Information Security Analyst

PeaceHealth is seeking a Information Security Analyst for a Full Time, 1.00 FTE, Day position. The salary range for this job opening at PeaceHealth is $36.55 - $54.83. The hiring rate is dependent upon several factors, including but not limited to education, training, work experience, terms of any applicable collective bargaining agreement, seniority, etc.

Responsible for supporting the design, planning, facilitation, evaluation and implementation of information security-related policies, procedures, standards, controls and technologies across PeaceHealth. Contributes to the goals, strategy, methodologies and outcomes of the PeaceHealth Information Security Program and related technologies. Provides input, expertise and technical assistance in collaboration with peers, junior team members and caregivers from adjacent departments, such as Information Technology (IT), Compliance, Legal, Privacy, Communications and Operations. Responsible for the successful delivery and tracking of outcomes related to 1-2 significant initiatives and contributes to multiple smaller efforts concurrently. Responsible for the day-to-day operations of at least one information security-related technology system. Prepares and presents detailed and high-level reports to internal and external stakeholders at multiple levels (up to Manager). Provides on-call after-hours support as assigned.

Details of the Position:

• Participates in the design, engineering, implementation and operation of information security processes, policies, procedures, standards, systems and controls based on business and technical requirements.

• Analyzes data from information security technology sources, such as endpoint protection, intrusion detection, security event monitors and secure proxies, to identify potential threats and defend PeaceHealth against threats.

• Protects PeaceHealth's information and information systems by analyzing public and private information sources to develop effective defensive techniques, policies, procedures and standards.

• Collaborates with information security, technology teams and business stakeholders to respond to and remediate identified vulnerabilities and gaps in security controls, policies, procedures and standards.

• Supports the design and implementation of security response automation, integrating various information and information security tools to create fast, intelligent responses to common and/or critical cyber incidents.

• Effectively communicates technical issues and investigative findings to technical and non-technical audiences in written and verbal form.

• Supports information sharing and integration procedures across information security through the exchange of threat intelligence and cyber security vulnerability assessment data.

• Supports information security assessment activities in collaboration with technical and non-technical teams across the organization. Provides recommendations related to information security gaps and vulnerabilities in collaboration with stakeholders across the organization.

• Serves as an advisor and subject matter expert on identified information security issues, projects, or any other PeaceHealth initiative that may have an information security implication. Contributes to information security intellectual capital by making process or procedure improvements and enhancing team documentation.

• Facilitates information security work groups, including project management, scheduling, coordination, follow up, status reports and report outs. Promotes and implements information security education and awareness policies, procedures, standards and controls in collaboration with stakeholders across the organization.

• Supports and responds to security-related investigations and other information security requests across PeaceHealth. Coordinates and supports user access review processes. Provides support and assistance to caregivers across the organization related to information security related technology and programs.

• Contributes to the analysis, design, build and management of role-based access controls for users of applications and systems. Generates reports and metrics (e.g., system/control metrics, status updates, risk assessment reports, remediation reports) to support information security measurement and reporting objectives.

• Provides on-call after-hours support on a rotational basis as assigned, including evenings, weekends, and holidays.

• Performs other duties as assigned.

What You Bring:

Education

• Bachelor's Degree Required: Computer Science or

• Bachelor's Degree Required: Healthcare Information Technology. or relevant field or equivalent knowledge and skills obtained through a combination of education, training and experience

Experience

• Minimum of 5 years Required: Experience in IT, information security, cyber risk management, compliance or a related field and

• Minimum of 3 years Required: Experience in information security and

• Preferred: Healthcare experience

Credentials

• Preferred: One or more relevant information security-related certifications preferred. Examples include: CISSP, CISA, HCISPP, CCSP, CRISC, CISM, CGIH, GCFA, GNFA, GPEN, GSEC, CEH, and Epic Security Coordinator.

Skills

• Ability to work independently and manage day-to-day assignments with limited supervision and guidance. (Required)

• Excellent written and oral communications skills. (Required)

• Ability to present information in various forms such as textual, graphical and statistical. (Required)

• Ability to collect and analyze data to guide decision making while under potentially intense pressure to address security incidents. (Required)

• Ability to work collaboratively with a broad range of constituencies and respond to their needs and collaborate effectively towards solutions. (Required)

• Ability to work on matters of high sensitivity and confidentiality with both professionalism and discretion. (Required)

• Hands-on experience implementing and operating one or more common information security tools, such as endpoint protection, intrusion detection, security event monitors, secure proxies, firewalls, encryption, single sign-on, multi-factor authentication, etc. (Required)

• Hands-on experience implementing and operating one or more common information security methodologies, such as incident response, risk management, data protection, identity and access management, role-based access control, etc. (Required)

• Knowledge of cyber threats and vulnerabilities. (Required)

• Knowledge of adversarial tactics and techniques. (Required)

• Knowledge of cybersecurity, ethics and privacy principles, along with related regulatory requirements and industry frameworks (e.g., NIST CSF). (Required)

• Knowledge of government and other regulatory requirements for medical billing and benefit verification as they pertain to access and user management. (Required)

• Knowledge of Microsoft Azure cloud and security services. (Required)

Working Conditions

Lifting

• Consistently operates computer and other office equipment.

• Exerting up to 10 pounds of force occasionally and/or negligible amount of force frequently or constantly to lift, carry, push, pull or otherwise move objects.

• Sedentary work.

Environmental Conditions

• Predominantly operates in an office environment.

Mental/Visual

• Ability to communicate and exchange accurate information.

• The worker is required to have close visual acuity to perform an activity such as: preparing and analyzing data and figures; transcribing; viewing a computer terminal; extensive reading.

PeaceHealth is committed to the overall wellbeing of our caregivers: physical, emotional, financial, social, and spiritual. We offer caregivers a competitive and comprehensive total rewards package. Some of the many benefits included in this package are full medical/dental/vision coverage; 403b retirement plan employer base and matching contributions; paid time off; employer-paid life and disability insurance with additional buyup coverage options; tuition and continuing education reimbursement; wellness benefits, and expanded EAP and mental health program.

See how PeaceHealth is committed toInclusivity, Respect for Diversity and Cultural Humility.

For full consideration of your skills and abilities, please attach a current resume with your application. EEO Affirmative Action Employer/Vets/Disabled in accordance with applicable local, state or federal laws.

PeaceHealth requires a completed Primary Vaccine Series (e.g., 2 dose monovalent Pfizer, Moderna or Novavax series or 1 dose J&J vaccine series) or be Up to Date (receiving the most recent Pfizer/Moderna bivalent vaccine/booster) for COVID-19 vaccination prior to their start date. PeaceHealth has a medical and religious exemption request process for those that are unable to receive the COVID-19 primary vaccine series due to medical/religious reasons. For caregivers that will be working in Oregon there is a personal vaccine exemption form that may be requested.

---