Cyber Defense Center Analyst

• PURPOSE AND SCOPE:  

  The Security Operations Center will assist in 24x7 Cyber Security Intrusion Monitoring and Event/Incident Response. Working with multiple IT Operations teams and members of the Information Security office, they will perform day-to-day security functions and investigations including more advanced analysis of threat intelligence and the security posture of systems. Additional duties include gathering metrics and key performance indicators (KPI's) and other security related tasks. 

  PRINCIPAL DUTIES AND RESPONSIBILITIES:  

  • Both under supervision and independently, utilizes established procedures to perform routine assigned tasks including performing, tracking, and reporting on daily Security Operations Center (SOC) compliance operations and heath monitoring systems. 

  • Assists with monitoring cyber security threats and associated activity. 

  • Adheres to procedures for Event analysis and Incident Response. 

  • Assists with performing cyber security event analysis and incident response as needed. 

  • Assist with all investigations into problematic network activity and provide on-going communication with senior management. 

  • Reviews threat intelligence sources for relevant data and takes the necessary actions aid in mitigating the threat to the environment, as defined by policy and procedures. 

  • Assist in performing & documenting cybersecurity risk assessments with focus on identifying known and unknown vulnerabilities utilizing different assessment techniques. 

  • Assist in developing mitigation strategies for identified vulnerabilities across product lines. 

  • Support the deployment, integration, and initial configuration of all new security solutions and of any enhancements to existing security solutions. 

  • Learns to use professional concepts. Applies company policies and procedures to resolve routine issues. 

  • Works on various cybersecurity problems, following standard practices and procedures in analyzing situations or data. 

  • Understand and stay current on best practices and guidance on achieving security. 

  • Understand and ensure compliance with current and applicable US laws and regulations that affect medical device cybersecurity. 

  • Assist and execute the simulated tests, collecting results, creating reports, and suggesting recommendations on how to reduce risk with additional training for employees. 

  • Builds stable working relationships internally. 

  • Performs work both based on specific instructions revived and independently when new or unusual situations arise. 

  • Assists with the development of the policies and procedures on how to handle new security situations. 

  • May refer to more senior levels, if applicable, for assistance with problems that may arise. 

  • Escalates issues to supervisor/manager for resolution, as deemed necessary. 

  • Reviews and complies with the Code of Business Conduct and all applicable company policies and procedures, local, state, and federal laws and regulations. 

  • Assists with various projects as assigned by direct supervisor. 

  • Performs other duties as assigned. 
     

  PHYSICAL DEMANDS AND WORKING CONDITIONS: 

  • The physical demands and work environment characteristics described here are representative of those an employee encounters while performing the essential functions of this job.  Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. 

  SUPERVISION:  

  • None 

  EDUCATION: 

  • Bachelor's degree in management information systems, Computer Science, or business/science related field required. 

  EXPERIENCE AND REQUIRED SKILLS:  

  • 0-2 years of experience working with internal/external audits or risk management - methods and techniques for the assessment and management of risk. 

  • Ability to operate as a pro-active and result-driven problem solver with excellent analytical and interpersonal skills. 

  • Ability to understand IT processes, management objectives risk appetite and tolerances and impact of objectives, risk appetite and tolerances and impact of changes to risk profiles. 

  • CISA, CISSP, CRISC, or other relevant certification(s) desired. 

  • Strong client services orientation and communication skills coupled with a high sense of urgency to keep appropriate partners informed, including solutions to overcome obstacles to deliver to expectation. 

  • Strong understanding of risk management, integration with enterprise risk management and business strategy. 

  • Solid understanding of IT Audit best practices.  Former Big 4 IT auditor or Financial Services IT risk management experience preferred. 

  • Experience in IT governance, risk, and controls, including governance frameworks. 

  • Demonstrated technical writing, communication, and presentation skills. 

  • Ability to work effectively in a team environment.   

  • Creativity in addressing technical challenges.   

  • Proven record to deliver results. 

EO/AA Employer: Minorities/Females/Veterans/Disability/Sexual Orientation/Gender Identity

 Fresenius Medical Care North America maintains a drug-free workplace in accordance with applicable federal and state laws.