The Sr. Security Analyst will serve within the Health Informatics and Technology (HIT) department and under the leadership of the Enterprise Change Control/IS Security Manager.
- Guides, drives, and helps with the continuous enhancement of the IS SecurityRisk Management, Change Control and the Business Continuity Management Programs.
- Performs various risk assessments (e.g. application/system risk and business impact analyses), identifies specific controls needed based on IT/Security regulatory guidance and best practices, and provides a monitoring and testing strategy for ongoing HIT enterprise initiatives.
- Assists with integrating the overall IS SecurityRisk Management program with the business continuity efforts for core Electronic Medical Record (EMR) systems and other ancillary applications.
- Works closely with HIT and business key stakeholders to educate on control requirements and associated inherited and residual risk exposures.
- Ensures that HIT has a comprehensive and sound security practice so that assurance and reliance can be placed on the security, confidentiality and IT compliance for the organization.
- Data collection and aggregation: consulting with end users in specific departments/divisions to obtain information related to various risk assessments and create report deliverables;
- Familiarity with the Business Continuity and Disaster Recovery processes including, but not limited to the following: performing business impact analysis, strategic selection of systems for disaster recovery, and coordinating mock-disaster recovery exercises to test the adequacy of existing IS plans;
- On-call support as a result of Disaster Recovery needs and activities
- Coordinate change control activities (e.g. SDLC) for various core Advocate systems;
- Prepare, conduct, and assist with remediation of both internal and external audits, security/risk assessments, and vulnerability scans. Assist with coordinating requests from auditors during the audit review period;
- Traveling to Advocate sites for various meetings
- 5 to 7 years of experience with information system security programs, IT audits, controls, and risk assessments;
- Demonstrates proficiency in regulatory requirement guidelines like NIST800-53, HITRUST, PCI, ISO27001, SOC2.
- CISSP, CISA, CRISC or other applicable certifications are a must or willingness to obtain within 1 to 2 years.
- Familiarity with information risk management, and audit assisting tools.
- Ability to collaborate with HIT and Senior Leadership and other business stakeholders to achieve objectives.
- Have strong written, and verbal/presentation communication skills.
- Be organized, detailed oriented, and analytical. Have project managementexperience.
- Strong team player that can work independently.
- BA/BS in Business or Computer related field (e.g. Management Information Systems)
Job ID: 88267