Information Security Analyst


Information Security Analyst

Reports To: 

Senior Manager, Information Security 

Friday, December 4, 2020

The Information Security Analyst is responsible for the successful delivery of security program initiatives that safeguard CAQH protected information. Through methodical planning, rigorous execution and continuous oversight, the CAQH Information Security Analyst will enhance the security and privacy posture of CAQH solutions and corporate IT assets. The Information Security Analyst reports to the Senior Manager, Information Security; the position is full time, exempt.

Specific Responsibilities: 
  • Monitor the security of critical systems (e.g., e-mail servers, database servers, web servers, etc.) and changes to highly sensitive computer security controls to ensure appropriate system administrative actions, investigate and report on noted irregularities.
  • Support to conduct network vulnerability assessments using tools to evaluate attack vectors, identify system vulnerabilities and support IT Security Manager to develop remediation plans and security procedures.
  • Manage the SIEM infrastructure and assure monitoring and alert response.
  • Investigate potential or actual security violations or incidents in an effort to identify issues and areas that require new security measures or policy changes.
  • Support implementing and managing data loss prevention (DLP) tools.
  • Support to define rules and place in DLP server as per the HIPAA and HITRUST compliance policy, enforce IT policies, protect infrastructure, and effectively manage systems.
  • Identify opportunities for process improvement and support the implementation of changes.
  • Manage the day-to-day log collection activities of source devices that send log data to SIEM. Work with Security Manager to integrate SIEM into Azure environment.
  • Extract logs, perform real time log analysis using SIEM technologies and forensics analysis of logs as per the events.
  • With support from IT Security Manager aggregate, correlate, and analyze log data from network devices, security devices, CAQH Azure environment and other key assets using SIEM technologies.
  • Support to conduct vulnerability assessment, threat management, security advisories, compliance audits and IT security assessment.
  • Define, establish and manage security risk metrics, key security performance indicators and track effectiveness.
Knowledge, skills and abilities: 
  • SIEM knowledge and experience (Splunk in Azure experience preferred).
  • Demonstrated ability to manage a mix of established programs and projects of varying sizes, as well as new initiatives that span application and infrastructure security.
  • Demonstrated ability to support project teams to meet critical deadlines and realize program benefits.
  • Ability to efficiently and effectively communicate plans, schedules, decisions, status, risks and issues and to implement corrective actions to ensure organizational objectives are met.
  • Ability to work collaboratively in fast-paced, schedule-driven matrixed organizations.
  • Ability to communicate clearly and concisely with all levels of business and technical stakeholders.
  • Understanding of information security lifecycles execution and oversight.
  • Strong team player able to influence the outcome of projects without direct authority.
  • Experience implementing and refining processes, policies and standards.
  • The ability to balance risk mitigation with business needs.
  • 3+ years of hands-on experience managing security Monitoring (preferably using Splunk, OMS and Azure tools), vulnerability scanning and data loss prevention tools.
  • 3+ years leading cross-functional teams successfully deliver comprehensive security solutions.
  • CISSP certification and SIEM rules development and deployment experience preferred.

Bachelor’s degree required; business and technology disciplines preferred.

PDF version: 
Download (129.7 KB)
Employment Type: 
Hiring Organization: 


CAQH recognizes that its most important asset is its growing team of smart, creative, collaborative, forward-thinking and passionate professionals – and that a comprehensive employee benefits package is an important factor for them in choosing where to work. CAQH offers competitive compensation along with an extensive benefits package for all full-time employees, including medical, dental and vision coverage, tuition assistance and a 401k. Our location in downtown Washington, DC is metro-accessible, has an onsite fitness center and is centrally located to allow our team to take advantage of professional networking opportunities, cultural offerings and a thriving social scene.

Who we are:

Named one of the "Best Places to Work" by Modern Healthcare for three consecutive years, CAQH, a non-profit alliance, is the leader in creating shared initiatives to streamline the business of healthcare. Through collaboration and innovation, CAQH accelerates the transformation of business processes, delivering value to providers, patients and health plans. Our initiatives include:

  • COB Smart® quickly and accurately directs coordination of benefits processes.
  • EnrollHub® reduces costly paper checks with enrollment for electronic payments and electronic remittance advice.
  • CAQH ProView® eases the burden of provider data collection, maintenance and distribution.
  • DirectAssure® increases the accuracy of health plan provider directories.
  • VeriFideTM streamlines credentialing by consolidating and standardizing primary source verification.
  • SanctionsTrack® delivers comprehensive, multi-state information on healthcare provider licensure disciplinary actions. 
  • CAQH CORE® maximizes business efficiency and savings by developing and implementing national operating rules.
  • CAQH Index® benchmarks progress and helps optimize operations by tracking industry adoption of electronic administrative transactions.