Information Technology Careers at Lifespan

Systems Security Analyst Job

Job Number: LCS17911

Job Title: Systems Security Analyst

Department: Information Systems Security - 0014905

Facility: Corporate Headquarters

Location: Providence, RI

A minimum of ten years of IS experience, with five years in an information security role.

A bachelor's degree in information systems or equivalent work experience; an M.B.A. or M.S. in information security is preferred.

Certifications: (CISSP, CCSP, CISA, CRISC, GIAC, Security+)

In-depth knowledge of risk assessment methods and technologies.

Proficiency in performing risk, business impact, control and vulnerability assessments.

Experience with common information security management frameworks, such as [International Organization for Standardization (ISO) 2700x and the ITIL, COBIT and National Institute of Standards and Technology (NIST)] frameworks.

Strong excel skills (Pivot Tables, Vlookups)

Strong written and verbal communication skills.

Ability to communicate security guidance to a non-technical audience.


The Systems Security Analyst is a critical member of the Chief Information Security Officer's (CISO's) team. This is a hands-on role that requires a high level of technical and analytical expertise. Responsible for a broad range of tasks, including the day-to-day administration of information security tools, the creation of security documentation, governance risk compliance (GRC) management.

ESSENTIAL FUNCTIONS:

Participates in a variety of information security functions – Vulnerability Management, Penetration Testing, Incident Response, Audit, Governance, Solution Design.

Works with various infrastructure teams and business units to ensure policy compliance and adherence to security best practices.

Assists in the development and documentation of security architecture, policies, standards, and procedures.

Measures and reports on the technical metrics of security controls.

Works with outsourced vendors that provide information security functions for compliance with contracted service-level agreements.

Participates in the day-to-day activities of threat and vulnerability management, identify risk tolerances, recommends treatment plans and communicates information about residual risk.

Participates in security projects and provides expert guidance on security matters for other IT projects.

Ensures audit trails, system logs and other monitoring data sources are reviewed periodically and are in compliance with policies and audit requirements.

Participates in security investigations and compliance reviews, as requested by internal or external auditors.

Supports Lifespan’s Legal e-discovery processes to include identification, collection, preservation and processing of relevant data.

Participates in GRC (Governance Risk Compliance) activities surrounding policies, exceptions, risk register, and compliance requirements such as HIPAA, PCI, and JMC.