Information Security Analyst
Information Security Analyst - IAM Audit Response Coordinator
KP is seeking an exceptional Information Protection professional to work with Kaiser Permanente's Identity and Access Management (IAM) area. This position will work with the IAM solution delivery team on the development, implementation, communication, monitoring and maintenance of information security policies and procedures which promote a secure and uninterrupted operation of all data processing systems. The access audit reporting coordinator position is responsible for gathering, compiling, editing and presenting workforce access policy data (who had access to what, when, and when it was revoked/terminated) as needed to respond to audits, testing and various access reporting requests. Essential Functions: - Gathers user access data from other Information Security groups. - Provides statuses about end user access to end users, end user management and higher level resources. - Facilitates interactions with auditors and testers, ensuring the necessary data is provided in an effective and efficient way. - Recommends and/or assists in the development and implementation of Information Protection policies, standards, procedures, and guidelines. - Assists in development of policy and standards for Information Protection. - Ensures that KP-IT security systems are in compliance with KP-IT policies. - Conducts periodic security compliance reviews. - Works with other KP-IT staff to assess security system modifications required due to other system changes. - Reviews security logs and violation reports and follows-up as appropriate. - Assesses the development, testing and implementation of appropriate Information Protection controls. - Participates with internal and external audit staff to assess the effectiveness of the KP-IT security program. - Plans and implements recommended enhancements to the KP-IT security program. - Assists with supervising and training of subordinate staff members. - Assists in developing and maintaining training programs for individuals responsible for data security and confidentiality. - Assists in developing Information Protection awareness programs and performs Information Protection training. - Communicates security incidents expeditiously, both internally and externally, according to guidelines. - Assists with facilitation of risk analysis with business units. Qualifications: Basic Qualifications: - Bachelor's degree in a related field and/or a minimum of 4 years of equivalent work experience. - A minimum of 5 years ofInformation Technology (IT) experience including development, implementation, communication, monitoring and maintenance of information security policies and procedures. - A minimum of 3 years ofInformation Security experience including administering user security and reporting on user access. - Strong collaboration, documentation, and presentation skills. - Excellent customer relationship management and customer service skills. - Skill in Microsoft suite of products and presentation of complex information. Preferred Qualifications: - OS security experience including Active Directory, Unix and RACF - Database user security experience including MS SQL Server, Oracle and DB2/UDB - Demonstrated superior verbal, written, and presentation skills will all levels of staff and leadership - Demonstrated knowledge of best practices and general solutions in Identity and Access Management including (not all required, just provided as examples) authentication, single sign on, strong authentication, authorization, RBAC/ABAC, federation, access governance/review, access provisioning and deprovisioning, identity data management, elevated privilege management, and OS and network access control solutions. - CISSP certification