Senior Security Analyst
Grand Rapids, Michigan
- Under minimal supervision assists with and supports enterprise information security risk management processes and risk management activities including system and vendor/third party risk assessments in a large multi-site integrated Healthcare system.
- Participates in the continual improvement of risk management tools and processes.
- Analyzes technical architectures, designs and solutions to provide expertise and consulting assistance for Information Services (IS), business, and clinical projects as well as externally-hosted applications and infrastructure systems, to ensure appropriate controls for security and regulatory compliance.
- Participates and documents security matters in product selection, procedure development, application development, database design, network and/or platform (operating system) efforts.
- Analyzes, documents and communicates security and compliance risks from assessments and reviews of internally and externally-hosted applications and infrastructure systems.
- Consults on security risk analysis scenarios and response procedures, based upon emerging security threats, as needed.
- Competent to work with cross-functional teams including engineering, architecture, development, privacy, legal, contract management, clinical and business units in a diverse technology portfolio to address organizational risk, regulatory compliance, patient data and patient safety risks.
- Analyzes and consults on third party risk assessments, monitoring and remediation plans.
- Conducts accurate evaluations of the level of security required. Interfaces with user community to understand their security needs and recommends procedures to accommodate them.
- Weighs business needs against security concerns, and articulates issues to management.
- May be responsible for completion of project work and/or project phases.
- Regularly provides guidance and training to less experienced Security Analysts, and supports Privacy Analysts, as needed.
- Familiarity with NIST Cybersecurity Framework, HITRUST, Meaningful Use, FDA regulated medical systems, HIPAA PHI protection requirements, PCI compliance requirements, and SOC1, SOC 2 assertions and reporting as well as associated regulations.
- Experience or familiarity with Enterprise Governance, Risk & Compliance and Governance, Risk and Compliance (GRC) tools required.
- Preferred Qualifications:
- Education - Bachelor's Degree or equivalent or equivalent
- Experience - 5 years of experience typically gained through skills/knowledge/abilities in the field, Experience in security analysis, data loss and breach prevention, or information management, preferably in an integrated delivery system, Background demonstrative of the highest level of personal and professional integrity in handling sensitive and confidential information