Managed Health Care Associates, Inc. (MHA), provides care communities with access, solutions, and insights to help them run their businesses more effectively. Our members include post-acute providers across the care continuum including long-term care, home infusion, and specialty pharmacies, as well as senior living and other group living facilities. Our team of associates are passionate about our common mission of helping people age with grace, and champion our core values of being Curious Learners, Selfless Advocates, and Relentless Finishers.
Who we’re looking for:
The Cybersecurity Analyst at Managed Health Care Associates, Inc. (MHA) plays a crucial role in safeguarding the organization's digital assets by proactively identifying and mitigating security threats. This includes safeguarding the organization’s assets within the Azure cloud and beyond. This position is essential for maintaining the confidentiality, integrity, and availability of MHA's information systems. Through continuous monitoring of the security infrastructure, conducting detailed vulnerability assessments, and responding swiftly to any security incidents, the Analyst ensures the organization's networks and data are protected against cyber-attacks. Collaborating closely with the Cybersecurity Manager, this role contributes to the development and enforcement of comprehensive cybersecurity policies and strategies, enhancing the organization's security posture and compliance with regulatory requirements.
What You’ll Be Doing:
Supporting the maturation and development of the MHA Cybersecurity Program:
Aid in implementing new security controls in line with MHA’s security roadmap, in line with the NIST 2.0 framework, including Cloud Security Posture Management (Azure Cloud), Server and Workstation controls
Support the alignment of internal cybersecurity initiatives with our parent company’s cybersecurity program, ensuring consistency and strategic focus
Participate in cross-functional teams to integrate cybersecurity measures across the organization
Work with various departments to ensure cybersecurity practices are seamlessly integrated into business processes.
Advance cybersecurity strategies and governance for cloud, software, systems, data, networks, and hardware
Ensure compliance with standards like HIPAA, HITRUST, SOC, and ISO
Assist in the evaluation and enhancement of cybersecurity policies and practices
Security Monitoring and Incident Response:
Monitor security systems and networks for anomalies
Lead initial incident response efforts
Document and analyze security incidents
Vulnerability Management:
Conduct vulnerability scans and risk assessments
Prioritize and remediate identified vulnerabilities
Risk Management and Compliance:
Aid in maturing the organization’s information security risk management program, aligned with acceptable risk tolerance
Work with the Cybersecurity Manager in developing the frameworks for managing risks related to vendors, cloud, and infrastructure
Gather data and provide input to the Cybersecurity Manager for third-party cybersecurity and vendor audits
Ensure compliance with legal and regulatory standards
Incident Management and Disaster Recovery:
Execute, Enforce, and continuously improve the MHA Cybersecurity Incident Response Plan
Provide feedback on security controls and processes based on incident response and threat analysis
Document incidents and responses comprehensively for future reference and compliance
Engage in disaster recovery planning and execution, ensuring organizational resilience
Conduct regular testing and simulations to validate the effectiveness of recovery strategies
Security Assessments and Training:
Assist with vulnerability assessments, penetration tests, security audits, and remediation
Support the cybersecurity awareness training program for all associates
Promote security best practices among employees
Innovation and Technology Integration:
Collaborate with the cybersecurity manager on the secure integration of emerging technologies, including Generative AI, ensuring alignment with cybersecurity frameworks.
Help foster cloud security maturity and advance the implementation of zero trust architecture
What You’ll Bring to the Table:
Bachelor's Degree in technical field (i.e. computer science) or a related field as preferred or equivalent experience.
3-5 years or more of experience in cybersecurity within IT environments, with a preference for candidates with a background in the life sciences industry.
5-7 years of comprehensive IT experience, with a focus on Cyber/Information Security roles.
Proficiency with NGAV/EDR tools, CrowdStrike Falcon Preferred
Proficiency with Cloud Native Protection Platforms, (e.g., Microsoft Defender for Cloud)
Skilled in utilizing CrowdStrike Horizon for comprehensive cloud security posture management (CSPM), emphasizing the improvement of multi-cloud security via perpetual monitoring, threat identification, and protection of cloud assets and identities
Experience with threat hunting activities using advanced tools such as CrowdStrike Falcon, Defender for Cloud, and Azure Log Analytics to identify and mitigate threats
Proficiency in Information Security frameworks such as NIST, ISO, CIS, PCI, COBIT
Experience with Security Information and Event Management (SIEM) tools such as Azure Sentinel
Ability work with cross-functional teams towards achieving tactical and strategic objectives
In-depth knowledge of networking technologies and IT concepts (e.g., TCP/IP, DNS, DHCP, WINS)
Demonstrated ability in assessing security postures and supporting strategic roadmaps for cybersecurity maturity
Possession of current mid-level Information Security Certifications from recognized institutions
Experience in developing and implementing security policies and standards
Strong analytical abilities with experience managing multiple projects under tight deadlines
Deep understanding of information risk concepts, principles, and the business impact of security measures
Experience working closely with legal, audit, and compliance teams
Advanced knowledge in developing, maintaining, and overseeing compliance with policies, procedures, standards, and guidelines
Understanding of legal and regulatory requirements relevant to the life sciences sector (e.g., HIPAA) preferred
Excellent verbal, written, and interpersonal communication skills, capable of effectively engaging with a broad range of stakeholders from technical teams to business units
Candidates with strong experience in Azure Cloud Strongly Preferred: Including Azure Active Directory, Security Center, Monitor, and Log Analytics. Knowledge in managing and securing cloud resources, familiarity with Azure Defender and Policy, and understanding best practices for cloud security and compliance is desired
What’s Good to Know:
Up to 5% domestic travel may be required intermittently for job-related events and conference
Why Join MHA
Our associates enjoy the following benefits, and you can, too!
Staying Healthy Comprehensive medical, dental, and vision plans with FSA/HSA options Fitness reimbursement Access to an Employee Assistance Program
Enjoying Time-Off Paid time off, holidays, paid parental leave, plus your birthday is a day off!
Planning for the Future Life Insurance, short-term & long-term disability insurance 401K match Employee Stock Purchase Plan Financial and legal benefits
Continuous Learning E-learning programs Tuition Reimbursement Ongoing Team Trainings
Making an Impact Paid volunteer time-off
Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities The contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor’s legal duty to furnish information. 41 CFR 60-1.35(c)