Qualifacts Systems Incorporated

Senior Information Security Analyst

Security Analyst in Nashville, TN

Posted 2020-03-05

We Make a Difference
As one of the top behavioral health EHR providers in the country, Qualifacts Systems, Inc. has been changing the health care industry since our founding in 2000. A 5-time honoree on the Inc. 5000 list, we have an entrepreneurial spirit born from our start-up roots, and an amazing team of down-to-earth people who are empowered to be successful in their jobs every day.

Collaboration with industry leaders and mentors is a routine part of what we do, with the focus of making a meaningful impact in people’s lives. Our people get the best from themselves and their peers in an open and supportive environment. Join us and Make a Difference!

Life at Qualifacts
Operating from the 22nd and 23rd floors of the UBS Tower in downtown Nashville, we’ve worked hard to build a strong culture built on our core values of integrity, accountability, passion, compassion and collaboration. We know a lot of companies say similar things because they are easy things to say. Living up to those values is a different matter, and according to our most recent engagement survey, 80% of our employees say we do.

Like other companies, we offer competitive salaries, comprehensive medical, dental, and vision plans, a robust PTO plan, 401(k) plan with matching, and other goodies that are essential for downtown Nashville, such as free parking and Starbucks coffee. Qualifacts has created an atmosphere where our people can focus on what’s important: empowering our behavioral healthcare partners to achieve better outcomes.

But don’t get the idea that we are all work and no fun. Our environment is casual because it’s important to us that everyone feel comfortable being themselves. We celebrate our successes and achievements, and host relaxing get-togethers and team building events. From lunch and learn sessions to on-site training to volunteer days, we provide opportunities to learn and to grow, and to Make a Difference in the community.

About the Position
As a Senior Information Security Analyst, you will collaborate with internal stakeholders, internal subject matter experts, and engineering teams to create internal security solutions that will improve protection of our customers and QSI Team Members sensitive data in order to provide a secure platform that also complies with various regulations and standards. The SISA has a strong understanding of Information Security concepts and thinks creatively, working from initial concept to the comprehensive solution analysis, identifying alternatives and defining unique security solutions. The SISA must prioritize and plan work, as well as proactively manage conflicts and priorities associated with executing multiple simultaneous security task/activities. The SISA is a model team player with superior interpersonal skills, diplomatic, with the mentality of a win-win relationship builder and mentor. The SISA is able to establish effective professional working relationships with co-workers, customers and vendors in order to successfully execute on the overall Information Security strategy.

Primary Responsibilities
Supports the Information Security Compliance Manager and provides coordination for performing security audits and creation of documentation and remediation plans. Documents and reports on existing controls to support internal and external audit activities.
Facilitate security risk assessments of functional areas to identify areas of risk and vulnerabilities and recommends alternative strategies.
Develops and manages metrics to track and ensure QSI functional are in compliance with internal and external policies, standards and regulations.
Maintains all QSI Information Security reporting and dashboards including vulnerability counts, remediation assignments, remediation completion, incidents, etc.
Works in conjunction with the Security Operations Center (SOC) to compile reporting relative to incidents, resolution time, remediations requirements, etc.
Manages security awareness content and manages phishing campaigns by providing orientation, training, and on-going communication.
Creates security documentation and provides training content to different teams to enhance awareness of vulnerabilities and other security related issues in an effort to reduce those risks.
Provides ongoing support for maintaining security-related policy, plans, and procedural documentation.
Supports Information Security Compliance Manager with Information Security and systems risk analysis internally and with third party Risk Assessors
Leads Information Security discovery sessions with stakeholders to champion security requirements and ensures the results of software development complies with security specifications.
Evaluates management and technical controls to ensure security/compliance requirements are met through documenting processes/procedures and technical security monitoring.
Collaborates on IT projects to make sure that security policy/risk issues are being addressed.
Support the development, governance, publishing and monitoring security and privacy policies
Serves as a security lead for small technical security projects. This includes communicating across technical organizations and creating discrete design, testing, and deployment plans.
Oversee change management process for security related initiatives to ensure compliance.

Key Qualifications
Bachelor's degree in Computer Science, Information Security, or related field from a four year college or university required.
4+ years’ as an Information Security Analyst working directly with infrastructure and software engineering teams achieve, monitor and maintain a strong Information Security posture
3+ years in developing and managing information security policies in accordance with industry regulations
2+ years’ working directly with IT Leadership, subject matter experts, and/or customer defining security requirements and specifications for infrastructure and application engineering teams.
2+ years of security related experience with various security tools or configuring security related hardware.
2+ years’ experience defining security solutions involving transformation from legacy platforms
Strong understanding of security audit methodologies with the management of audits with third parties.
Working knowledge of IT security-related regulations/standards
Familiarity and experience with interpreting state or federal requirements/regulations and providing specific guidance to IT teams to meet regulatory requirements
Working knowledge of IT functions, specifically understanding system production structure/controls, change management and software development processes.
Capable of identifying management, IT system, and operational issues and trends and developing solutions including creating materials, documentation, systems, processes/procedures, and policies in support.
Requires excellent technical, policy and procedural writing skills
Requires excellent reporting and presentation skills

Additional Preferred Qualifications
Master's degree in Computer Science, Information Security, or related field from a four year college or university.
One or more of the following certifications:
CISSP – Certified Information Systems Security Professional
CISA – Certified Information Systems Auditor
CISM – Certified Information Security Manager
CRISC – Certified in Risk and Information Systems Control
PMP – Project Management Professional
2+ years of experience as an Information Security Analyst within the healthcare technology sector
Knowledge and understanding of regulatory compliance standards, particularly SOC1 and Service Organization Controls (SOC), HIPAA, HITrust, FedRAMP, Federal Information Security Management Act (FISMA), NIST Cyber Security Framework (CSF), NIST 800 series
Experience with working with Tenable products such as Tenable.sc, Nessus, Tenable.ioExperience with working with Whitesource open source scanning tools
Experience with working with Checkmarx static code scanning and dynamic code scanning

Qualifacts provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, sex, national origin, age, disability or genetics. We believe in providing employees with a work environment free of unlawful discrimination and harassment. In addition to federal law requirements, Qualifacts complies with applicable state and local laws governing nondiscrimination in employment in every location in which the company has facilities. This applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training.

Ready to be seen?

Apply now to have the opportunity to be considered for similar jobs at leading companies in the Seen network for FREE.

Be seen in a new Security Analyst job

Skip the search

Zero stress and one profile that can connect you directly to 1000s of companies.

Best-fit jobs—for you

We’ll take it from there. After you tell us what you’re looking for, we’ll show you off to matches.

Free Career Coaching

Boost your interview skills, map your tech career and seal the deal with 1:1 career coaching.

You get tech. We get you.

Join now and be seen.