Senior Information Security Analyst

Description PeaceHealth is seeking a Senior Information Security Analyst for a Full Time, Day position.JOB SUMMARY Responsible for leading the design, planning, facilitation, evaluation and implementation of information security-related policies, procedures, standards and controls across PeaceHealth. Assists in the development of the goals, strategy, methodologies and outcomes of the PeaceHealth Information Security Program and related technologies. Provides leadership, expertise and technical direction in collaboration with peers, junior team members and caregivers from adjacent departments, such as Information Technology (IT), Compliance, Privacy, Legal, Communications and Operations. Responsible for the successful coordination, delivery and tracking of outcomes related to 3-5 significant initiatives and contributes to multiple smaller efforts concurrently. Responsible for the day-to-day operations of multiple information security-related program areas or technology systems. Prepares and presents detailed and high-level reports to internal and external stakeholders at multiple levels (up to Director). Acts as subject matter expert in the integration of systems, applications, processes, access controls, go-lives, upgrades, enhancements and technologies, based on business and technical requirements. Assigns work, plans and manages priorities, provides technical assistance, oversees staff schedules, monitors quality of work, monitors team projects, mentors staff, provides constructive feedback, oversees staff training, ensures quality improvement, provides leadership feedback on staff performance, and assists with goal setting for the team. Assists in recruitment, development, and training of security staff. Provides on-call after-hours support as assigned. ESSENTIAL FUNCTIONS Leads the design, engineering, implementation and operation of information security processes, policies, procedures, standards, systems and controls based on business and technical requirements.

Analyzes and correlates data from information security technology sources, such as endpoint protection, intrusion detection, security event monitors and secure proxies, to identify potential threats and defend PeaceHealth against threats.

Protects PeaceHealth’s information and information systems by analyzing public and private information sources to develop effective defensive techniques, policies, procedures and standards.

Leads information security, technology teams and business stakeholders to respond to and remediate identified vulnerabilities and gaps in security controls, policies, procedures and standards.

Leads the design and implementation of security response automation, integrating various information and information security tools to create fast, intelligent responses to common and/or critical cyber incidents.

Effectively communicates technical issues and investigative findings to technical and non-technical audiences in written and verbal form.

Leads information sharing and integration procedures across information security through the exchange of threat intelligence and cyber security vulnerability assessment data.

Leads information security assessment activities in collaboration with technical and non-technical teams across the organization.

Proactively identifies and develops recommendations related to information security gaps and vulnerabilities in collaboration with stakeholders across the organization.

Serves as an advisor and subject matter expert on identified information security issues, projects, or any other PeaceHealth initiative that may have an information security implication.

Leads and facilitates information security work groups, including project management, scheduling, coordination, follow up, status reports and report outs.

Leads and responds to security-related investigations and other information security requests across PeaceHealth.

Leads the development of information security intellectual capital by making process or procedure improvements, enhancing team documentation, conducting informal team training sessions, and creating new team training documents.

Develops, promotes and implements information security education and awareness policies, procedures, standards and controls in collaboration with stakeholders across the organization.

Analyzes, designs, builds and manages role-based access controls for users of applications and systems.

Develops and leads user access review processes.

Develops and generates reports and metrics (e.g., system/control metrics, status updates, risk assessment reports, remediation reports) to support information security measurement and reporting objectives.

Provides support and assistance to caregivers across the organization related to information security related technology and programs.

Provides on-call after-hours support on a rotational basis as assigned, including evenings, weekends, and holidays.

Performs other duties as assigned.

QUALIFICATIONS EDUCATION: Bachelor's Degree in Computer Science, Healthcare Information Technology, or relevant field or equivalent knowledge and skills obtained through a combination of education, training and experience required. EXPERIENCE / TRAINING: Minimum of ten (10) years of experience in IT, information security, cyber risk management, compliance or a related field required; of which at least 5 years of experience in information security is required.  Leadership experience working with project or technical teams required.  Healthcare experience preferred.LICENSE / CERTIFICATION: Two or more relevant information security-related certifications required. Examples include: CISSP, CISA, HCISPP, CCSP, CRISC, CISM, CGIH, GCFA, GNFA, GPEN, GSEC, CEH, and Epic Security Coordinator.KNOWLEDGE / SKILLS / ABILITIES: Ability to work independently across multiple initiatives/technologies and seek guidance as needed.  Excellent project management, written and oral communications skills.  Ability to create and present information in various forms such as textual, graphical and statistical.  Ability to collect and analyze data to guide decision making while under potentially intense pressure to address security incidents.  Ability to work collaboratively with and lead a broad range of constituencies and respond to their needs and collaborate effectively towards solutions.  Ability to lead matters of high sensitivity and confidentiality with both professionalism and discretion. Hands-on experience implementing and operating three or more common information security tools, such as endpoint protection, intrusion detection, security event monitors, secure proxies, firewalls, encryption, single sign-on, multi-factor authentication, etc.  Hands-on experience implementing and operating three or more common information security methodologies, such as incident response, risk management, data protection, identity and access management, role- based access control, etc.  Ability to identify and correlate cyber threats and vulnerabilities.  Strong understanding of adversarial tactics and techniques.  Hands-on experience with cybersecurity, ethics and privacy principles, along with related regulatory requirements and industry frameworks (e.g., NIST CSF).  Strong understanding of government and other regulatory requirements for medical billing and benefit verification as they pertain to access and user management.  Knowledge of Microsoft Azure cloud and security services.  Ability to effectively lead others informally and formally. About PeaceHealthPeaceHealth, based in Vancouver, Wash., is a not-for-profit Catholic health system offering care to communities in Washington, Oregon, and Alaska. PeaceHealth has approximately 16,000 caregivers, a multi-specialty medical group practice with more than 900 providers and 10 medical centers serving both urban and rural communities throughout the Northwest. In 1890, the Sisters of St. Joseph of Peace founded what has become PeaceHealth. Today, PeaceHealth is the legacy of its founding Sisters and continues with a spirit of respect, stewardship, collaboration and social justice in fulfilling its Mission. We offer competitive compensation, a robust benefits package and a collaborative, Mission-driven work environment! To learn more about working at PeaceHealth and the community please visit our homepage: www.careers.peacehealth.orgGet a feeling for the Spirit of PeaceHealth through this three-minute video, and visit us on Facebook or LinkedIn!Questions? Review our Employment FAQ or email Recruitment@peacehealth.org. Please note this email does not accept resumes or applications.See how PeaceHealth is committed to Inclusivity, Respect for Diversity and Cultural Humility.For full consideration of your skills and abilities, please attach a current resume with your application. EEO Affirmative Action Employer/Vets/Disabled in accordance with applicable local, state, or federal laws.For full consideration of your skills and abilities, please attach a current resume with your application. EEO Affirmative Action Employer/Vets/Disabled in accordance with applicable local, state, or federal laws.REQNUMBER: PH-INFOR-4170