IT Info Security Anlst III

Company: ARUP Laboratories
Location: Salt Lake City
Posted on: May 15, 2022

Job Description:

Schedule:Monday - Friday (40 hrs/wk)8:00 AM - 5:00 PMDepartment:IT System Services Admin - 216Primary Purpose:Develops, implements, reviews and monitors the information security program and related policies and procedures as directed by the Information Security Officer. Recommends, tests, and implements new, or improvements to existing, security related tools and processes. Leads the detection and resolution of information security incidents, audits and reporting to appropriate internal groups. Monitors information security compliance using a variety of tools and systems. Advise the Information Security Officer surrounding HIPAA/HITECH and other regulatory requirements and with other security related issues.About ARUP:ARUP Laboratories is a national clinical and anatomic pathology reference laboratory and an enterprise of the University of Utah and its Department of Pathology. Based in Salt Lake City, Utah.ARUP proudly hires top talent to create a work environment of diversity, professional growth and continuous development. Our workforce is committed to the important service we provide to over one million patients each month. We always strive for excellence and have a strong desire to have involvement with the advances in medicine and the role laboratory services plays within each patient's life. We never forget that there is a patient behind every specimen we receive.We are looking for individuals who want to contribute to ARUP's culture of accountability, integrity, service, and excellence. Consider joining our dynamic team.Essential Functions:Understand the company information security objectives, policies, processes, and procedures and be able to assist in implementation, maintenance and improvement of the corporate wide information security program.Ensure compliance with those regulatory guidelines that ARUP and Healthcare is required to adhere to and keep up to date on changes to these guidelines that will impact the existing information security programs that are in place.Evaluate regulatory and legal changes and suggest modifications to existing program or additions to help protect ARUP users, systems and clients.Work closely with other corporate teams, quality and compliance, Legal Counsel, Finance, Executive, etc., to help resolve and assist with internal and external audits, legal holds and other events that require representation from an information security prospective.Work closely with other IT teams to identify, test, implement and administer technologies that will help to protect the information contained within ARUP's entire information resource infrastructure.Perform periodic per-platform or wide area risk assessments, security reviews and audits to ensure regulatory and security requirements, this could include but is not limited to patch management, change control practices, IDS and firewall monitoring, user access controls, etc. Report results to correct groups and assist in determination of a plan to resolve any issues discovered. Follow-up to ensure those resolutions are taken to completion, documented and ensure they are implemented appropriately and resolve deficiencies.Investigate, remediate, and document any information security related breaches, events or disclosures. Ensure that all required and appropriate personnel are kept updated and informed of progress and related incidents.Perform monitoring and administration of a variety of information security tools and ensure they are running correctly and reporting appropriately. Resolve issues discovered or work with product owners to resolve issues. Review ways to resolve reoccurring incidents on a permanent basis with limited user impact. This will include Anti-virus, patch management, compliance auditing, information security vendor maintenance and other methods as assigned.Conduct security investigations and computer forensic analysis as needed, respond to security emergencies both during and after business hours.Develop and maintain a corporate software licensing compliance program, which includes required documentation, policies and procedures. Ensure program is monitored and audit compliance at a corporate level on a regular basis for the software products used.Participate as an active member of any information security or privacy team as assigned.Participate in any ongoing corporate information security awareness training, notifications and updates.Keep abreast of information security trends, technologies, and issues.Perform project leadership tasks on select security projects as assigned.Other duties as assigned.Physical and Other Requirements:Stooping: Bending body downward and forward by bending spine at the waist.Reaching: Extending hand(s) and arm(s) in any direction.Mobility: The person in this position needs to occasionally move between work sites and inside the office to access file cabinets, office machinery, etc.Communicate: Frequently and effectively communicate with others.PPE: Biohazard laboratory environment that requires use of personal protective equipment in accordance with CDC and OSHA regulations and company policies.ARUP Policies and Procedures: To conduct self in compliance with all ARUP Policies and Procedures.Medium Work: Exerting up to 50 pounds of force occasionally, and/or up to 30 pounds of force frequently, and/or up to 10 pounds of force constantly to move objects.Fine Motor Control: Picking, pinching, typing or otherwise working, primarily with fingers rather than with the whole hand as in handling.Vision: Having close, far, and peripheral visual acuity to perform a variety of tasks such as make general observations of depth and distance.Color Vision: Perception of and ability to distinguish colorsContinuing Education: Continual assessment of current literature and best practices.Equal Opportunity Employer/Protected Veterans/Individuals with DisabilitiesThe contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor's legal duty to furnish information. 41 CFR 60-1.35(c)

Keywords: ARUP Laboratories, Salt Lake City , IT Info Security Anlst III, Other , Salt Lake City, Utah