Information Security Threat, Vulnerability & Risk Analyst

Information Security Threat, Vulnerability, and Risk Analyst Information Security Threat, Vulnerability & Risk Analyst Who are we? Versant Health is one of the nation’s leading administrators of managed vision care, serving millions of our clients’ members nationwide. We are driven by our mission to help members enjoy the wonders of sight through healthy eyes and vision. As a Versant Health associate, you can enjoy a comprehensive Total Rewards package, which includes health and dental insurance, tuition reimbursement, 401(k) with company match, pet insurance, no-cost-to-you vision insurance for you and your qualified dependents. We are also invested in your success. There are many opportunities for advancement and development throughout all stages of your career with us. See how you can make a difference with the support of strong leadership and a team environment. See Everything, Be Anything™. What are we looking for? Reporting to the Manager, Information Security - Threat, Vulnerability, and Risk, the Information Security Threat, Vulnerability, and Risk Analyst is responsible for the secure design and compliance of enterprise architecture to effectively and securely support the organization in meeting specific information security and business technology needs. The Analyst will ensure compliance with the organization’s vulnerability patch management program, information security requirements and controls, identify gaps in our security defenses, and perform assessments of existing and incoming vendor solutions and consulting engagements which impact organizational systems, networks and/or data. These measures include, but are not limited to, assessing infrastructure assets and providing best practices to stakeholders. Where you will have an impact Conduct recurring vulnerability scans; Audit and track mitigation activities through to completion Conduct both self-assessments and coordinate third party risk assessments of technology infrastructure and operational processes and controls for assigned areas Conduct scheduled, targeted (in response to advisories and remediation verification), and ad-hoc IT compliance checks and vulnerability scans for the Versant Health global enterprise Investigate and validate risk levels associated with vulnerabilities identified via vulnerability scanning tools (Qualys, Kenna, Armis, etc.) Provide remediation guidance and recommendations; Coordinate with Development Operations, IT, and other teams as needed to provide oversight to the remediation and/or mitigation of enterprise vulnerabilities Maintain and enhance the existing IT and vulnerability management infrastructure, including maintenance of scanning tools, licensing, procedures, reporting, and associated communications (downtimes, upgrades, report changes, etc.) Identify security gaps within our enterprise systems that would not otherwise be detected by a scanning solution in target systems, networks, and applications to support the organization in improving existing security controls and mechanisms Create processes and workflows for all aspects of IT compliance auditing and vulnerability management. Work with cross-functional teams to improve processes, workflows, and operational efficiencies Utilize proven/reputable sources to maintain an awareness of prevailing and emerging vulnerabilities to proactively address vulnerabilities Provide recurring and ad-hoc vulnerability reports upon request Establish appropriate vulnerability management calendar, schedule engagements, and track activities to completion; Maintain documentation of scans and activities Provide updates and track remediation of risks added to the Information Security Risk Register Perform additional duties as assigned What’s necessary to do the job? Education Bachelor's Degree Required Notes: An equivalent combination of education and experience will be considered in lieu of a bachelors. Experience 3 Years Required Notes: 3+ years of Information Security experience, particularly in Security Engineering and Security Operations required Experience with cybersecurity vulnerability management and analysis and compliance monitoring required Working understanding of the use of vulnerability detection/identification tools such as Qualys, Tenable, etc. required Experience working as part of a patch management process and a familiarity with patching tools (i.e. SCCM, JAMF, KACE, etc.) required Desktop, server, application, database, and network security hardening principles and practices for threat prevention required Knowledge of methods for on-going evaluation of the effectiveness and applicability of information security controls (e.g., vulnerability testing, and assessment tools) required Ability to understand information security and information technology risks associated with vulnerability testing, patch management, and secure configuration management required Ability to analyze and prioritize vulnerabilities to appropriately characterize threats and provide remediation advice required Familiarity with classes of vulnerabilities, appropriate remediation, and industry-standard classification schemes (CVE, CVSS, CPE) required Experience in IT controls monitoring for regulatory and compliance requirements like CIS, HITRUST, SOC 2, and/or NIST preferred Licenses and Certifications CompTIA Security+, CompTIA Cybersecurity Analyst+, or Certified Cloud Security Professional (CCSP) Preferred Notes: HIPAA & Security Requirements All Associates must comply with the Health Insurance Portability Accountability Act of 1996 (HIPAA) as it pertains to disclosures of protected health information (PHI) as described in the Notice of Privacy Practices and HIPAA Privacy Policies and Procedures. As a component of job roles and responsibilities, Associates may have access to covered information, cardholder data or other confidential customer information which must be protected at all times. As a result, Associates must explicitly adhere to all data security guidelines established within the Company’s Privacy & Security Training Program. Versant Health will never request money from candidates who seek employment with us and will never ask for any payment as part of the recruitment process. Versant Health is a proud Equal Employment Opportunity and Affirmative Action employer dedicated to attracting, retaining, and developing a diverse and inclusive workforce. All qualified applicants will receive consideration for employment at Versant Health without regards to race, color, religion, sex (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity or expression, age, disability, national origin, marital or domestic/civil partnership status, genetic information, citizenship status, uniformed service member or veteran status, or any other characteristic protected by law. The wage range for applicants for this position is $100,000.00 to $ 110,000.00. All incentives and benefits are subject to the applicable plan terms. Apply tot his job