Information Security Analyst
Posted Date: 3/5/2020
- The Information Security Analyst is responsible for supporting the Information Security Officers (ISO), engaging in Steward Health Care (SHC) Business and Technology initiatives that impact all Entities, Employees, and non-employee workforce and have a known or unknown security component.
- The Information Security Analyst works with committees, leadership and staff throughout Steward Health Care System to understand the business and operational objectives in order to identify security related needs.
- Participates in the development and implementation of the SHC IS Information Security program in a manner that fulfills the mission and strategic goals of the program while complying with state and federal laws and accreditation standards related to Risk Management; collaborating with site and SHC Information Security, Privacy and Compliance as required.
- Maintains up to date knowledge of, and expertise in the administration and management of SHC and site-base information security program and assists Information Security Officers in these initiatives.
- Develop an understanding of Steward’s business applications, information security and privacy service, delivery and service management offerings.
- Assist in gathering and documenting requirements from business unit representatives and work with the SecOps and Threat Intelligence and Security Innovation teams to ensure Steward’s business needs are being met with regards to alerts, reports, and overall security and privacy monitoring.
- Facilitate vendor and enterprise risk assessments with appropriate business partners.
- Enhance or improve existing support processes for the Office of Information Security including improvements within tools that are utilized.
- Conduct and advise Information Security and Privacy training on an as needed basis.
- Support Information Security Officers in project and site initiatives as needed.
- Participates in the development of SHC Information Security Policies and in the formulation of local procedures and practices to ensure compliance (standards, guidelines).
- Assist Information System (IS) incident handling to facilitate closure at SHC and at institution level where necessary.
- Administers tracking, auditing, and response to device security, including safe and secure hardware and media disposal for SHC facilities, consistent with SHC policies.
- Support continuous information security and privacy process improvement efforts associated with the effective and efficient application of information security and privacy tools.
- Assist business users, project managers and IS leadership in optimizing the scope, benefits and information security and privacy risk management of proposed projects and initiatives; and help manage expectations of users and management.
- Create, review, and update documentation related to the information security and information privacy controls.
- Facilitate and/or attend meetings as required in order to accomplish work goals and objectives
- Prepare reports by collecting, analyzing, and summarizing information, especially around data loss prevention and electronic medical records access.
- Develop, maintain and support an understanding of applicable state and federal regulations.
- Assist in the preparation and conduct Vendor access audits and screenings as needed.
- Liaison with Compliance, Human Resources and other departments as needed.
- Strong business and analytical skills to identify and implement business information security and privacy requirements.
- Ability to interpret business objectives into functional information security and privacy activities that deliver against the risk management objectives.
- Understanding of change management and ability to work under the required guidelines and deliver on business/project requirements.
- Ability to deal sensitively and effectively at all levels of the organization including both technical and non-technical, management, and senior leadership.
- Comfortable working in a dynamic environment with multiple work streams, goals, and objectives.
- High level critical thinking and strategic planning skills; ability to prioritize assignments.
- Excellent written and verbal communications, effective interpersonal skills, strong formal presentation abilities and good leadership skills.
- Ability to work independently with minimal supervision.
- Bachelor’s degree (B.A. / B.S.) or equivalent in computer science, business administration, or equivalent discipline from an accredited college or university required.
- 3+years of experience in IT required.
- Minimum 2 years of experience in an information security or information privacy role or experience with security and internetworking devices and software, including some experience with large mission-critical networks.
- Awareness or ability to understand HIPAA, HITECH, Mass ID Theft regulation 201 CMR 17, and other appropriate information security and information privacy state and federal regulatory requirements for healthcare entities.
- Bachelor's degree from a four-year accredited college/university or equivalent experience may be substituted.
- Preferred: Any of the following certifications: PMP, ITIL, or any of the following Information Security Certifications: CISSP, HCISSP, CISM, CISA, CIPP, CIPM, CIPT, CPHIMS, PCIP, GSEC, GCIH, GCFE, GCFA, CEH, GPEN, and PMP.