Info Security Analyst IV, Patch Management at Hackensack University Medical Center in Edison, NJ
Overview How haveYOUimpacted someone's life today? AtHackensack MeridianHealth our teams are focused on changing the lives of our patients by providing the highest level of care each and every day. From our hospitals, rehab centers and occupational health teams to our long-term care centers and at-home care capabilities, our complete spectrum of services will allow you to apply your skills in multiple settings while building your career, all within New Jersey's premier healthcare system. The Patch Management (PM) Program's objective is to reduce Hackensack Meridian Health's (HMH) risk profile through the identification, acquisition, testing, deployment, and verification of patches and updates in a consistent and repeatable manner across systems (Host, Application, Database, etc.). The Information Security Analyst IV, Patch Management is responsible for handling the day-to-day operations of the Patch Management service. This includes reviewing scheduled patch deployments, evaluating and prioritizing recently released patches, coordinating patch testing efforts with system owners, configuring and monitoring automated deployments, and generating and distributing reports. Works closely with the Patch Management tool and coordinates with the Patch Management Manager, Info Security Analyst III, Patch Management, Operations, Applications, and Infrastructure teams. This individual reports directly to the Patch Management Manager. Responsibilities A day in the life of a Info Security Analyst IV, Patch Management at Hackensack Meridian Health includes:
Manages the Patch Management tool configuration and automation enhancements, including but not limited to identifying and onboarding new systems and their respective patch handling requirements and schedules; verifying system attributes and maintenance of up-to-date system inventory; and configuring automated workflows that enable patch downloads, scanning, deployment, notifications, and reporting. Leads ongoing Patch Management optimization efforts and projects (e.g., patch scope expansion, system patching expansion, etc.). Designs the patch management architecture and continually aligns the architecture to best suit the HMH environment. Identifies and develops automated processes through scripting to enhance Patch Management processes. Reviews patches as they are released from vendors and determines their efficacy in the HMH environment. Monitors and maintains overall patch system (core application servers, agents, etc.) health and addresses issues when discovered. Prepares and performs updates to Patch Management related tools when released. Communicate Patch Management processes, functions, and schedules with various teams within the organization. Assists in reviewing proposed new systems and networks designs for patching configuration needs; implements mitigation or countermeasures and resolves integration issues related to the implementation of new systems within the existing infrastructure. Coordinates regular and emergency patch processes with Vulnerability Management, systems owners, and Change Management. Mentors junior Patch Management team members, IT staff, and other teams regarding Patch Management tools and processes. Maintains relationships with management and vendors to develop and implement new Patch Management solutions to meet business requirements. Advises the leadership team on the appropriate administration of Patch Management standards, assisting them in developing plans within their business units to manage these risks effectively by understanding the fundamental aspects of their business objectives. Performs ad hoc and scheduled patch deployments. Assists in necessary rollbacks, investigations, and troubleshooting when patch deployments fail or return errors. Assists in the development and monitoring of patch success reports and program KPIs. Other duties and/or projects as assigned. Adheres to HMH Organizational competencies and standards of behavior. Qualifications Education, Knowledge, Skills and Abilities Required:
Bachelor's degree in business information systems, information security, cybersecurity, etc., or related degree.Work experience may be substituted. Minimum of 10 years of general IT experience with at least 8 years' of that experience in IT security. Technical experience with networks, operating systems (i.e., Windows, Linux), applications, etc. Proficiency writing PowerShell, SQL queries, Python, and other relevant scripting languages / technologies. In depth knowledge of and experience deploying and operating one of the following (or comparable) Patch Management / Configuration Management tools:
Ivanti Patch Management solutions (i.e., Patch for Endpoint Manager, Patch for SCCM, Patch for Linux, UNIX, Mac, etc.), WSUS, SCCM, and/or Legacy solutions (e.g., Shavlik, LANDesk, etc.). Experience in the following:
successful implementation of business relevant measures of Information Security effectiveness; and inInvolvement in security and/or IT operations work. Experience working in hospital environments/with healthcare related information systems (electronic medical records systems, clinical systems, etc.). Experience working with one or more Information Security frameworks (HIPAA, NIST, PCI, etc.) and industry better practices. Strong knowledge of industry standards regarding patch and vulnerability management (i.e., Patch Criticality Ratings, Patch Tuesday, Common Vulnerability Scoring System (CVSS), Common Vulnerability and Exposures (CVE)). Familiarity with Information Security governance, risk, and compliance better practices and tools. Experience delivering formal presentations. Excellent verbal and written communication skills. Education, Knowledge, Skills and Abilities Preferred:
Minimum of 4 years of work experience maintaining and administering a Patch Management program Proficient understanding of regulatory and compliance mandates, including but not limited to HIPAA, HITECH, and PCI. Strong knowledge of healthcare environments. Experience working with Ivanti solutions. Experience with IT ticketing solutions (e.g., FootPrints, ServiceNow, etc.). Licenses and Certifications Preferred:
Certified Information Systems Security Professional (CISSP). Vendor certifications in Patch Management products. Our Network Hackensack Meridian Health (HMH) is a Mandatory COVID-19 and Influenza Vaccination Facility As a courtesy to assist you in your job search, we would like to send your resume to other areas of our Hackensack Meridian Health network who may have current openings that fit your skills and experience.
