CAPS is the nation's largest network of outsourcing admixture pharmacies. A pioneer in the outsourcing of CSPs, CAPS was founded in 1991, and delivers high-quality, same-day, admixture services and solutions to hospitals and outpatient facilities across the nation. CAPS has three 503B Outsourcing Facilities that are registered with the FDA to provide anticipatory compounding services. CAPS also has 22 state licensed 503A regional pharmacies that dispense labeled, patient-specific prescriptions. To learn more, visit www.capspharmacy.com.
The IT Security Analyst is responsible for determining appropriate IT security measures and creating policies and procedures that monitor and control access to system resources and data. The IT Security Analyst will update IT security standards as necessary and will report any observed security violations to the appropriate CAPS personnel. The IT Security Analyst will develop and maintain security compliance and exception reporting processes and procedures to ensure that all appropriate steps have been taken to meet defined internal and external security requirements. The Analyst will be responsible for providing project management and implementation support for IT security projects.
Responsibilities: Essential Duties
- Actively monitor and research ongoing threats and associated preventative measures in an effort to proactively protect the CAPS IT infrastructure.
- Develops and maintains CAPS IT security policies, procedures and compliance guidelines. Maintain IT security documentation as required that is in accordance with regulatory agencies (FDA and data integrity, ISO, HIPAA, HITECH, OWASP etc.).
- Designs, implements and supports integration of information security solutions including security architectures, firewall change requests, integrating security products, and developing and coordinating security implementation plans.
- Identifies process functions, risk, security control weaknesses and corrective controls; presents security challenges and control options to management, and implements plans, researches and deploys new technologies, work with management, administrators and application owners during transition to operational service.
- Provides organizational support of enterprise security architecture and design, benchmarking, technical framework and gap analysis. Work with administrators and application owners to remediate potential and known security gaps.
- Works with management to determine acceptable levels of risk for CAPS IT computing platforms and to discuss security implications of new information technology uses being considered.
- Monitors and evaluates security compliance, and takes action to ensure availability, integrity, confidentiality and security of the CAPS IT Infrastructure.
- Monitors and assures that policies and procedures related to integrity, confidentiality and IT security are followed by project team members and departmental personnel in the implementation and maintenance of computerized information systems.
- Guides users and technical team members in formulating IT Security requirements, integrating security requirements into existing system architectures, developing security test plans with B. Braun Medical IT Security, CAPS management and overseeing the execution of security testing, asset auditing and advising alternative approaches.
- Work with IT and parent company B. Braun Medical IT Security management to draft SOPs and system validation plans as required to meet corporate business needs and support the companys regulatory requirements.
- Interacts with other departments and vendors to gather data, resolve and document complex technical issues for implementation of security products and controls.
- Investigates documents and reports any actual or potential Information Security violation or inappropriate computers use.
- Participates in coordinating security management services, forensic analysis, cyber-crime investigation, incident emergency response and investigations.
- Reports any observed security violations and proposed solutions to the Director of Information Technology as well as the B. Braun Medical IT Security.
- Coordinates the communication of Information Security awareness to people who have access to computer systems.
- Maintains current and thorough knowledge of security hardware and software products that comply with industry standards.
- Works with vendors, IT staff, business departments and outside business partners to enhance Information Security.
- Work with CAPS management to provide technical guidance on customer contract agreements and responses to data security questionnaires in a timely manner.
- Uses project management techniques for implementing changes.
- Develops standards and procedures that support meeting strategic, tactical and operational objectives on a cost-effective basis.
- Continues to develop IT Security knowledge by attending training courses, seminars and subscribes to relevant vendor and Information Security lists for security threats and mitigation strategies.
Expertise: Knowledge & Skills
- Foundational knowledge of data security and software access control systems, policies, encryption and related matters.
- Functional knowledge of communications protocols and standards related to security.
- Functional knowledge of information protection methodologies and concepts, such as identification and authentication, access control, inception and audit trails.
- Practical knowledge of server administration as applied to network and internet security.
- Wide knowledge in the areas of technical support for computers, software development, communication systems, networks and their interrelationships.
- Understanding of application systems, network architecture, multiple platforms and new technologies from an IT and Information Security perspective to include the following: Firewalls, log analysis to assess malicious / unauthorized activity on the network and host, Unix, Microsoft Windows, networking (switches, routers/protocols), TCP/IP, network services,, Network Architecture, Token authentication, DNS, VPN, Application, Database and O/S configuration, as well as web-based systems, Anti-virus, single sign on, PKI, Active Directory, and high level programming languages.
- Familiarity of system and network exploitation, attack pathologies and intrusion techniques, such as denial of services, Sync attack, malicious code, password cracking, and ransomware exploits, etc.
- Knowledge of information protection standards, guidelines, and applied procedures (e.g., industry best practices);
- Knowledge of business needs with the ability to establish and maintain a high level of customer trust and confidence in the Companys concern for customers.
- Strong organizational and project management skills required.
- Strong written and verbal communication skills required.
Expertise: Qualifications - Experience/Training/Education/Etc
- Bachelor's degree required.
- Prior experience in IT security and services.
- 3-6 years information systems experience required.
- General knowledge of GxP guidelines preferred.
- FDA regulatory compliance experience preferred.
- CISSP certification or equivalent experience.
While performing the duties of this job, the employee is regularly required to sit and talk or hear. The employee frequently is required to use hands to handle or feel and reach with hands and arms. The employee is occasionally required to stand and walk. The employee must occasionally lift and/or move up to 50 pounds.
B. Braun offers an excellent benefits package, which includes healthcare, a 401(k) plan, and tuition reimbursement. To learn more about B. Braun and our safety healthcare products or view a listing of our employment opportunities, please visit us on the internet at www.bbraunusa.com..
Through its Sharing Expertise initiative, B. Braun promotes best practices for continuous improvement of healthcare products and services.
Responsibilities: Other Duties:
The preceding functions have been provided as examples of the types of work performed by employees assigned to this position. To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed in this description are representative of the knowledge, skill, and/or ability required. Management reserves the right to add, modify, change or rescind the work assignments of different positions due to reasonable accommodation or other reasons.
While performing the duties of this job, the employee is regularly required to sit and talk or actively listen. The employee frequently is required to use hands to handle or feel and reach with hands and arms. The employee is occasionally required to stand and walk. The employee must occasionally lift and/or move up to 20 pounds.
The work environment characteristics described here are representative of those an employee encounters while performing the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. The noise level in the work environment is usually moderate.
Must be willing to travel for business and work extra hours when necessary.