Sr Security Analyst

Advocate Health Care   •  

Oak Brook, IL

5 - 7 years

Posted 293 days ago

This job is no longer available.

JOB SUMMARY:

The Sr. Security Analyst will serve within the Health Informatics and Technology (HIT) department and under the leadership of the Enterprise Change Control/IS Security Manager. 

  • Guides, drives, and helps with the continuous enhancement of the IS SecurityRisk Management, Change Control and the Business Continuity Management Programs.
  • Performs various risk assessments (e.g. application/system risk and business impact analyses), identifies specific controls needed based on IT/Security regulatory guidance and best practices, and provides a monitoring and testing strategy for ongoing HIT enterprise initiatives.
  • Assists with integrating the overall IS SecurityRisk Management program with the business continuity efforts for core Electronic Medical Record (EMR) systems and other ancillary applications.
  • Works closely with HIT and business key stakeholders to educate on control requirements and associated inherited and residual risk exposures.
  • Ensures that HIT has a comprehensive and sound security practice so that assurance and reliance can be placed on the security, confidentiality and IT compliance for the organization.

RESPONSIBILITIES:

  • Data collection and aggregation: consulting with end users in specific departments/divisions to obtain information related to various risk assessments and create report deliverables;
  • Familiarity with the Business Continuity and Disaster Recovery processes including, but not limited to the following: performing business impact analysis, strategic selection of systems for disaster recovery, and coordinating mock-disaster recovery exercises to test the adequacy of existing IS plans;
  • On-call support as a result of Disaster Recovery needs and activities
  • Coordinate change control activities (e.g. SDLC) for various core Advocate systems;
  • Prepare, conduct, and assist with remediation of both internal and external audits, security/risk assessments, and vulnerability scans. Assist with coordinating requests from auditors during the audit review period;
  • Traveling to Advocate sites for various meetings

REQUIRED QUALIFICATIONS:

  • 5 to 7 years of experience with information system security programs, IT audits, controls, and risk assessments;
  • Demonstrates proficiency in regulatory requirement guidelines like NIST800-53, HITRUST, PCI, ISO27001, SOC2.
  • CISSP, CISA, CRISC or other applicable certifications are a must or willingness to obtain within 1 to 2 years.
  • Familiarity with information risk management, and audit assisting tools.
  • Ability to collaborate with HIT and Senior Leadership and other business stakeholders to achieve objectives.
  • Have strong written, and verbal/presentation communication skills.
  • Be organized, detailed oriented, and analytical. Have project managementexperience.
  • Strong team player that can work independently.
  • BA/BS in Business or Computer related field (e.g. Management Information Systems)

Job ID: 88267