About the Job

The Senior Analyst, Information Security assists with FMI’s security risk management program by performing risk assessments, tracking the status and remediation of risks. This role also uses common information security tools (vulnerability scanners, DLP, GRC, etc.) to identify and track risks to company systems and data. In addition, the Sr Analyst, assists with general day to day security operations tasks, including security operations, incident response and security awareness activities. 

The Senior Analyst must have a broad understanding of the modern cyber security landscape, including common control frameworks, common threats to web applications, risks posed by third-party vendors, and compensating controls to mitigate risk. 

Key Responsibilities

• Perform security risk assessments on FMI applications, third-party vendors, and other FMI technology projects as necessary.
• Assist in tracking risks and driving remediation of risks.
• Assist the team in utilizing or maintaining information security tools.
• Maintain and improve incident response documentation.
• Investigate and respond to user reports of phishing.
• Investigate and respond to SOC-reported security incident tickets.
• Ensure data loss prevention (DLP) capabilities are properly deployed across all critical data stores.
• Complete periodic audits and tests of the FMI information security system, document findings, and resolve any identified issues.
• Assist with user security awareness training and testing.
• Maintain and execute efforts to improve FMI’s incident response procedures for the Security team and other Technology team.
• Administer policies to control access to FMI’s data.
• Other projects as periodically assigned.

Qualifications:

Basic Qualifications:

• Bachelor’s Degree
• 4+ years of experience in information security
• Knowledge of common information security tools, such as vulnerability scanners, data loss prevention (DLP), GRC platforms, etc.
• Knowledge of common security frameworks: ISO 27001, SSAE SOC 2, CIS, NIST, etc.

Preferred Qualifications:

• Demonstrated ability to work effectively with internal and external stakeholders
• Demonstrated ability to track risks and assist teams in mitigating risk
• Knowledge of current and emerging security and information technology standards and practices
• Reputable security certifications, such as CISSP, CISA, or GIAC certifications
• Familiarity with basic threat intelligence tools and capabilities
• Familiarity with using common networking and firewall technologies (e.g., Cisco, Palo Alto, etc.) for security investigations
• Familiarity with Cloud Access Security Broker (CASB) technologies for DLP capabilities around SaaS applications and public cloud data stores
• Familiarity with various other security monitoring technologies, and ability to establish relevant alerting policies and reports
• Understanding of the importance of company data privacy
• Demonstrated ability to meet deliverables, timetables, and deadlines
• Understanding of HIPAA and the importance of patient data privacy
• Commitment to FMI's core values: collaboration, passion, patients, and innovation

The expected salary range for this position based on the primary location of Remote is $111,000 - $149,000 per year. The salary range is commensurate with FMI’s compensation practice and considers factors including, but not limited to, education, training, experience, external market conditions, criticality of role, and internal equity. A discretionary annual bonus may be available based on individual and Company performance.  This position also qualifies for FMI benefits.

#LI-Remote