IS Training & Governance Analyst - IS Security
The Steward Health Care, Office of Information Security (OIS) is responsible for the establishment, oversight, operations, formalization, operational effectiveness and efficient execution of the Information Security Program and all relevant elements. The OIS Training & Governance team is responsible for establishing, maintaining, reconciling, updating, organizing and publishing all formal Security Documentation, including:
* Establishing a security training program designed to facilitate a safe computing environment for all associates, contractors and other business partners;
* Initiating, facilitating, and promoting activities to foster information security awareness within Steward Health Care;
* Monitoring changes in legislative, regulatory and statutory obligations pertaining to the healthcare industry in particular and ensuring that internal controls remain compliant; and
* Serving as a first line liaison between OIS and Steward Workforce.
An OIS Senior Analyst on the Security Governance Team will have direct corporate responsibility for establishing, maintaining, reconciling, updating, organizing and publishing all formal Security Documentation, including:
* A formal Written Information Security Program (WISP) document; and
* A Comprehensive List of Authoritative Source Requirements; and
* An Internal Security Controls Catalog; and
* A Catalog of Certified Solutions; and
* All Security Solution Technical Specifications Documents and Diagrams; and
* All Policies, Procedures and Standards; and
* All Training Materials, Guidelines, Alerts, Bulletins and Notices; and
* All Security Sub-Program Documentation and
* All Security Process Workflow Maps; and
* All other documentation needed to support and maintain a mature effective Information Security Program.
An OIS Senior Analyst on the Security Governance Team may periodically be assigned to oversee:
* Projects, processes, procedures, standards, tools and other activities as assigned by OIS Leadership; and
* An OIS Senior Analyst on the Security Governance Team may periodically provide leadership over other staff within the context of a given assignment.
REQUIRED KNOWLEDGE & SKILLS:
Candidates that most effectively exhibit the following competencies will be given preference:
* Writing skills
* Attention to detail
* Organizational skills
* High standards
* Artistic Creativity
* Conscientious of deadlines
* Motivation and Initiative
* Organizational astuteness
* Responsiveness to customers
* Analytical thinking
* Confidence and high integrity
* Business Acumen
* Attitude and Aptitude
In addition, candidates that possess/demonstrate the strongest of the following qualifications will be given preference:
* Previous experience in Information Security or other Information Technology role.
* Previous experience in a Healthcare organization.
* Working knowledge of Information Security/Privacy Laws, Regulations and Contractual Obligations (e.g., PHI, PII, HIPAA, MA- 201.CMR.17, PCI-DSS, Regulatory Data Usage Agreements, Joint Commission, etc).
* Experience working with Best Practice Frameworks in Information Security, Risk Management and Service Management (e.g., ISO 27000; ITIL; NIST 800, COBIT, ITSM, HITRUST, Cloud Security Alliance, etc.).
* Education: Education/Degree (e.g., Certificate, Associates, Bachelors, Masters, Doctorate)
* Experience (Type & Length): 3-5 years' related experience.
* Certification/Licensure: Professional certifications (e.g., CISSP, CISM, CRISC, CGEIT, CISA, CSX, PMI-RMP, ITIL, CRMA, GRCP, HITRUST CSF, etc.)
* Software/Hardware: MS Office Suite
Job Status: Full Time
Job Reference #: 51122