|Job Title||Analysts - IT Security Risk and Compliance|
|Degree Required||Bachelors preferred|
|Job Type||Contract Full-Time|
|Job Description||Offers have been accepted for these positions.|
Optomi Health IT, in partnership with our client – a national health system - is recruiting for two contract Analysts - IT Security Risk and Compliance roles. These are 6-month long contracts, working as part of the IT Audit & Compliance team. On this project you will work with IS leadership to protect the confidentiality, integrity and availability of confidential information in compliance with regulatory requirements and organizational policies and procedures. This role will have a multi-faceted focus consisting of:
• Reviewing the security programs and controls of proposed or existing vendors and third parties, to identify and communicate risk to stakeholders, and to ensure that appropriate contractual provisions are in place.
• Working across the health system and its facilities to complete security risk analysis activities.
• Tasks include assisting various facility and corporate contacts to ensure that risks to ePHI are properly identified, documented, prioritized and reported to facility leadership.
• Consulting in the development of appropriate remediation plans; tracking the completion status of each assigned Security Risk Analysis.
• Assisting, coaching, mentoring, or training new team members as needed; and assisting in identifying opportunities for cost savings throughout the process
This person will also be called upon to assist management with enterprise risk assessment and annual Security Risk Analysis plan development.
Essential Job Functions:
• Performs interview or questionnaire-based risk assessments of information security controls
• Assists with evaluations of, and provides feedback related to, Vendor Security Review and Security Risk Analysis processes to provide reasonable assurance that risk management, control, and governance systems are functioning as intended and will enable the organization to meet its goals and objectives.
• Evaluates IT general controls
• Evaluates automated system controls including authentication and authorization, and other controls to support privacy and security of sensitive data.
• Stays abreast of advances in technology and IT Security trends and developments; regularly share knowledge with staff and IS management; effectively interact with various levels of internal management. Identifies emerging issues and recommend solutions to IT Audit & Compliance Management.
• Provides risk assessment input.
• Ability to identify and assess business process and IT risks, recommend appropriate remediation steps, and thoroughly document as required.
• Experience around healthcare GRC
• Demonstrated experience performing security/IT audits around ePHI.
• Good working knowledge of HIPAA and HITECH/ISO principles, concepts and practices.
• Advanced knowledge of PowerPoint and Excel Visio proficiency in documenting process workflows would be an asset
• Security certifications
|Number of Openings||2|