Analyst III, Security - GRC

Concentra is recognized as the nation's leading occupational health care company.
With more than 40 years of experience, Concentra is dedicated to our mission to improve the health of America's workforce, one patient at a time. With a wide range of services and proactive approaches to care, Concentra colleagues provide exceptional service to employers and exceptional care to their employees.

The Analyst III, Security - GRC will be responsible for establishing and implementing security policies, standards and guidelines related to all information systems. The Security Analyst will also be responsible for conducting investigations into any alleged computer or network security compromises, incidents, or problems. Responsibilities of this position include the monitoring of compliance to NIST CSF, HIPAA, SOX, and PCI security requirements as well as the development and maintenance of internal controls, security policies and procedures. The Security Analyst will provide secondary support for the Information Service Department, while delivering quality customer service. A good handle and knowledge of
Cybersecurity Frameworks, Risk Management and IT Audit principles will be beneficial in this role. The position will be assigned complex, and comprehensive tasks and projects and will be expected to effective leverage their established subject matter expertise to drive progress and to overcome obstacles.
They must illustrate an additional level of ownership and individual accountability of assigned initiatives. This position will be expected to effectively interact with senior business leaders. Challenged with ensuring that state-of-the art security techniques are employed to maintain the highest level of security for all platforms and applications maintained by the company while at the same time not compromising
system efficiency. In addition, the Security Analyst must resolve any security incident in a timely manner. This position will also be responsible for identifying opportunities for process and technology enhancements and communicating those opportunities as well as their proposals to implement them to management.

Identify information protection goals and objectives within the scope of a strategic plan. This should be reviewed on an annual basis.
• Strong ability to review security agreements, Data Processing Agreements, customer security addendums and/or support master service agreements review with legal department.
• Implement and administer security management practices and monitoring tools.
• Ensure platform level compliance to information security policies, standards and best practices through a security monitoring and compliance review program.
• Create, maintain and update disaster recovery procedures and the Configuration Management Database (CMDB) when changes in hardware or applications occur.
• Identifies risks and design internal controls to mitigate the risks.
• Performs assessments on internal controls and reports on compliance.
• Performs Risk Assessments and identifies gaps for remediation.
• Keep abreast of "state of the art" security techniques to advise systems designers and users on security methods that best implement stated policy and standards.
• Lead investigation efforts into any alleged Enterprise, computer or network security compromises, incidents, or problems under the direction of leadership.
• Provide support in defining, updating and standardizing systems configurations for all applications; and thoroughly test any modifications prior to deployment to ensure disruptions to operations are not caused by those changes.
• Develop reports, upon request, utilizing various report-writing tools in all applications
• Recognize and identify potential areas where existing policies and procedures require change, or where new ones need to be developed, especially regarding future business expansion and recommend ways to improve them to management.
• Monitor servers and networks to detect possible intrusion attempts. Report on any security violation related to the unwarranted access to corporate data.
• Ensure compliance to HIPAA, SOX, and PCI security requirements.
• Guarantee that all applications and system related problems are resolved in a timely and efficient manner.
• Maintain awareness of the rapidly changing Concentra environment and recommend cost efficient techniques when supporting corporate and field systems.
• Support the mission of and direction of Concentra both within the department and throughout the corporation.
• Build team spirit by assisting and coaching other staff members.
• Completion of any activities, tasks, and projects as defined.
• Ensure all changes comply with the Change Management policies and procedures.
• Assist with issues and problem management activities to ensure that information security concerns are incorporated into information technology development efforts.
• Take lead role in the User Access Request process for projects including application rollouts, acquisitions, joint ventures, and other business expansions.
• Monitor the Medical Device Security lifecycle.
• Experience with data loss prevention tools and analysis is highly desired.
• Strong knowledge of third-party security management. Ability to review third-party security and audit reports is a must.
• Ensure compliance and adherence to business continuity and disaster recovery plans
• Provide support in the following areas:
• Security Risk Management
• Business Partner Risk Management
• Vulnerability Management
• eDiscovery process
• Issues and deviations management from audits and assessments
• Impact assessments

• Education Level: Bachelor's Degree
• Major: Business Systems, Computer Science, Security Risk Analysis, Cybersecurity and/or Information
  Technology
• Degree must be from an accredited college or university.

Job-Related Experience

• Customarily has at least the following experience:
  8 years
• Proven experience making impactful contributions to successful projects.
• Track record in assessing security gaps, IT Control design and implementation.
• Experience with a GRC tool such as AuditBoard, Workiva etc.
• Large-scale multi-site IS operations experience.
• PC Hardware and peripheral experience
• Knowledge of Microsoft productivity applications.
• Knowledge of browser-based technology.
• Understanding of operating systems such as Windows and OS X/iOS.
• Strong understanding of HIPAA, Data Privacy, SOX, and PCI Security Regulations a plus.
• Understanding of applicable control frameworks including, NIST RMF/CSF, HITURST, ISO, COBIT a plus.
• Experience with security administration and network monitoring tools.
• Understanding of Essential Security Business Practices.
• Experience with managing personal and enterprise firewalls a plus.
• Excellent report writing, Project Management and leadership engagement skills a plus.
• Healthcare experience a plus.
• CISSP, CISA, CISM or CRISC is a plus

Job-Related Skills/Competencies

• Concentra Core Competencies of Service Mentality, Attention to Detail, Sense of Urgency, Initiative and Flexibility
• Ability to make decisions or solve problems by using logic to identify key facts, explore alternatives, and propose quality solutions
• Outstanding customer service skills as well as the ability to deal with people in a manner which shows tact and professionalism
• The ability to properly handle sensitive and confidential information (including HIPAA and PHI) in accordance with federal and state laws and company policies
• Proven experience making impactful contributions to successful projects.
• Requires superior teamwork skills.
• Strong interpersonal and communication skills a must; ability to read, write, and speak in a professional manner.
• Excellent analytical and problem solving skills are essential.
• Must possess a personal sense of urgency.
• Ability to effectively multi-task and adapt to changing business priorities.
• Superior customer service skills.
• Excellent time management and organizational skills are required.
• Superb attention to detail.

• 401(k) Retirement Plan with Employer Match
• Medical, Vision, Prescription, Telehealth, & Dental Plans
• Life & Disability Insurance
• Paid Time Off
• Colleague Referral Bonus Program
• Tuition Reimbursement
• Commuter Benefits
• Dependent Care Spending Account
• Employee Discounts

We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation, if required.

*This job requires access to confidential and sensitive information, requiring ongoing discretion and secure information management*

Concentra is an Equal Opportunity Employer, including disability/veterans

Concentra is an equal opportunity employer that prohibits discrimination, and will make decisions regarding employment opportunities, including hiring, promotion and advancement, without regard to the following characteristics: race, color, national origin, religious beliefs, sex (including pregnancy), age, disability, sexual orientation, gender identity, citizenship status, military status, marital status, genetic information, or any other basis protected by federal, state or local fair employment practice laws.