Principal Information Security Analyst

Providence Healthcare   •  

Renton, WA

Industry: Healthcare


11 - 15 years

Posted 30 days ago

We are seeking a Principal Information Security Analyst to lead significant aspects of the system-wide Information Security program, including development, ongoing planning and execution of the roadmap for their program domain(s). They are expected to provide thought leadership to the organization in areas such as, but not limited to: information security frameworks, business continuity management, reporting and metrics, security risk management, firewall protection, information security training, intrusion prevention, data loss prevention, anti-virus endpoint protection, security policy and standards, regulatory/contractual requirements, planning, mitigation, physical security, and/or crisis and incident management. The Principal Information Security Analyst is able to translate strategy into tactical plans then achieve its milestones, determining resource needs and coordinating the work of a cross functional team, often in a lead role. They are responsible for overseeing and coordination of all aspects of a significant domain(s) within the information security program ranging from business requirements and detailed planning (schedule, scope, budget) to on-time completion of deliverables to QA criteria and testing and ongoing metrics and reporting. He/She works fairly autonomously to proactively develop enterprise security methodologies and implement enterprise-wide processes that address and show adherence to regulatory requirements, and that reduce risks to the organization while driving efficiencies. They formulate and lead interdisciplinary teams to identify, assess and address security risks. They are recognized both within RIS and by business units as an authoritative subject matter expert for their assigned domains and have a strong understanding of how the security programs support and effect the organization. The Principal Information Security Analyst will create and utilize various tools and methods to provide support to end users, technology teams, projects and business leaders on a regular and ad hoc basis. Responsible for working collaboratively and effectively with project sponsors, Regional Information Security Officers, IT site directors, regional leaders and project managers to assess, analyze and develop information security related business needs and requirements for potential projects/initiatives.
In this position you will have the following responsibilities:

  • Plan and lead the work of others. Works proactively with minimal supervision and collaborates across organizational boundaries. Routinely interfaces with business and technology leaders and sponsors to:
  • Identify, develop, and implement needed enterprise-wide security programs and projects that include budget, resource plans, work-plans, schedules and supporting training and documentation.
  • Develop business and technical requirements; create use cases, test cases and QA criteria to support project implementation while driving health system objectives relative to standardization, integration, efficiency and regulatory compliance.
  • Manage completion of deliverables of assigned resources in cross-functional project teams, often for concurrent projects. Serve as ISS liaison for new system implementations and enhancement projects.
  • Facilitate /coordinate resources required for system implementations.
  • Drive /coordinate departmental organizational and operational transformation initiatives.
  • Manage initiatives that support the creation and implementation of operational support models, availability models, system portfolios, service delivery playbooks, service dashboards (key performance indicators, key risk indicators) and system inventory financial portfolios. Leads teams to drive ongoing process improvement and optimization of these initiatives.
  • Create, document, implement and manage procedures and processes that ensure security control effectiveness.
  • Develop and maintain documentation for all assigned responsibilities.

Required qualifications for this position include:

  • Bachelor’s degree in Computer Science, Management Information Systems, Information Security, Business Management or a related field. If no degree, additional years of experience can substitute for the degree in addition to minimum years of experience below:
  • 10+ years of experience in Information Security, preferably in a healthcare setting.
  • 1 or more certifications listed below is also required:
  • Certified Information Systems Security Professional.
  • Certified Information Systems Auditor.
  • Certified Information Security Manager (CISM)
  • Certified Business Continuity Professional (CBCP)
  • Master Business Continuity Professional (MBCP)
  • PCI-ISA designation ( Payment Card Industry-Internal Security Assessor), or PCIP (Payment Card Industry Professional)

Preferred qualifications for this position include:

  • Master’s degree in Computer Science, Management Information Systems, Information Security, Business Management or a related field Or equivalent educ/experience.
  • Healthcare industry knowledge.