Fairview Health Services Senior Security Analyst in Minneapolis, Minnesota

Overview

Fairview Health Services is looking for a senior security analyst for our corporate IT location in Minneapolis, MN. This is a full-time position working day hours, Monday thru Friday. Our Information Technology services include over 500 employees who work to proactively support the growth of the Fairview network, applications and infrastructure, while also partnering with end-users to ensure patient care quality and safety.

This position will help safeguard the organization’s information through the creation and enforcement of policy and standards. The position will contribute to the security awareness of the organization. In this role your skills, experience and knowledge of information security will help the organization ensure vendors, applications and organizational changes occur within the boundaries of the organization’s risk tolerance. This role participates in projects as a security consultant or advisor, and helps in raising awareness across the organization’s employees. Identifies changes to our governance program to ensure alignment between operations and policy. Staying current with industry specific security trends and changes in regulations and providing detail to project teams regarding security requirements. Creates and presents deliverables for applications, vendors, controls and threats.

This position will have leadership responsibilities in the following areas:

  • Security Policy – review and update policy; determine need for new policy; author and organize policy

  • Security Exception- Manage exceptions and exception processes.

  • HIPAA – lead Audit discussions, help perform audits, and help gather control evidence.

  • Security Metrics – report and design metrics for dashboards supporting the CISOs reporting to the organization.

Responsibilities/Job Description

  • Use standard technology monitoring tools to monitor assigned environments and/or technical assets and identify/detect behavior outside of established standards. Provide timely and effective recommendations for Fairview’s information security support. Partner with other support teams and vendors to resolve problems. Escalate key security issues to the appropriate team to be addressed. Assist with security assurance testing activities.

  • Monitor compliance with information security policies and practices and any applicable laws. Assist with internal and external security risk assessments, risk analysis and application or system-level testing and reviews. Participate in the assessment of compliance with security regulations. Participate in periodic application security health checks. Help Monitor and document vendor compliance with Fairview security requirements.

  • Assist with the research, development, continuous improvement and implementation of security policies, procedures, standards and processes based on compliance requirements and industry best practices. Document the Fairview information security requirements, processes and procedures. Enforce information security policies and procedures by reviewing security violation reports, investigating possible security exceptions and documenting security controls. Contribute to the collection of information security metrics.

  • Prepare status reports on information security matters that are used for a variety of purposes - tracking and monitoring and risk management & compliance reporting. Effectively manage and prioritize ad-hoc reporting requests, scorecards and standard departmental reporting. Coordinate with internal team and external auditors to provide documentation of compliance assessments, support and remediation activities.

  • Review, analyze and respond to security events. Work to reduce information security risks by effectively administering the information security processes across the security policy and forensic functions.

  • Maintain and develop knowledge of regulatory security trends, new security technologies and best practices. Conduct security and industry specific research to keep self and Fairview abreast of the latest security issues and regulatory developments that may impact existing policies, procedures and practices. Participate in information security education, training and awareness activities for technology and business teams.

  • Assist with the development and deployment of a security awareness program.

Qualifications

Required Qualifications

  • Bachelor’s degree in IT or equivalent work experience.

  • 7+ years of experience in information security or IT.

Preferred Qualifications

  • Bachelor’s degree in IT.

  • Industry relevant certifications such as CISSP, CCSP, CRISC, CISA, CGEIT, Security +.

  • 10+ years of experience in information security or IT.

Other Required Skills

  • Broad work experience that spans one or more of the information security functions - policy development, education, executing penetration testing and application vulnerability assessments, risk analysis and compliance testing.

  • Knowledge of the Compliance and Regulatory requirements for healthcare systems such as: PCI-DSS / HIPAA / Meaningful Use-MACRA-MIPS / OCR / DHHS / CMS

  • Experience with one or more of the following GRC tools: Service Now GRC, Metric stream, RSAM, Archer.

  • Working knowledge of information security and computer network/system access technologies.

  • Effective verbal and written communication skills that include the ability to describe highly technical concepts in non-technical terms.

Desired Skills

  • Effective communication skills enabling communication of complex information to various audiences both verbally and in writing.

  • Ability to establish trust with partners through demonstration of knowledge and commitment to security.

  • Strong knowledge and understanding of the role of technical, administrative and physical controls in securing information.

  • Confidence to recommend changes and improvements to the security program.

Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.

Need help finding the right job?

We can recommend jobs specifically for you!

Fairview Health Services (fairview.org) is an award-winning, nonprofit health system providing exceptional care across the full spectrum of health care services. Joined by HealthEast in June 2017, Fairview is one of the most comprehensive and geographically accessible systems in the state, with 12 hospitals—including an academic medical center and long-term care hospital—serving the greater Twin Cities metro area and north-central Minnesota.

Its broad continuum also includes 56 primary care clinics, specialty clinics, senior living communities, retail and specialty pharmacies, pharmacy benefit management services, rehabilitation centers, counseling and home health care services, medical transportation, an integrated provider network and health insurer PreferredOne. In partnership with the University of Minnesota, Fairview’s 32,000 employees and 2,400 affiliated providers embrace innovation to drive a healthier future through healing, discovery and education.

EEO/AA Employer/Vet/DisabledAll qualified applicants will receive consideration without regard to any lawfully protected status.

Requisition ID 2018-25875

Profession Non-Clinical Professional

Speciality Information Technology

Location Fairview offices at 323 Stinson

Shift day

Hours per 2 weeks 80

Department Security Operations