Analyst I - Information Security Risk en HonorHealth
HonorHealth · Phoenix, Estados Unidos De América · Onsite
- Professional
- Oficina en Phoenix
Overview:Looking to be part of something more meaningful? At HonorHealth, you’ll be part of a team, creating a multi-dimensional care experience for our patients. You’ll have opportunities to make a difference. From our Ambassador Movement to our robust training and development programs, you can select where and how you want to make an impact. HonorHealth offers a diverse benefits portfolio for our full-time and part-time team members designed to help you and your family live your best lives. Visit honorhealth.com/benefits to learn more. Join us. Let’s go beyond expectations and transform healthcare together. HonorHealth is one of Arizona’s largest nonprofit healthcare systems, serving a population of five million people in the greater Phoenix metropolitan area. The comprehensive network encompasses six acute-care hospitals, an extensive medical group with primary, specialty and urgent care services, a cancer care network, outpatient surgery centers, clinical research, medical education, a foundation, an accountable care organization, community services and more. With nearly 17,000 team members, 3,700 affiliated providers and close to 2,000 volunteers dedicated to providing high quality care, HonorHealth strives to go beyond the expectations of a traditional healthcare system to improve the health and well-being of communities across Arizona. Learn more at HonorHealth.com.Responsibilities:Job Summary
The Information Security Risk Analyst I has principal accountabilities including ensuring the appropriate levels of information technology security are utilized throughout the organization based upon HIPAA, HITECH and other regulations, specific information security management controls, and best practice processes. The Information Security Risk Analyst will work closely with the Corporate Compliance and Human Resources departments to measure and monitor compliance with HIPAA and HITECH security requirements, corporate and industry standards, and requirements assigned by Chief Information Security Officer. In addition, the Information Security Risk Analyst will be responsible for information security related policy review activities, coordination and support of internally sponsored security audits and assessments, and support of 3rd party conducted risk assessments and compliance audits.
Essential Functions
The Information Security Risk Analyst I has principal accountabilities including ensuring the appropriate levels of information technology security are utilized throughout the organization based upon HIPAA, HITECH and other regulations, specific information security management controls, and best practice processes. The Information Security Risk Analyst will work closely with the Corporate Compliance and Human Resources departments to measure and monitor compliance with HIPAA and HITECH security requirements, corporate and industry standards, and requirements assigned by Chief Information Security Officer. In addition, the Information Security Risk Analyst will be responsible for information security related policy review activities, coordination and support of internally sponsored security audits and assessments, and support of 3rd party conducted risk assessments and compliance audits.
Essential Functions
- Completes Level 1 – Level 4 Risk Assessments
- Develops, reviews, and maintains all policies, procedures and standards for identifying, tracking, and reporting authorized and unauthorized access and/or breaches of information security, confidentiality and privacy.
- Analyzes information technology application and network requirements and develops specifications for information security profiles for access and audits.
- Actively tracks and works with Information Services teams to resolve all non-compliance issues identified through audits, and/or walkthroughs.
- Work collaboratively with Human Resources, Corporate Compliance, and Security Operations Center staff to address any confirmed information security breaches and/or abuse situations.
- Develops, coordinates and oversees on a routine basis internal and external vulnerability assessments.
- Participates in a proactive audit process that monitors and reviews employee, physicians, contractors, and volunteer access.
- Designs and performs Internet access and usage audits to maintain security as well as identify and block inappropriate web sites.
- Designs, builds, tests and utilizes Internet access and monitoring reports that highlight employee, physicians, and volunteer abuse
- Collaborates and performs walkthroughs with Corporate Compliance Department staff to identify existing non-compliance areas and issues.
- Performs other duties as assigned.
- Bachelor's Degree or 4 years' work related experience in Information Security experience and training that provides the required knowledge, skills, and abilities. - Preferred
- Associate's Degree or 2 years' work related experience in Computer Science, Information Technology or similar field from an accredited college or university - Required
- 2 years of progressive experience in Information Technology, Information Security or Risk Management. - Required
- 4 years of progressive experience in Information Technology, Information Security or Risk Management - Preferred
- Ability to obtain SAN, GIAC, CISSP, IAM, IEM, engineering security designation or Information Security Risk certification - Preferred
