Senior Security Risk Analyst (REMOTE)

Employment Type: Full time Shift: Day Shift Description: POSITION SUMMARY Provides information security risk knowledge and serves as a specialist to identify, prioritize, and collaboratively mitigate cyber risk enterprise-wide. Candidate maintains the ability to be an analytical thinker, collaborative team player, an effective, dynamic communicator, and able to bridge the gap between business demands and cybersecurity requirements. Assists and supports the Manager of Information Security Risk Management in ensuring all projects and services meet Trinity Health Information security and regulatory standards, policies and procedures while delivering business requirements. Performs risk analysis on new projects, security exceptions, and audit issues. Provides governance responsibilities over the security operations of outsourcer vendor(s), infrastructure Third Party Partners (TPP) and Cloud service providers. Acts as an advocate and resource on information security for various Regional Health Ministry areas and/or system-wide initiatives (EMR, patient satisfaction surveys, etc). Assists business owners of various information resources in fully addressing security issues. Responsible for the following: Plan, coordinate and oversee security risk assessments for information systems and third parties Design and compose reports, assessments, and other documents to provide decision support on information security risks and controls for executives, system owners and management Aid the team in assessing the likelihood and impact of adverse events and recommend effective controls and mitigations to management Research, analyze and report on the cybersecurity risk of doing business with third parties Manage and facilitate the response and mitigation of third party security incidents Support the continuous improvement and implementation of Information Security Policies, Standards, Processes, and Procedures Contribute to the enhancement and implementation of the information security risks & controls library Design, implement and manage control assessments to determine if cybersecurity controls are effective and in compliance with applicable requirements Establish and implement effective security awareness practices across the System, including training, phishing, and communications. Keep pace with emerging technology, cyber threats, and industry trends around cybersecurity. Assists and supports the Enterprise Information Security (EIS) Managers, Directors and Health Ministry (HM) Information Security Managers in ensuring all projects and services meet Trinity Health Information Security and regulatory standards while delivering business requirements. ESSENTIAL FUNCTIONS Knows, understands, incorporates and demonstrates the Trinity Health Mission, Vision and Values in behaviors, practices and decisions. Develops designs and operates one or more information security domains. Provides technical consultation and assistance in identifying, evaluating and documenting use of systems and other related services to ensure compliance with EIS policies. Resolves complex security issues, and mitigates threats and vulnerabilities across an Information Security service. Reviews various system and technical documents and applies security templates. Defines security configuration and operational standards for security systems and applications. Interacts with multiple vendors to ensure a cohesive client-vendor relationship that maintains and upholds services in the best interest of Trinity Health. Provides guidance and direction on enterprise security procedures, security technology, and security design work; works with business stakeholders to define Information Security processes. Works collaboratively with other security professionals and Security Managers to standardize information security industry best practices. Contributes to the creation of department procedures, standards and documentation for all information security services. Utilizes excellent verbal and written communication skills. Participates in the creation of annual objectives and tactical plans. Responsible for the prioritization of Infrastructure investments and maintenance involving IT security. Participates in the development and promotion of Information Security information for general awareness. Participates in site-specific meetings. Participates in the creation of the development and implementation of annual objectives and tactical plans to achieve strategic planning initiatives. Monitors or enforces security policies, procedures and standards to ensure conformance with TIS objectives. Ensures all projects and services meet Trinity Health Information security and regulatory standards, policies and procedures while delivering business requirements. Maintains a working knowledge of applicable Federal, State and local laws/regulations; the Trinity Health Integrity and Compliance Program and Code of Conduct; as well as other policies and procedures in order to ensure adherence in a manner that reflects honest, ethical and professional behavior. pay grade 15 range 96,319.82-144,479.7275 MINIMUM QUALIFICATIONS Bachelor’s degree or an equivalent combination of education and experience. Minimum of five (5) years of progressive experience in information services including three (3) years in information security, including experience in compliance with federal and state security regulations. Certified Information Systems Security Professional (CISSP), International Social Security Association (ISSA), Certified Information Systems Auditor (CISA) or equivalent required. Must possess a good understanding of enterprise security best practices relating to implementing and managing enterprise security solutions. Working knowledge of HIPAA, ISO 27001/2, FISMA, FIPS, and NIST security. Experience with administrative and technical assessments as well as enforcing organizational compliance. Must be team oriented, supportive, and committed to excellence and possess high level of initiative and self-motivation with demonstrated work ethic. Must be committed to continual personal and professional growth, possess a pro-active approach with a willingness to “go the extra mile” every time for the customer. Ability to work under general direction, manage multiple priorities and to effectively adapt to rapidly changing technology and business needs with demonstrated ability to prioritize projects and work load. A personal presence which is characterized by a sense of honesty, integrity and caring with the ability to inspire and motivate others to promote the philosophy, mission, vision, goals and values of Trinity Health. PHYSICAL AND MENTAL REQUIREMENTS AND WORKING CONDITIONS Must be able to adapt to frequently changing work priorities, and be able to prioritize and balance the requirements of working with multiple members of the Enterprise Information Security team. Must be able to communicate frequently, in person and over the phone, with people in a number of different locations on technical issues. Manual dexterity is needed in order to operate a keyboard. Hearing is needed for extensive telephone and in person communication. Must be able to travel to the various Trinity Health sites (25%) (may not apply to this position). The above statements are intended to describe the general nature and level of work being performed by persons assigned to this classification. They are not to be construed as an exhaustive list of duties so assigned. Our Commitment to Diversity and Inclusion Trinity Health is one of the largest not-for-profit, Catholic healthcare systems in the nation. Built on the foundation of our Mission and Core Values, we integrate diversity, equity, and inclusion in all that we do. Our colleagues have different lived experiences, customs, abilities, and talents. Together, we become our best selves. A diverse and inclusive workforce provides the most accessible and equitable care for those we serve. Trinity Health is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, status as a protected veteran, or any other status protected by law. Our Commitment to Diversity and Inclusion Trinity Health is a family of 115,000 colleagues and nearly 26,000 physicians and clinicians across 25 states. Because we serve diverse populations, our colleagues are trained to recognize the cultural beliefs, values, traditions, language preferences, and health practices of the communities that we serve and to apply that knowledge to produce positive health outcomes. We also recognize that each of us has a different way of thinking and perceiving our world and that these differences often lead to innovative solutions. Our dedication to diversity includes a unified workforce (through training and education, recruitment, retention, and development), commitment and accountability, communication, community partnerships, and supplier diversity. EOE including disability/veteran