Understand, track and manage security threats and risks. This includes performing risk assessments and measuring the success and effectiveness of mitigation efforts.

Assist with the development and maintenance of policies, procedures, standards, and guidelines and articulate best practices to employees and leadership.

Identify security risks and exposures, determine the cause(s) of security violations, and recommend procedures to mitigate future incidents and improve cybersecurity.

Develop techniques and procedures for conducting information security and cybersecurity risk assessments, incident investigations, and compliance audits.

Train users and promote security awareness and develop and maintain training materials/program.

Participate in information security program audit requests.

Participate in incident response process and escalate, as appropriate.

Monitor and enforce established security controls.

Review current and emerging information security trends, as they pertain to NAH information systems.

Perform Microsoft Active Directory security administration including implementation of standards, management and oversight of group policy, group membership, and processing of user access change requests.

Administer endpoint patching utilities for deploying Microsoft and 3rd party patches to endpoints in a timely manner, along with regular reporting on status and effectiveness of patching programs.

Monitor ticketing queues for response and escalation and perform daily monitoring and administration tasks for the following: Endpoint protection to ensure rapid handling of virus, malware, and ransomware detections Web-filtering systems including management of filtering policies and unblocking requests, occasional activity investigation and reporting requests Email filtering and security systems and investigate customer questions and spam/phishing reports Log reviews Incident response Intrusion detection/prevention systems Vulnerability management program

Complete operational tasks on a daily/weekly/monthly basis, as assigned.

Escalate security incidents as required and monitor progress towards resolution.

Plan and potentially conduct walkthroughs/rounding of physical facilities including network closets, clinical, and back-office work areas to document security issues and report findings to IT Leadership.

Foster information security awareness within the organization and provide education on information security best practice.

Partner with staff and leadership to promote cross-team collaboration and service excellence standards.

Interact with multiple levels of personnel within the organization and externally; including rounding at all service locations and in the moment security-based education with personnel.

Continuously demonstrate excellent verbal and written communication skills. Continuously demonstrate a high level of self-motivation, meticulous documentation skills, and excellent attention to detail.

If required for position, ensures all certifications and/or licenses are up-to-date and valid prior to expiration dates.

Completes all company mandatory modules and required job specific training in the specified time frame.

Responsible for reporting any safety related incident in a timely fashion through the Safety Event reporting tool; attends all safety related training programs; performs work in a safe manner; monitors work environment for possible safety issues and ensures others are also performing work in a safe manner.

Responsible for maintaining up-to-date knowledge of cybersecurity trends, developments, best practices and regulatory changes.

Stays current and complies with state and federal regulations/statutes and company policies that impact the employee's area of responsibility.