Certilytics an nnovative company with a dynamic infusion of actuarial, data and behavioral scientists, IT engineers, software developers, nurse clinicians, as well as experts in public health and health insurance industry. We are seeking a Senior Information Security Analyst that wants to be part of an enthusiastic dynamic team working in an entrepreneurial environment where your experience and creativity is recognized. The ideal candidate will thrive in a performance based company that allows flexibility and work life balance. Certilytics is creating new ground-breaking analytic products within healthcare space. We are looking for the right person to join our team as a Data Analyst to work in close cooperation with peers and leadership to help build innovative, performant, secure and maintainable software systems. The Information Security Analyst is responsible for monitoring alerts, logs, dashboards, and tools to identify indicators of compromise, threats, and vulnerabilities. Upon identification of such events, the information is triaged, information gathered, and assigned out for follow-up by appropriate personnel. This role is also responsible for protecting the organization by executing tasks and activities such as reviewing tools or configurations, administering training, performing risk assessments, monitoring threat intelligence feeds, administering change and problem management, and other such operational activity. The IS Analyst also identifies out of parameter measures or metrics from audit and review results, taking remedial action and engaging the appropriate stakeholders. The Information Security Analyst processes requests for assistance with security issues, and requests for security exception. Essential Function Detect * Monitor alerts, logs, and tools to identify indicators of compromise, threats, and vulnerabilities. * Triage suspicious activity or findings, escalating when necessary, and track to ensure follow-up and resolution. Protect * Execute the organizational information security plan, performing tasks and activities prescribed by policy and process, allowing the organizations to take a proactive information security stance. This includes a variety of activity such as administering security awareness training and testing, performing telecommuter risk management assessments, ensuring acceptance to the acceptable use agreement, processing requests for security exceptions, and other similar tasks. * Perform risk management internally to the organization. Identify and prioritize risks, identifying options for remediation, assessing costs and levels of risk, and make recommendations to leadership regarding risk mitigation plans. * Assess risk and make recommendations regarding external third parties, and new technologies. * Host information security-based organizational meetings, such as daily change/problem management, and tactical information security management coordination meetings. * Remediation of control deficiencies where appropriate. * Monitor threat intelligence feeds for information regarding potential threats against the organization, permitting a proactive stance. Escalate findings as required and make recommendations regarding actions to mitigate threats posed. * Identify measures or metrics deviating from acceptable ranges, taking remedial action and engaging appropriate stakeholders. Respond * Serve as an incident management first-tier technical responder. Audit * Participate in responding to risk assessments, requests for proposal, audits, and examinations. * Perform operational and independent information security auditing and reviews. Design * Develop Information security policy, procedures, guidelines, baselines, and standards. * Determine feasibility of meeting security requirements based on contracts or statements of work with external entities and identify deficiencies and methods to remediate. Administrative * Maintains technical currency of job knowledge. * Generate ad hoc reports and queries in security tools as required. * Provide reporting on the state of the organizational security profile and activity. Other duties as assigned. Special Qualifications: (Licenses, certifications, etc) * Associate of (ISC)2 or CISSP certification required. * Once requisite experience for a CISSP is available, obtain and maintain a CISSP certification. * Cloud Computing Security Certifications (e.g., CCSP, CCSK, CompTIA Cloud+, CCA, CCP, AWS Certified Security Specialty, etc.) highly desired. * Other relevant Information Security certifications are desirable, including but not limited to: CompTIA Security+, CompTIA Cyber Security Analyst, Certified Intrusion Analyst (GCIA), Certified Information Systems Auditor (CISA), Certified Information Security Professional (CISP). * Knowledge of or certification in ITIL desirable. Information Security Responsibilities: Role Specific * Hold and maintain a CISSP certification. * Perform a minimum of 40 hours annual security training as plan