Security Analyst - Governance, Risk, and Compliance
Washington Regional Medical Center
This job is no longer accepting applications
See open jobs at Washington Regional Medical Center.See open jobs similar to "Security Analyst - Governance, Risk, and Compliance" Northwest Arkansas.Job Details
Description
Organization Overview, Mission, Vision and Values
Our mission is to improve the health of people in the communities we serve through compassionate, high-quality care, prevention, and wellness education. Washington Regional Medical System is a community-owned, locally governed, non-profit health care system located in Northwest Arkansas in the heart of Fayetteville, which is consistently ranked among the 10 Best Places to Live in the country. Our 425-bed medical center has been named the #1 hospital in Arkansas for three consecutive years by U.S. News & World Report. We employ 3,400+ team members and serve the region with over 45 clinic locations, the area’s only Level II trauma center, and five Centers of Excellence - the Washington Regional J.B. Hunt Transport Services Neuroscience Institute; Washington Regional Walker Heart Institute; Washington Regional Women and Infants Center; Washington Regional Total Joint Center; and Washington Regional Pat Walker Center for Seniors.
Position Summary
The role of the Security Analyst reports to the Information Security Manager. This position is responsible for conducting comprehensive analysis of highly complex IT infrastructure, systems and applications to identify and classify potential risk to data, business and IT infrastructure.
Essential Position Responsibilities
- Conduct detailed risk assessments and ensure all projects and initiatives meet WMRS compliance policies, standards, and procedures including government and medical agency regulations.
- Partner with appropriate stakeholders, personnel, and vendors to review risk assessment data.
- Recommend remediation strategies including risk-based prioritization of action items and identification of mitigating controls; as well as evaluate, develop, and recommend latest information security assessment tools/techniques.
- Enhance and maintain the IT Risk GRC solution and update and improve the Security Risk Assessment process for WRMS.
- Develop and implement best practices, strategies, methodologies, and documentation and templates suitable for use.
- Assist in the implementation, operation, and maintenance of our common controls framework for continuously testing and monitoring of all information security controls.
- Identify and evaluate complex business and technology risks, internal controls which mitigate risks, and related opportunities for internal control improvement.
- Assist with information security compliance activities, including HIPAA.
- Provide additional support, as needed, to achieve team and system objectives.
- Assist in designing, creating, and maintaining risk-based metrics.
Qualifications
- Education: High school diploma or GED. Bachelor’s degree in computer science, Engineering, Information Systems or similar field OR 5+ years of relevant work experience with 2 years of experience in security governance, risk management, compliance, audit, internal controls.
- Licensure and Certifications: Valid driver’s license and auto liability insurance, required. CISSP, CISA, CISM, CRISC, or GIAC certified, preferred.
- Experience: A strong understanding in one or more of the following industry compliance and security standards and frameworks: ISO 27001, ITIL, COBIT, PCI DSS, SOC 2, CSA, CCM, CIS Benchmarks and NIST frameworks. Proficient knowledge of hardware/software architecture and domains in IT operations with a focus on governance, risk, and compliance. Understanding of legal and regulatory compliance standards and requirements against data and IT, including HIPAA, FERPA, Payment Card Industry Data Security Standard (PCIDSS), ISO27001, NIST and COBIT.
Work Environment: This position will spend 80% of the time sitting while performing work in a standard office environment. This position will spend 20% of the time walking and/or standing while pushing, pulling, lifting, and/or carrying up to 50 lbs. This position will require travel between Washington Regional campuses.
This job is no longer accepting applications
See open jobs at Washington Regional Medical Center.See open jobs similar to "Security Analyst - Governance, Risk, and Compliance" Northwest Arkansas.