Job Title Analysts - IT Security Risk and Compliance
Location OFFERS ACCEPTED
Degree Required Bachelors preferred
Job Type Contract Full-Time
Job Description Offers have been accepted for these positions.

Optomi Health IT, in partnership with our client – a national health system - is recruiting for two contract Analysts - IT Security Risk and Compliance roles. These are 6-month long contracts, working as part of the IT Audit & Compliance team. On this project you will work with IS leadership to protect the confidentiality, integrity and availability of confidential information in compliance with regulatory requirements and organizational policies and procedures. This role will have a multi-faceted focus consisting of:

• Reviewing the security programs and controls of proposed or existing vendors and third parties, to identify and communicate risk to stakeholders, and to ensure that appropriate contractual provisions are in place.
• Working across the health system and its facilities to complete security risk analysis activities.
• Tasks include assisting various facility and corporate contacts to ensure that risks to ePHI are properly identified, documented, prioritized and reported to facility leadership.
• Consulting in the development of appropriate remediation plans; tracking the completion status of each assigned Security Risk Analysis.
• Assisting, coaching, mentoring, or training new team members as needed; and assisting in identifying opportunities for cost savings throughout the process (e.g. process refinement, elimination of duplicated efforts).

This person will also be called upon to assist management with enterprise risk assessment and annual Security Risk Analysis plan development.

Essential Job Functions:
• Performs interview or questionnaire-based risk assessments of information security controls (Physical, Administrative, and Technical).
• Assists with evaluations of, and provides feedback related to, Vendor Security Review and Security Risk Analysis processes to provide reasonable assurance that risk management, control, and governance systems are functioning as intended and will enable the organization to meet its goals and objectives.
• Evaluates IT general controls (ITGC) including information security, systems development life cycle (SDLC), change management, data center / physical security, data backup and recovery, business continuity, and associated risk exposures.
• Evaluates automated system controls including authentication and authorization, and other controls to support privacy and security of sensitive data.
• Stays abreast of advances in technology and IT Security trends and developments; regularly share knowledge with staff and IS management; effectively interact with various levels of internal management. Identifies emerging issues and recommend solutions to IT Audit & Compliance Management.
• Provides risk assessment input.

Skills Needed:
• Ability to identify and assess business process and IT risks, recommend appropriate remediation steps, and thoroughly document as required.
• Experience around healthcare GRC (governance, risk management and compliance).
• Demonstrated experience performing security/IT audits around ePHI.
• Good working knowledge of HIPAA and HITECH/ISO principles, concepts and practices.
• Advanced knowledge of PowerPoint and Excel Visio proficiency in documenting process workflows would be an asset
• Security certifications (i.e. HCISPP, CISA, CISM) highly preferred.
Number of Openings 2