Listing Description
About the Role
The Privacy and Information Security Risk Management Analyst (Analyst) utilizes the governance, risk management, and compliance (GRC) platform to conduct and validate technical security reviews and security assessments in alignment with the information security controls framework, state and federal regulations, and industry security best practices, culminating in the production of security risk assessment reports. The Analyst acts as a technical advisor to security leadership, Information Services (IS) departments, and business units on security-related issues and risks and provides support by leading resolution on complex security issues and initiatives. In addition, the Analyst provides security training to IS staff members through new hire orientation, just-in-time training, and regular department training.
The Ideal Candidate
The Analyst also develops and/or reviews technical information security policies, procedures, standards, and guidelines to support business initiatives, conducts technical security-related research and analysis and translates the results into meaningful input to the Information Security program. The Analyst possesses detailed knowledge regarding NIST, HIPAA/HITECH, FIPS, and other related industry security standards, regulations, and best practices. The Analyst reports to the manager of the Security Risk Management team.
Minimum Qualifications
Bachelor's Degree in Computer Science, Information Security, Business, Management, STEM, or related field or equivalent education/experience required.
A Master’s or higher degree in health law with one-year experience also meets the required education/experience.
Certified Information Systems Security Professional - CISSP 1 Year required.
Healthcare Information Security and Privacy Practitioner (HCISPP), Certified in Risk and Information Systems Control (CRISC), Certified Information Systems Auditor (CISA) preferred.
Thorough knowledge of information systems security concepts, current information security trends, and practices including security processes and methods
Expert knowledge in security concepts, practices, and procedures
Thorough knowledge of software, hardware, databases, networks, firewalls, encryption, and other systems security devices
Working knowledge of TCP/IP, DNS, DHCP, Active Directory, network topologies, and intrusion detection systems
Familiarity with various database architectures and related security best practices
General knowledge of federal and state security and privacy-related regulatory requirements
Detailed knowledge regarding NIST, HIPAA, FIPS, and other related industry security standards, regulations, and best practices
About CynergisTek
CynergisTek is a top-ranked cybersecurity and information management consulting firm dedicated to serving the healthcare industry. CynergisTek offers specialized services and solutions to help organizations achieve privacy, security, compliance, and document output goals. Since 2004, the company has served as a partner to hundreds of healthcare organizations and is dedicated to supporting and educating the industry by contributing to relevant industry associations.The Ideal Candidate
The Analyst also develops and/or reviews technical information security policies, procedures, standards, and guidelines to support business initiatives, conducts technical security-related research and analysis and translates the results into meaningful input to the Information Security program.
The Analyst possesses detailed knowledge regarding NIST, HIPAA/HITECH, FIPS, and other related industry security standards, regulations, and best practices.
The Analyst reports to the manager of the Security Risk Management team.
Minimum Qualifications
Bachelor's Degree in Computer Science, Information Security, Business, Management, STEM, or related field or equivalent education/experience required.
A Master’s or higher degree in health law with one-year experience also meets the required education/experience.
Certified Information Systems Security Professional - CISSP 1 Year required.
Healthcare Information Security and Privacy Practitioner (HCISPP), Certified in Risk and Information Systems Control (CRISC), Certified Information Systems Auditor (CISA) preferred.
Thorough knowledge of information systems security concepts, current information security trends, and practices including security processes and methods
Expert knowledge in security concepts, practices, and procedures
Thorough knowledge of software, hardware, databases, networks, firewalls, encryption, and other systems security devices
Working knowledge of TCP/IP, DNS, DHCP, Active Directory, network topologies, and intrusion detection systems
Familiarity with various database architectures and related security best practices
General knowledge of federal and state security and privacy-related regulatory requirements
Detailed knowledge regarding NIST, HIPAA, FIPS, and other related industry security standards, regulations, and best practices
Listing Details
- Citizenship: No Requirements
- Incentives: Not Provided
- Education: No Requirements
- Travel: Travel 50
- Telework: Full Telecommute