Security Analyst, Compliance (REMOTE)

Employment Type:

Shift:

Description:

POSITION PURPOSE

Provides information security knowledge and skills in managing the administration of information security services under general guidance. Serves as a specialist in one or more specific information security domains, including:

• Risk Assessments (Projects or Programs)
• Data Loss Prevention
• User Access Reviews
• Regulatory Compliance; i.e. PCI
• Security Reporting Tracking & Tools: i.e ServiceNow
• Vulnerability Scanning & Mitigation
• eDiscovery and Forensics
• Incident Response Coordination
• Communications and Awareness

Assists and supports the Enterprise Information Security (EIS) Managers/Directors in ensuring all projects and services meet Trinity Health Information Security and regulatory standards while delivering business requirements.  Establishes and operates information security reporting procedures to validate that security controls remain in place. Acts as an advocate and resource on information security for various Regional Health Ministry (RHM) areas and/or system-wide initiatives.  Assists the business owners of various information resources in addressing security issues.

JOB SPECIFIC DUTIES:

• This role is specifically responsible for Governance, Risk and Compliance (GRC) and monitoring compliance with security standards and regulations including, but not limited to, Health Information Portability and Accountability Act (HIPAA) and the Payment Card Industry Data Security Standard (PCI-DSS).
• The position will support the Cyber Risk and Compliance Manager in the planning, execution and reporting of compliance activities to ensure compliance.  Serves as a subject matter expert in implementation and assessment of security controls designed to meet compliance requirements.  Works with EIS and business management to identify areas of non-compliance and work together with the business leaders to remediate. 
• The position will also support the development, implementation and maintenance of a Governance Risk and Controls (GRC) solution and process to be used across the RHMs.
• Acts as an advocate and resource on compliance and information security controls for various Regional Health Ministry (RHM) leaders.  Assists in the planning and implementation of system-wide initiatives as set forth by the PCI-DSS Executive Steering Committee.

PREFERRED QUALIFICATIONS

• Strong knowledge and experience with the Payment Card Industry Data Security Standard (PCI-DSS)
• Experience with Health Portability and Accountability Act (HIPAA)
• Experience in Governance Risk and Compliance (GRC) solutions and processes.
• Experience in compliance testing activities, documentation, self-assessment reporting, etc.
• Experience in creating and managing information security policies and procedures.
• Experience in evaluating the alignment of processes and controls with policies, standards, guidelines, and best practices
• Experience with the NIST Cybersecurity Framework and HITRUST control framework
• Keeps abreast of the relevant business developments and evolving IT risk areas, particularly those related to PCI-DSS and HIPAA.
• Experience with third party controls attestation reports (SOC2, HITRUST)
• Strong proficiency with MS Office Productivity Applications especially PowerPoint, Excel, and Visio.
• Payment Cardholder Industry Professional (PCIP) or Information Security Assessor (ISA) preferred.  

ESSENTIAL FUNCTIONS

• Knows, understands, incorporates and demonstrates the Trinity Health (TH) Mission, Vision and Values in behaviors, practices and decisions.
• Provides technical consultation and assistance in identifying, evaluating and documenting use of systems and other related services to ensure compliance with EIS policies.
• Reviews various system and technical documents and applies security templates. Defines security configuration and operational standards for security systems and applications.
• Interacts with vendors to ensure a cohesive client-vendor relationship that maintains and upholds services in the best interest of Trinity Health.
• Contributes to the creation of department procedures, standards and documentation for all information security services. Utilizes excellent verbal and written communication skills.
• Represents the EIS Director, when applicable, on EIS matters as well as serve as EIS liaison with RHM Security Leads and Privacy Officials.
• Participates in the development and promotion of Information Security information for general awareness.
• Participates in site-specific meetings.  Participates in the creation of the development and implementation of annual objectives and tactical plans to achieve strategic planning initiatives.  Monitors or enforces security policies, procedures and standards to ensure conformance with TIS objectives.
• Maintains a working knowledge of applicable Federal, State and local laws/regulations; the Trinity Health Integrity and Compliance Program and Code of Conduct; as well as other policies and procedures in order to ensure adherence in a manner that reflects honest, ethical and professional behavior.
• pay grade 14 range 84,491.07-126,736.6031

MINIMUM QUALIFICATIONS

• Bachelor’s degree or an equivalent combination of education and experience.
• Minimum of three (3) years of progressive experience in Information Services including one (1) year in information security, including experience in compliance with federal and state security regulations
• Certified Information Systems Security Professional (CISSP), International Social Security Association (ISSA), Certified Information Systems Auditor (CISA) or equivalent preferred. 
• Must possess a general understanding of enterprise security best practices relating to implementing and managing enterprise security solutions.
• Working knowledge of one or more information security regulations and/or frameworks; i.e. HIPAA, ISO 27001/2, FISMA, FIPS, and NIST security.
• Experience with administrative and technical assessments as well as enforcing organizational compliance.
• Must be team oriented, supportive, and committed to excellence and possess high level of     initiative and self-motivation with demonstrated work ethic.
• Must be committed to continual personal and professional growth, possess a pro-active approach with a willingness to “go the extra mile” every time for the customer.
• Ability to work under general direction, manage multiple priorities and to effectively adapt to rapidly changing technology and business needs with demonstrated ability to prioritize projects and work load.
• A personal presence which is characterized by a sense of honesty, integrity and caring with the ability to inspire and motivate others to promote the philosophy, mission, vision, goals and values of Trinity Health.

Our Commitment to Diversity and Inclusion
 

Trinity Health is one of the largest not-for-profit, Catholic healthcare systems in the nation. Built on the foundation of our Mission and Core Values, we integrate diversity, equity, and inclusion in all that we do. Our colleagues have different lived experiences, customs, abilities, and talents. Together, we become our best selves. A diverse and inclusive workforce provides the most accessible and equitable care for those we serve. Trinity Health is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, status as a protected veteran, or any other status protected by law.