Information Security Analyst

Information Security Analyst

Key Responsibilities:

• Implement and maintain ISO 27001:2022 controls and ensure compliance with ISMS requirements.
• Ensure compliance with HIPAA (Health Insurance Portability and Accountability Act) and GDPR (General Data Protection Regulation) requirements for data privacy and protection.
• Monitor and analyze security alerts from various tools, including SIEM solutions.
• Conduct risk assessments and gap analysis aligned with ISO 27001:2022 Annex A controls, HIPAA Security Rule, and GDPR requirements.
• Assist in the development and continuous improvement of the Information Security Management System (ISMS).
• Support internal and external ISO 27001:2022 audits, HIPAA compliance audits, and GDPR data protection assessments, including evidence collection and corrective action implementation.
• Conduct vulnerability assessments and penetration testing to identify security risks.
• Investigate security incidents and support incident response efforts in accordance with ISO 27001:2022 Incident Management, HIPAA Breach Notification Rule, and GDPR Data Breach Notification requirements.
• Implement and maintain security policies, procedures, and controls aligned with ISO 27001:2022, HIPAA, and GDPR.
• Provide security awareness training to employees on ISMS policies, HIPAA security/privacy regulations, and GDPR compliance requirements.
• Collaborate with IT and development teams to ensure secure coding practices, system configurations, and data protection controls.
• Stay updated with the latest security threats, vulnerabilities, and mitigation strategies relevant to ISO 27001:2022, HIPAA, and GDPR compliance.

Required Qualifications & Skills:

• Bachelor's degree in computer science, Cybersecurity, Information Technology, or a related field.
• 5+ years of experience in information security or a related role, with hands-on experience in ISO 27001:2022 implementation, HIPAA compliance, and GDPR data protection.
• Strong understanding of ISO 27001:2022 framework, HIPAA Security and Privacy Rules, and GDPR principles.
• Experience with security tools such as firewalls, SIEM, IDS/IPS, and endpoint protection.
• Knowledge of ISO 27002:2022 controls, OWASP Top 10, secure coding practices, and cloud security principles.
• Hands-on experience with vulnerability management, risk assessment methodologies, and HIPAA risk analysis.
• Certifications such as ISO 27001 Lead Implementer, ISO 27001 Lead Auditor.
• Strong analytical, problem-solving, and communication skills.

Preferred Qualifications:

• Experience in securing cloud environments (AWS)
• Understanding of network security architecture and encryption technologies
• Experience working with Electronic Health Records (EHR) systems or Healthcare experiences.