Availity delivers revenue cycle and related business solutions for health care professionals who want to build healthy, thriving organizations. Availity has the powerful tools, actionable insights and expansive network reach that medical businesses need to get an edge in an industry constantly redefined by change.

The Information Security Risk Analyst II is a member of the Information Security who will support the enterprise security risk and governance programs. They will help measure the effectiveness of the security controls and ensure they follow industry standards, best practices, HIPAA, HITRUST, and other regulatory requirements. The analyst will help develop and maintain security policies, standards, and baselines. Perform risk assessments and report on a wide range of security related controls across the enterprise.
They will work closely with Legal & Compliance, the IT organization and the other security professionals to assist in the ongoing efforts related to Availity’s security awareness, certifications,  regulatory requirements, security risk and governance programs. They will also be required to carry out other Information Security related activities and projects as specified by their management.

• Assist in the development of the company's security program, policies, and standards.
• Assist in the company’s reporting program detailing our overall security posture
• Analysis of the security threat landscape
• Perform IT security risk assessments of both new and existing in-house and vendor-based systems. Recommend, design, and construct risk/security metrics, policies and standards.
• Manage the remediation of security assessment findings and recommendations.
• Assist with enterprise vulnerability management and calculate the current and residual risk.
• Assist with the development and implementation of the enterprise security awareness programs.
• Administration of the reporting functions of security monitoring systems, assisting in the identification and creation of appropriate reports for delivery to management.
• Assisting in the development and maintenance of appropriate escalation procedures for the different types of alerts that the various monitored systems can generate.
• Assisting with project management for information security projects related overall security objectives and programs.
The above cited duties and responsibilities describe the general nature and level of work performed by people assigned to the job.  They are not intended to be an exhaustive list of all the duties and responsibilities that an incumbent may be expected or asked to perform.
• 4-6 years in the information security field
• Bachelor’s degree in a technology related field or equivalent work experience
• Current information security certifications such as Security+, CISA, CRISC, CISSP preferred.
• High level understanding of computer networks and communications.
• High level experience with a variety of operating systems (Windows/Linux/Unix/Mac) in a functional capacity, and the security principles and applications that apply to those systems.
• Conceptual knowledge of well-known protocols and services like FTP,HTTP,SSH,SMB,LDAP
• Fundamental understanding of the defense-in-depth strategies
• Experience with vulnerability assessment products
• Proficiency in a risk management framework and conducting risk assessments in a regulated environment is desired
• Basic understanding of Enterprise Infrastructure
• Ability to establish and maintain effective working relationships
• Ability to analyze current processes and use judgment to recommend new and innovative processes.
• Knowledge of best practices, HIPAA, HITECH, HITRUST, PCI, NIST, ISO and other regulations and frameworks.
• Ability to manage small projects and implementations with limited supervision.
• A thorough understanding of security controls.
• Ability to work under pressure.  Maintains composure and professionalism in an interrupt-driven environment
• Ability to manage multiple and changing priorities/tasks
• Must be flexible and embrace change
• Excellent communication skills; must be able to interface with all levels of the organization.
• Excellent writing skills; must be able to create extensive documentation regarding information security.
• Open-minded, adaptable and passionate about learning
• Self-Starter with the ability to manage their own tasks into a larger project or program effort.

Availity is an equal opportunity employer and makes decisions in employment matters without regard to race, religious creed, color, age, sex, sexual orientation, gender identity, gender expression, genetic information, national origin, religion, marital status, medical condition, disability, military service, pregnancy, childbirth and related medical conditions, or any other classification protected by federal, state, and local laws and ordinances.

NOTICE: Federal law requires all employers to verify the identity and employment eligibility of all persons hired to work in the United States. When required by state law or federal regulation, Availity uses I-9, Employment Eligibility Verification in conjunction with E-Verify to determine employment eligibility. Learn more about E-Verify at http://www.dhs.gov/e-verify.