Privacy and Information Security Risk Management Analyst
Qualifications
Education
Bachelor's Degree in Computer Science, Information Security, Business, Management, STEM, or related field is required. Equivalent combination of education and experience may be substituted.
Certification / Registration / Licensure
Certified Information Systems Security Professional (CISSP) is required within 12 months of hire.
Desired Certifications
Healthcare Information Security and Privacy Practitioner (HCISPP)
Certified in Risk and Information Systems Control(CRISC)
Certified Information Systems Auditor (CISA)
Experience
• Previous experience in information systems and information security as typically acquired in five years in a similar position
• Three years of healthcare information technology industry experience highly desired
• Extensive experience with security tools in the healthcare industry
• Proven history of executing business impacting projects with defined scope, deliverables, and timelines
Knowledge
• Thorough knowledge of information systems security concepts, current information security trends, and practices including security processes and methods
• Expert knowledge in security concepts, practices, and procedures
• Thorough knowledge of software, hardware, databases, networks, firewalls, encryption, and other systems security devices
• Working knowledge of TCP/IP, DNS, DHCP, Active Directory, network topologies, and intrusion detection systems
• Familiarity with various database architectures and related security best practices
• General knowledge of federal and state security and privacy-related regulatory requirements
• Detailed knowledge regarding NIST, HIPAA, FIPS, and other related industry security standards, regulations, and best practices
Skills
• Demonstrated strong quantitative, analytical, and conceptual thinking skills
• Strong technical skills in planning, administration, and management of information systems, operational and technical security controls, and security risk analysis and management
• Excellent written and verbal communication skills with the ability to build effective working relationships with all levels of internal and external constituencies
• Strong organizational, analytical, and problem-solving skills
• Demonstrated ability to prioritize work while multi-tasking on assigned work in order to meet deadlines
• Proven ability to effectively leverage vast detailed knowledge and familiarity with security disciplines
• Demonstrated ability to identify key concepts, factors, and risks based on conversations and document them in clear and concise narrative or graphic reports
• Proven ability to train others on various system security threat mitigations
• Strong diagnostic capabilities
• Demonstrated strong quantitative, analytical, and conceptual thinking skills
• Strong technical skills in planning, administration, and management of information systems, operational and technical security controls, and security risk analysis and management
• Excellent written and verbal communication skills with the ability to build effective working relationships with all levels of internal and external constituencies
• Strong organizational, analytical, and problem-solving skills
• Demonstrated ability to prioritize work while multi-tasking on assigned work in order to meet deadlines
• Proven ability to effectively leverage vast detailed knowledge and familiarity with security disciplines
• Demonstrated ability to identify key concepts, factors, and risks based on conversations and document them in clear and concise narrative or graphic reports
• Proven ability to train others on various system security threat mitigations
• Strong diagnostic capabilities
