Organization Overview, Mission, Vision and Values

Our mission is to improve the health of people in the communities we serve through compassionate, high-quality care, prevention, and wellness education. Washington Regional Medical System is a community-owned, locally governed, non-profit health care system located in Northwest Arkansas in the heart of Fayetteville, which is consistently ranked among the 10 Best Places to Live in the country. Our 425-bed medical center has been named the #1 hospital in Arkansas for three consecutive years by U.S. News & World Report. We employ 3,400+ team members and serve the region with over 45 clinic locations, the area’s only Level II trauma center, and five Centers of Excellence - the Washington Regional J.B. Hunt Transport Services Neuroscience Institute; Washington Regional Walker Heart Institute; Washington Regional Women and Infants Center; Washington Regional Total Joint Center; and Washington Regional Pat Walker Center for Seniors.

Position Summary

The role of the Senior Vulnerability Assessment Analyst reports to the Information Security Manager. This position is responsible for maintaining compliance through regular maintenance checks in all connectivity devices to ensure compliance with security guidelines and ensure all systems deployed meet standards for use. This position will assist in maintaining information security and compliance policies, procedures, and best practices throughout the organization. This position, in collaboration with the technology team, will work to ensure that all WRMS information and data management systems comply with all WRMS policies and procedures.

Essential Position Responsibilities

Strategic and Tactical Planning

• Assist in identification, modification, and implementation of security tools and technologies to protect WRMS digital and data assets throughout the enterprise.
• Identify improvements within the organization’s security solutions and work with the technology services team to strengthen those solutions.
• Monitor regulatory, policy and/or compliance, and environmental factors that need to be addressed to assure security (physical and cyber) of systems are enabled to protect WRMS.
• Configure and perform routine internal and external vulnerability scans and report findings and remediation recommendations to the appropriate business owners.
• Develop methods to identify and validate potential vulnerabilities and create detailed reports with remediation recommendations.
• Audit user security awareness through simulated attack campaigns and support development of security awareness training material and practices
• Develop and perform simulated attacks against enterprise assets to validate detection and response efficacy and identify opportunities to improve defensive practices and procedures.
• Participate in security incident investigations and response.

Security Systems Management Activities

• Continuously monitor systems/solutions for protection against and indications of loss of data, breaches, and attacks
• Identify potential exposures and work with necessary teams to remediate those vulnerabilities.
• Identify potential risks within the environment and develop proposals to mitigate those risks for review, consideration, and implementation.
• Maintain current knowledge base on all regulatory and compliance related areas around HIPAA, PCI, PII, Security, and Risk
• Manage security testing platforms.
• Support forensic investigations and mitigation procedures.
• Support security training and communicate policies.
• Facilitate policy and audit plans and identify security risks and operation needs.
• Review configuration and updates to ensure software and infrastructure are protected.

Qualifications

• Education: Associates or bachelor’s in information systems or similar, preferred.
• Licensure and Certifications: Certification in one or more of the following: ISC2 (CISSP, SSCP), ISACA (CISA or CISM), GIAC (GSEC, GMON, GCIH) CompTIA (Security+, CySA+, CASP+), preferred.
• Experience: Minimum 5 years’ experience in information system management to include exposure in server administration, network administration, security systems, Windows/Exchange environment, TCP/IP, remote access, IP Telephony, and Internet. Minimum 5-7 years experience in risk analysis, risk identification, and risk mitigation.

Work Environment: This position will spend 10% of the time stand and/or walking while pushing, pulling, lifting, and/or carrying up to 50 lbs. This position will spend 90% of time sitting while performing work in a standard office environment.