Salary Range:
$150K -- $200K
Minimum Qualification
IT SecurityEstimated Salary: $20 to $28 per hour based on qualifications.
Manages the Patch Management tool configuration and automation enhancements, including but not limited to identifying and onboarding new systems and their respective patch handling requirements and schedules; verifying system attributes and maintenance of up-to-date system inventory; and configuring automated workflows that enable patch downloads, scanning, deployment, notifications, and reporting. Leads ongoing Patch Management optimization efforts and projects (e.g., patch scope expansion, system patching expansion, etc.). Designs the patch management architecture and continually aligns the architecture to best suit the HMH environment. Identifies and develops automated processes through scripting to enhance Patch Management processes. Reviews patches as they are released from vendors and determines their efficacy in the HMH environment. Monitors and maintains overall patch system (core application servers, agents, etc.) health and addresses issues when discovered. Prepares and performs updates to Patch Management related tools when released. Communicate Patch Management processes, functions, and schedules with various teams within the organization. Assists in reviewing proposed new systems and networks designs for patching configuration needs; implements mitigation or countermeasures and resolves integration issues related to the implementation of new systems within the existing infrastructure. Coordinates regular and emergency patch processes with Vulnerability Management, systems owners, and Change Management. Mentors junior Patch Management team members, IT staff, and other teams regarding Patch Management tools and processes. Maintains relationships with management and vendors to develop and implement new Patch Management solutions to meet business requirements. Advises the leadership team on the appropriate administration of Patch Management standards, assisting them in developing plans within their business units to manage these risks effectively by understanding the fundamental aspects of their business objectives. Performs ad hoc and scheduled patch deployments. Assists in necessary rollbacks, investigations, and troubleshooting when patch deployments fail or return errors. Assists in the development and monitoring of patch success reports and program KPIs. Other duties and/or projects as assigned. Adheres to HMH Organizational competencies and standards of behavior. Qualifications Education, Knowledge, Skills and Abilities Required:
Bachelor's degree in business information systems, information security, cybersecurity, etc., or related degree.Work experience may be substituted. Minimum of 10 years of general IT experience with at least 8 years' of that experience in IT security. Technical experience with networks, operating systems (i.e., Windows, Linux), applications, etc. Proficiency writing PowerShell, SQL queries, Python, and other relevant scripting languages / technologies. In depth knowledge of and experience deploying and operating one of the following (or comparable) Patch Management / Configuration Management tools:
Ivanti Patch Management solutions (i.e., Patch for Endpoint Manager, Patch for SCCM, Patch for Linux, UNIX, Mac, etc.), WSUS, SCCM, and/or Legacy solutions (e.g., Shavlik, LANDesk, etc.). Experience in the following:
successful implementation of business relevant measures of Information Security effectiveness; and inInvolvement in security and/or IT operations work. Experience working in hospital environments/with healthcare related information systems (electronic medical records systems, clinical systems, etc.). Experience working with one or more Information Security frameworks (HIPAA, NIST, PCI, etc.) and industry better practices. Strong knowledge of industry standards regarding patch and vulnerability management (i.e., Patch Criticality Ratings, Patch Tuesday, Common Vulnerability Scoring System (CVSS), Common Vulnerability and Exposures (CVE)). Familiarity with Information Security governance, risk, and compliance better practices and tools. Experience delivering formal presentations. Excellent verbal and written communication skills. Education, Knowledge, Skills and Abilities Preferred:
Minimum of 4 years of work experience maintaining and administering a Patch Management program Proficient understanding of regulatory and compliance mandates, including but not limited to HIPAA, HITECH, and PCI. Strong knowledge of healthcare environments. Experience working with Ivanti solutions. Experience with IT ticketing solutions (e.g., FootPrints, ServiceNow, etc.). Licenses and Certifications Preferred:
Certified Information Systems Security Professional (CISSP). Vendor certifications in Patch Management products. Our Network Hackensack Meridian Health (HMH) is a Mandatory COVID-19 and Influenza Vaccination Facility As a courtesy to assist you in your job search, we would like to send your resume to other areas of our Hackensack Meridian Health network who may have current openings that fit your skills and experience.
Salary Range:
$150K -- $200K
Minimum Qualification
IT SecurityEstimated Salary: $20 to $28 per hour based on qualifications.
|
|
 | |
