IT Security Operations Analyst

Here, it's different. Come join us.

Children's Hospital Colorado has defined and delivered pediatric healthcare excellence for more than 100 years.

Here, the nation's brightest nurses, physicians, scientists, researchers, therapists, and care providers are creating the future of child health. With an optimist's outlook, a trailblazing spirit, and a celebrated history, we're making new strides every day.

We've been Magnet-designated four times by the American Nurses Credentialing Center and are consistently recognized among the best of the best pediatric hospitals with #1 rankings in Colorado and the region by U.S. News & World Report.

As a national leader in pediatric care, we serve children and families from all over the nation. Our System of Care includes four pediatric hospitals, 11 specialty care centers, 1,300+ outreach clinics and more than 10,000 healthcare professionals representing the full spectrum of pediatric care specialties.

Here, we know it takes all of us, every role, to deliver the best possible care to each child and family we treat.

That's why we build our teams toward a foundation of equity in access, advancement, and opportunity. We know teams of individuals with different identities and backgrounds can nurture creativity and innovation. We know we can see, treat, and heal children better when our team reflects the diversity of our patient population. We strive to attract and retain diverse talent because we know a truly inclusive and equitable workforce will help us one day realize our most basic calling: to heal every child who comes through our doors.

A career at Children's Colorado will challenge you, inspire you, and motivate you to make a difference in the life of a child. Here, it's different.

This IT Security Analyst Professional is responsible for standard level work supporting the assessment, planning, design, enforcement and auditing of security policies and procedures to safeguard the integrity of and access to enterprise systems, files and data elements. Duties include monitoring, evaluating, maintaining and enforcing systems and procedures.

We are seeking an experienced IT Security Analyst to join our Information Security team. This mid-career role involves complex work in assessing, planning, designing, enforcing, and auditing security policies and procedures to safeguard enterprise systems, files, and data. Responsibilities may include developing, monitoring, evaluating, maintaining, and enforcing systems and procedures. The role focuses on individual contributions and does not have direct lead or managerial requirements.

Key Responsibilities:

• Enhance threat detection and response capabilities.
• Implement and configure Defender and Azure Sentinel for security operations in a healthcare environment.
• Analyze, detect, and respond to evolving security threats.
• Develop, monitor, evaluate, and enforce security policies and procedures.

Department: Information Security

Hours per week: 40, eligible for benefits

Shift: Monday - Friday, 8am-5pm, work hours may vary due to department needs. This position does have some on-call requirements.
*This role is considered hybrid, but does have some onsite expectations.

EDUCATION - Bachelor's degree is required.
EXPERIENCE - Minimum of three (3) years of related experience is required.
EQUIVALENCY - Combination of post-high school education, job related certification and/or related experience equivalent to seven (7) years may be considered in lieu of minimum requirements.

Preferred Qualifications and Experience:

• Experience working on an enterprise team.
• Experience with Endpoint Detection and Response (EDR), Security Information and Event Management (SIEM), and Networking.
• Professional experience with IT systems and solutions for large organizations.
• Security Operations Center experience.
• Incident response experience.
• Excellent analytical and problem-solving skills.

POPULATION SPECIFIC CARE

• No direct patient care.

ESSENTIAL FUNCTIONS
An employee in this position may be called upon to do any or all of the following essential functions. These examples do not include all of the functions which the employee may be expected to perform.

• Assists in conducting vulnerability assessments and identification of potential systems and process vulnerabilities. Assists in identifying security infrastructure requirements.
• Assists with the development and implementation of security policies, procedures and measures to prevent unauthorized access. Audits security policies and procedures and identifies potential areas where existing data security policies and procedures require change.
• Performs security assessments and reviews networking initiatives for security compliance.
• Assists with evaluating and recommending security products for various platforms in the networking environment.
• Responds to alerts from information security tools and reports, investigates and resolves security incidents.
• Educates and communicates security requirements, standards and procedures to all users and new employees. Ensures that user community understands and adheres to necessary procedures.
• Recommends, plans, and implements security system enhancements.
• Ensures compliance with regulations and privacy laws and enforces security policies and procedures.
• Administers and monitors security profiles, reviews security violation reports and investigates possible security exceptions.
• Creates, updates, maintains and documents security controls.
• Responsible for firewall rule change review, network monitoring, and other various network security measures.
• Prepares status reports on security matters and develops security risk analysis scenarios and response procedures.

SCOPE AND LEVEL

• Guidelines: Possesses knowledge of and applies the fundamental concepts, practices and procedures within a particular field of specialization.
• Complexity: Duties and tasks are varied and somewhat complex, but usually involve limited responsibility. Procedures, methods and techniques to carry out work may not be well defined, requiring greater analysis.
• Decision Making: Has some discretion in making some decisions. Decisions and recommendations are made after contemplative analysis and with independent judgment and ingenuity. May escalate the most complex and important decisions to a higher level employee, supervisor and/or manager.
• Communication: Communicates explanatory and/or interpretive information relative to the organization and/or own function with team members, peers, management, clients and in limited cases, the public. Uses some discretion and independent judgment when information is exchanged, gathered and/or presented. Defers to higher level team members and/or management in many situations.
• Supervision Received: Works under some supervision, conferring with higher level employees, supervisor and/or manager as needed.

PHYSICAL REQUIRMENTS

• Vision - Near: clear vision at 20 inches or less
• Weight Lifted/Force Exerted: up to 10 pounds/4.5 kilos, up to 1/3 of time
• Hearing: able to clearly hear details
• Sit: 2/3 or more of time
• Talk: able to communicate verbally
• Mental/Emotional: able to work in close proximity to others and/or in a distracting environment
• Mental/Emotional: able to cope with stress effectively
• Mental/Emotional: able to prioritize effectively

WORK ENVIRONMENT

• Mental/Emotional: able to tolerate ambiguity
• Mental/Emotional: able to prioritize effectively
• Mental/Emotional: may be subject to many interruptions
• Office Work Environment: Regular/frequent exposure
• Bloodborne Pathogen Category 2: Occasional exposure to blood/body fluid

It is our intention that all qualified applicants be given equal opportunity and that selection decisions be based on job-related factors. We do not discriminate on the basis of race, color, religion, national origin, sex, age, disability, or any other status protected by law or regulation. Be aware that none of the questions are intended to imply illegal preferences or discrimination based on non-job-related information.

The position is expected to stay open until the posted close date. Please submit your application as soon as possible as the posting is subject to close at any time once a sufficient pool of qualified applicants is obtained.

Here, you matter. As a Children's Hospital Colorado team member, you will receive a competitive pay and benefits package designed to take care of your needs that includes base pay, incentives, paid time off, medical/dental/vision insurance, company provided life and disability insurance, paid parental leave, 403b employer match (retirement savings), a robust wellness program, and access to professional development tools, including an education benefit to help you advance your career.

As part of our Total Rewards package, Children's Colorado offers an annual employee bonus program that rewards eligible team members based on organizational performance. If organizational goals are met for the year, the bonus is paid out the following April.

Children's Colorado delivers annual base pay increases to eligible team members based on their performance over the previous year.