Posted February 01, 2020

Privacy and Information Security Risk Management Analyst

Sutter Health
Sacramento, CA, USA Full Time
Reference: SutterHealthSHSO-2000132

The Privacy and Information Security Risk Management Analyst (Analyst) utilizes the Sutter Health governance, risk management, and compliance (GRC) platform to conduct and validate technical security reviews and security assessments in alignment with the Sutter Health information security controls framework, state and federal regulations, and industry security best practices, culminating in the production of security risk assessment reports. The Analyst acts as a technical advisor to security leadership, Information Services (IS) departments, and Sutter Health business units on security-related issues and risks and provides support by leading resolution on complex security issues and initiatives. In addition, the Analyst provides security training to IS staff members through new hire orientation, just-in-time training, and regular department training. The Analyst also develops and/or reviews technical information security policies, procedures, standards, and guidelines to support Sutter Health business initiatives, conducts technical security-related research and analysis and translates the results into meaningful input to the Information Security program. The Analyst possesses detailed knowledge regarding NIST, HIPAA/HITECH, FIPS, and other related industry security standards, regulations, and best practices. The Analyst reports to the manager of the Security Risk Management team.

Qualifications

Education

Bachelor's Degree in Computer Science, Information Security, Business, Management, STEM, or related field is required. Equivalent combination of education and experience may be substituted.

Certification / Registration / Licensure

Certified Information Systems Security Professional (CISSP) is required within 12 months of hire.

Desired Certifications

Healthcare Information Security and Privacy Practitioner (HCISPP)
Certified in Risk and Information Systems Control(CRISC)
Certified Information Systems Auditor (CISA)

Experience

• Previous experience in information systems and information security as typically acquired in five years in a similar position
• Three years of healthcare information technology industry experience highly desired
• Extensive experience with security tools in the healthcare industry
• Proven history of executing business impacting projects with defined scope, deliverables, and timelines

Knowledge

• Thorough knowledge of information systems security concepts, current information security trends, and practices including security processes and methods
• Expert knowledge in security concepts, practices, and procedures
• Thorough knowledge of software, hardware, databases, networks, firewalls, encryption, and other systems security devices
• Working knowledge of TCP/IP, DNS, DHCP, Active Directory, network topologies, and intrusion detection systems
• Familiarity with various database architectures and related security best practices
• General knowledge of federal and state security and privacy-related regulatory requirements
• Detailed knowledge regarding NIST, HIPAA, FIPS, and other related industry security standards, regulations, and best practices

Skills

• Demonstrated strong quantitative, analytical, and conceptual thinking skills
• Strong technical skills in planning, administration, and management of information systems, operational and technical security controls, and security risk analysis and management
• Excellent written and verbal communication skills with the ability to build effective working relationships with all levels of internal and external constituencies
• Strong organizational, analytical, and problem-solving skills
• Demonstrated ability to prioritize work while multi-tasking on assigned work in order to meet deadlines
• Proven ability to effectively leverage vast detailed knowledge and familiarity with security disciplines
• Demonstrated ability to identify key concepts, factors, and risks based on conversations and document them in clear and concise narrative or graphic reports
• Proven ability to train others on various system security threat mitigations
• Strong diagnostic capabilities
• Demonstrated strong quantitative, analytical, and conceptual thinking skills
• Strong technical skills in planning, administration, and management of information systems, operational and technical security controls, and security risk analysis and management
• Excellent written and verbal communication skills with the ability to build effective working relationships with all levels of internal and external constituencies
• Strong organizational, analytical, and problem-solving skills
• Demonstrated ability to prioritize work while multi-tasking on assigned work in order to meet deadlines
• Proven ability to effectively leverage vast detailed knowledge and familiarity with security disciplines
• Demonstrated ability to identify key concepts, factors, and risks based on conversations and document them in clear and concise narrative or graphic reports
• Proven ability to train others on various system security threat mitigations
• Strong diagnostic capabilities

Primary Location

: California-Greater Sacramento Area-Roseville

Organization

: Sutter Health System Office

Employee Status

: Regular

Posting Type: All Applications Accepted
Benefits: Yes Position Status: Exempt Union: No

Job Shift: Day Shift Hours: 8 Hour Shift
Days of the Week Scheduled: Monday-Friday Weekend Requirements: Other
Schedule: Full Time Hrs Per 2wk Pay Period: 80

All qualified applicants will receive consideration for employment without regard to race, color, creed, religion, marital status, sexual orientation, registered domestic partner status, sex, gender, gender identity or expression, ancestry, national origin (including possession of a driver's license issued to individuals who did not present proof of authorized presence in the U.S.), age, medical condition, physical or mental disability, military or protected veteran status, political affiliation, pregnancy or perceived pregnancy, childbirth, breastfeeding or related medical condition, genetic information or any other characteristic made unlawful by local, state, or federal law, ordinance or regulation. External hires must pass a background check/drug screening. Qualified applicants with arrest and/or conviction records will be considered for employment in a manner consistent with Federal, state, and local laws, including but not limited to the San Francisco Fair Chance Ordinance.

Sign up for Job Alerts


Share this Job