Info. Security-GRC Sr Analyst

Interested in a career with both meaning and growth? Whether your abilities are in direct patient care or one of the many other areas of healthcare administration and support, everyone at Parkland works together to fulfill our mission : the health and well-being of individuals and communities entrusted to our care. By joining Parkland, you become part of a diverse healthcare legacy that's served our community for more than 125 years. Put your skills to work with us, seek opportunities to learn and join a talented team where patient care is more than a job. It's our passion.

PRIMARY PURPOSE The primary purpose of this role is to support a technical, procedural, and strategic framework that provides the means to attain and continually monitor Parklands compliance posture requirements as well as supporting the management of organizational risk.

MINIMUM SPECIFICATIONS

Education - Must have Bachelor's degree in Information Technology, or a related field.

Experience - Must have six years of IT governance, risk and compliance experience, preferably in Healthcare.

Equivalent Education and / or Experience - May have an equivalent combination of education and / or experience in lieu of specific education and / or experience as stated above.

Certification / Registration / Licensure - Must have one of the following certifications within 6 months of placement in position : CompTIA Security+ Certified Information Systems Auditor (CISA) Certification in Risk Management Assurance (CRMA) Certified Information Security Manager (CISM) Certified Information Systems Security Professional (CISSP) Payment Card Industry Professional (PCIP)

Skills or Special Abilities - Must have strong written, verbal, presentation and interpersonal skills. - Must have a strong ability to analyze processes that store, transmit, and / or process data and measure such processes against industry best practices, regulatory requirements, and business requirements to ensure adequate protection of the confidentiality, integrity, and availability of such data. - Must possess strong report development and presentation abilities with standard office software suites. - Must have a strong capability to transform broad direction into tangible action plans. - Must be capable of presenting information to diverse audiences in an engaging, succinct and effective manner. - Must have a strong ability to support the legitimacy of review findings and associated recommendations with rational, defensible arguments that correlate to regulatory or business requirements, and best practices of information security. - Must demonstrate sound judgment and attention to detail while prioritizing and delivering on a wide range of challenges and tasks. - Must be an assertive self-starter and independent thinker with the ability to work effectively in team environment. - Working knowledge of design and implementation : Local area networks, Microsoft Active Directory / GPO, Data Loss Prevention, Encryption Technologies, Vulnerability Management, Intrusion Detection Systems, Intrusion Prevention Systems, Linux Operating Systems, Windows Operating Systems, Communication Protocols, Multi-factor authentication, Cloud Access Security Broker, Endpoint Detection and Response Technologies, Security Information and Event Management Tools - Must have advanced working knowledge of the HIPAA Security Rule and PCI. - Must be able to listen and communicate effectively with executive level staff and leadership teams.

Responsibilities 1. Coordinates all aspects of the delivery of Parklands Information Security Risk Management Program. These aspects include, but are not limited to, keeping documentation current, relevant and compliant. Coordinating stakeholders as necessary to determine, assess and prioritize risks and risk management activities. Coordinates the implementation requirements and documentation of controls required by such risk management activities. Through administrative, physical and technical implemented controls addresses identified risks with full consideration for all stakeholder interests including campus partners and the patients and families we serve. 2. Continuously measures and monitors information security controls to ensure implementation matches intent, relevance, measureability, enforcement and that such controls have direct correlations to federal, state, and / or Parkland business requirements. Provides regular reporting on established controls and their efficiency. 3. Responsible for the development of Parklands Information Security Awareness Program while coordinating with campus partners and key stakeholders to develop uniform, encompassing, engaging and effective training. This would include hosting information security awareness events, training staff at divisional meetings, developing content for Parklands learning management system and tracking and reporting on Parkland workforce security awareness training compliance. 4. Effectively identifies opportunities to integrates security measures into organizational business processes that involve Parklands data or impact the effectiveness of implemented security controls. Ensures existing security controls are adequate and recommends new security controls as needed. 5. Serves as the coordination point for all Information Security audits by internal or external sources. Tracks and reports on the status of open audit items in a consistent and professional manner and ensures timely closure of deliverables. Ensures audit findings are integrated into the risk management process to prevent future findings of a similar nature. 6. Maintains knowledge of applicable rules, regulations, policies, laws and guidelines that may impact Parkland. Develops relevant and easily understandable information security policies, processes, procedures, standards and guidelines to assess and routinely report on compliance with such policies, procedures, standards and guidelines. Develops effective internal controls designed to promote adherence with applicable laws, accreditation agency requirements, and federal, state, and private health plans. Seeks advice and guidance as needed to ensure proper understanding. 7. Identifies and analyzes work processes, work flows, etc. specifically for the Information Security area and recommends appropriate changes to improve effectiveness, productivity and efficiency that support the overall goals of the department and Parkland. 8. Stays abreast of the latest developments, advancements and trends in the field of Information Security by attending seminars / workshops, reading professional journals, actively participating in professional organizations and maintaining active certification. Integrates knowledge gained into current work practices.

Parkland Health and Hospital System prohibits discrimination based on age (40 or over), race, color, religion, sex (including pregnancy), sexual orientation, gender identity, gender expression, genetic information, disability, national origin, marital status, political belief, or veteran status.As part of our commitment to our patients and employees' wellness, Parkland Health is a tobacco and smoke-free campus.