), vulnerability management, multiple operating systems (Windows, UNIX, Linux, etc.), and directory services (Active Directory, LDAP), cloud security, artificial intelligence (AI), Internet of Things, leveraging managed detection and response, zero trust architecture (ZTA), identity and access management (IAM), and malicious phishing campaigns preferred. Experience working in a regulated environment, preferably healthcare preferred.
Skills/ Abilities
Must possess the skills and abilities to successfully perform all assigned duties and responsibilities.
Must be able to maintain confidentiality.
Demonstrated understanding of networks and protocols, Microsoft O365 environment, cloud security, artificial intelligence (AI), data loss prevention, secure development lifecycle, MITRE ATT&CK framework, and risk management.
Demonstrated understanding of NIST Cybersecurity Framework, NIST 800-53, CIS Critical Security Controls, HIPAA Security Rule, and risk management fundamentals.
Strong business analysis skills.
Ability to work and communicate effectively in a collaborative team environment and as an individual contributor.
Resourceful, creative, innovative, results driven and adaptable.
Summary
About Us
Vitalant is one of the nation's largest nonprofit blood and biotherapies healthcare organizations, providing hospitals and patients across the U.S. a safe blood supply, specialized laboratory services, transfusion medicine expertise and world-renowned research. We have a network of 115 donation centers across the U.S. and host approximately 60,000 bl ood drives annually. Vitalant provides blood and special services to patients in more than 900 hospitals across the U.S. where millions of people depend on blood donations from our generous donors.
Vitalant is committed to fostering a diverse and inclusive workplace built on a foundation of respect, integrity, teamwork, and excellence. Through our DEI strategic plan, we create opportunities for employees of all backgrounds to feel valued, seen and heard. We believe this mission drives creativity and innovation, as employees experience an environment conducive to personal growth and career development.
EEO/Minorities/Females/Disabled/Veterans
Our organization is an equal employment/affirmative action employer. If you need accommodation for any part of the employment process because of a medical condition or disability, please send an e-mail to Careers@vitalant.org to let us know the nature of your request.
For more EEO information about applicant rights click here
