Senior Information Security Analyst
Act as a subject matter expert and technical leader concerning complex information security technology, topics, and issues. Responsible for technical and specialized duties in the areas of security framework, architecture design, risk management, incident management, vulnerability management, information security program, and technology implementations, with the goal of improving the overall security posture of the organization.
Provide subject matter expertise in defining, evaluating, and recommending/implementing information security controls and technology to ensure the protection of the organization’s assets Lead the security architecture and technology design, identify gaps, recommend security enhancements, and lead efforts to ensure security requirements are integrated and implemented Partner with the Architecture, Infrastructure, and Technology teams to review existing architecture, identify gaps, and recommend security enhancements Assist in defining architectural and technology standards that impact the security of systems and data Develops, validates, maintains, and implements information security policies, standards, guidelines, and procedures to ensure compliance with the Information Security Program Lead detailed risk analysis and risk assessment to identify, mitigate, and control risks to infrastructure, information systems, and data; advocate security and risk management to key stakeholders in order to balance security and business needs Lead third-party evaluation to ensure that their technology environment appropriately protects shared data, that contracts have the appropriate security requirements, and that those requirements are met through regular audits and assessments Monitors changes in current threats and looks at trends for future threat analysis in order to proactively plan and design the environment to protect against current and future threats Job Specifications Typically has the following skills or abilities: Bachelor’s Degree in Computer Science or related field, or equivalent experience Minimum 6 years of hands-on technical information security experience Expert-level knowledge of security principles and technologies Hands-on experience designing and implementing a variety of security solutions and technologies across multiple disciplines Broad experience with risk and threat assessment methodologies Proven ability to weigh business needs against risk concerns and articulate issues to business leaders Extensive experience implementing security controls to comply with various IT regulatory compliance requirements such as HIPAA and PCI as well as various standards including ISO 27001 Strong, proven skills and ability to identify and analyze security vulnerabilities Experience performing network and application security penetration testing and/or vulnerability management, interpreting results, and remediating findings Ability to interact with personnel at all levels of the organization and interpret complex business initiatives Excellent written and verbal communication skills Ability to analyze various complex issues, projects, technologies, and solutions Ability to regularly exercise discretion and independent judgment in the performance of his/her job duties
Preferred Skills
Enhanced focus on Cybersecurity & Risk Assessment
Knowledge of HiTrust & Soc II
#LI-VISIONCARE
Compensation range for the role is listed below. Applicable salary ranges may differ across markets. Actual pay will be determined based on experience and other job-related factors permitted by law. As a part of the compensation package, this role may include eligible bonuses and commissions. For more information regarding VSP Vision benefits, please click here.
Salary Ranges: $84,000.00 - $141,750.00
VSP Vision is an equal opportunity employer and gives consideration for employment to qualified applicants without regard to age, gender, race, color, religion, sex, national origin, disability or protected veteran status. We maintain a drug-free workplace and perform pre-employment substance abuse testing.
Unincorporated LA County Residents: Qualified Applicants with arrest or conviction records will be considered for employment in accordance with the Los Angeles County Fair Chance Ordinance for Employers and the California Fair Chance Act, and any other similar laws.
Notice to Candidates: Fraud Alert - Fake Job Opportunity Solicitations Used to Collect Fees/Personal Information.
We have been made aware that fake job opportunities are being offered by individuals posing as VSP Vision and affiliate recruiters. Click here to learn about our application process and what to watch for regarding false job opportunities.
As a regular part of doing business, VSP Vision (“VSP”) collects many different types of personal information, including protected health information, about our audiences, including members, doctors, clients, brokers, business partners, and employees. VSP Vision employees will have access to this sensitive personal information and are subject to follow Information Security and Privacy Policies.
About the job
Apply for this position
Senior Information Security Analyst
Act as a subject matter expert and technical leader concerning complex information security technology, topics, and issues. Responsible for technical and specialized duties in the areas of security framework, architecture design, risk management, incident management, vulnerability management, information security program, and technology implementations, with the goal of improving the overall security posture of the organization.
Provide subject matter expertise in defining, evaluating, and recommending/implementing information security controls and technology to ensure the protection of the organization’s assets Lead the security architecture and technology design, identify gaps, recommend security enhancements, and lead efforts to ensure security requirements are integrated and implemented Partner with the Architecture, Infrastructure, and Technology teams to review existing architecture, identify gaps, and recommend security enhancements Assist in defining architectural and technology standards that impact the security of systems and data Develops, validates, maintains, and implements information security policies, standards, guidelines, and procedures to ensure compliance with the Information Security Program Lead detailed risk analysis and risk assessment to identify, mitigate, and control risks to infrastructure, information systems, and data; advocate security and risk management to key stakeholders in order to balance security and business needs Lead third-party evaluation to ensure that their technology environment appropriately protects shared data, that contracts have the appropriate security requirements, and that those requirements are met through regular audits and assessments Monitors changes in current threats and looks at trends for future threat analysis in order to proactively plan and design the environment to protect against current and future threats Job Specifications Typically has the following skills or abilities: Bachelor’s Degree in Computer Science or related field, or equivalent experience Minimum 6 years of hands-on technical information security experience Expert-level knowledge of security principles and technologies Hands-on experience designing and implementing a variety of security solutions and technologies across multiple disciplines Broad experience with risk and threat assessment methodologies Proven ability to weigh business needs against risk concerns and articulate issues to business leaders Extensive experience implementing security controls to comply with various IT regulatory compliance requirements such as HIPAA and PCI as well as various standards including ISO 27001 Strong, proven skills and ability to identify and analyze security vulnerabilities Experience performing network and application security penetration testing and/or vulnerability management, interpreting results, and remediating findings Ability to interact with personnel at all levels of the organization and interpret complex business initiatives Excellent written and verbal communication skills Ability to analyze various complex issues, projects, technologies, and solutions Ability to regularly exercise discretion and independent judgment in the performance of his/her job duties
Preferred Skills
Enhanced focus on Cybersecurity & Risk Assessment
Knowledge of HiTrust & Soc II
#LI-VISIONCARE
Compensation range for the role is listed below. Applicable salary ranges may differ across markets. Actual pay will be determined based on experience and other job-related factors permitted by law. As a part of the compensation package, this role may include eligible bonuses and commissions. For more information regarding VSP Vision benefits, please click here.
Salary Ranges: $84,000.00 - $141,750.00
VSP Vision is an equal opportunity employer and gives consideration for employment to qualified applicants without regard to age, gender, race, color, religion, sex, national origin, disability or protected veteran status. We maintain a drug-free workplace and perform pre-employment substance abuse testing.
Unincorporated LA County Residents: Qualified Applicants with arrest or conviction records will be considered for employment in accordance with the Los Angeles County Fair Chance Ordinance for Employers and the California Fair Chance Act, and any other similar laws.
Notice to Candidates: Fraud Alert - Fake Job Opportunity Solicitations Used to Collect Fees/Personal Information.
We have been made aware that fake job opportunities are being offered by individuals posing as VSP Vision and affiliate recruiters. Click here to learn about our application process and what to watch for regarding false job opportunities.
As a regular part of doing business, VSP Vision (“VSP”) collects many different types of personal information, including protected health information, about our audiences, including members, doctors, clients, brokers, business partners, and employees. VSP Vision employees will have access to this sensitive personal information and are subject to follow Information Security and Privacy Policies.