W2 - Sr Information Security Analyst (IAM, SailPoint, CyberArk, Active Directory, SSO, NIST) - Remote

Duties: REFER TO SCHEDULE NOTES FOR DETAILS AND REQUIREMENTS

Job Summary: The Information Security Senior Analyst has a broad understanding of information security concepts and how to apply and implement them. They serve as a liaison between Information Security, Information Technology, business representatives, and various oversight committees, assisting with developing, communicating, and achieving Mayo's Information Security goals. The Information Security Senior Analyst is considered knowledgeable and skilled in industry standard information security concepts with particular focus on the NIST Cybersecurity Framework, or equivalent.

The Information Security Senior Analyst is knowledgeable, proficient, and experienced in:

-Integrating multiple disciplines (e.g., business / systems process analysis, data analysis, data informatics, risk management, regulatory requirements, and technology) for strategic and operational planning.

-Using problem-solving methods, planning techniques, continuous improvement, project management, and analytical tools and methodologies to achieve Mayo goals.

-Conducting information security assessments.

-Addressing information security questions and inquiries from business, clinical areas, and other OIS teams.

-Ensuring appropriate treatment of cybersecurity risk and monitoring compliance to Mayo's Information Security policies, processes and procedures.

-Creating, supporting, and evaluating security prototypes.

-Administering Information Security processes and tools that enable the organization to operate effectively and efficiently-Creating policies, processes and procedures and guiding them through the approval process.

-Handles a varied workload of projects with multiple priorities.

-Staying current on information security, technology and healthcare trends and institutional changes.

-Using excellent interpersonal skills to include presentation, negotiation, influencing, team facilitation and written communications.

-Effectively managing time.

-Assists with directing the work of Analysts and Associate Analysts.

-Drafting communication of risk and complex cyber security topics to a diverse audience.

Additional qualifications may apply (see additional experience and/or qualifications):

-Organizational Change Management particular focus on Procsi's ADKAR model

-Project Management particular focus on the Project Management Body of Knowledge (PMBOK)

-Business Analysis particular focus is on the Business Analysis Body of Knowledge (BABOK)

Skills: Required Skills & Experience:-See Education Section for Required Experience.--Pertinent fields of study and experience includes (but is not limited to) the following: -Information security, operational analysis, process change, electronic systems implementation, leadership, systems analysis and project management with broad-based key enterprise initiatives. Preferred Skills & Experience:-N/A

Education: Required Education:-Master's degree in applicable field and four (4) years' experience.OR-Bachelor's degree in applicable field and five (5) years' experience. Preferred Education:-N/A

Required Certifications & Licensure:--Must have one of the following certifications (or equivalent) at time of hire: -CISSP-CISM-HCISPP-GSEC-OSCP-In lieu of certification at time of hire, candidate must pass the exam within three years and complete the certification process once years of service requirements of the certifying body have been met. Preferred Certifications & Licensure:-N/A

Schedule Notes: This role will be consulting during the building of the Identify Data Fabric by contributing and ensuring data requirements are met. This role will also define the reporting outcomes to represent current risk, improve decision making in the Identity platform and provide recommendations for the role-based access initiative. This role will provide consulting during the building of the data fabric, ensuring data requirements are met. This position will help define reporting outcomes and improving decision-making processes. This position will help ensure the availability of data elements for operational metrics and decision-making. This position will work with relational databases to pull information and make decisions. This position will help provide understanding and reporting data from tools like Cyber Ark and Seal Point, and integrating additional tools. This position will help in developing, maintaining, and implementing policies related to IAM cybersecurity governance. This position will help in providing understanding governance, compliance to policy, and role-based trends monitoring.

- Comprehensive knowledge across Identity and Access Management concepts.

- IAM technical experience (i.e. familiar with SailPoint, CyberArk, etc).

- Solid understanding of IAM technologies (e.g., Active Directory, SSO, MFA, PAM tools).

- Familiarity with regulatory frameworks and standards like NIST, ISO 27001, COBIT, and SOC 2.

- Ability to develop, maintain, implement IAM policies and procedures.

- Understanding of data governance principles and practices.

- Ability to identify, assess, prioritize and quantify IAM-related risks effectively.

- Understand role-based access control and other access control mechanisms.

- Implement key risk indicators (KRIs) for IAM and produce reports for leadership on IAM-related risks and trends.

- Proficiency in IAM monitoring and reporting tools, as well as GRC platforms.

- Excellent analytical, problem-solving, and communication skills. If selected for full time Mayo employee role, the candidate must have one of the following certifications (or equivalent) at time of hire. In lieu of certification at time of hire, candidate must pass the exam within three years and complete the certification process once years of service requirements of the certifying body have been met. CISSP, CISM, GSEC, OSCP. Mayo will provide equipment

Hours Per Day: 8.00
Hours Per Week: 40.00