Find More Than 52931+ Job Vacancy

Role:
The IT Security Governance Analyst is primarily responsible for implementing security controls, risk assessment frameworks, and management of the security program to ensure it aligns to regulatory requirements, ensuring documented and sustainable compliance that aligns and advances the Organization’s business objectives. Is involved with or coordinates all ongoing activities related to the development, implementation, maintenance of, and adherence to the Information Technology Department’s policies and procedures covering the security of, and access to, patient health information and other data in compliance with federal and state laws. Creates policies and procedures, system security requirements, data integrity standards, authentication standards, accountability standards, audit guidelines and disaster recovery plans for use throughout the Organization. Works closely with the Corporate Compliance Department on matters of HIPAA compliance and Joint Commission information management standards.

• Bachelor’s Degree in Computer Science or related field or an equivalent combination of work experience and education
• Minimum of three (3) years’ experience with information management in a healthcare environment with project management skills
• Minimum of three (3) years’ experience with risk management, development of security training and awareness, vendor risk management, data protection, incident management, vulnerability management, and identity access management
• Minimum of one (1) IT security or audit focused certification required or be able to obtain within one (1) year of acquiring the position. These certifications can include, but are not limited to: CGEIT, CISM, CISA, CISSP, GSEC, GRCP, CITRP, HITRUST CSF Practitioner
• Security experience, including experience developing and implementing security programs, technologies and processes, identify and access management
• Knowledge of security risks and controls with an understanding of information security standards (NIST, HITRUST, and COBIT)
• Knowledge of health care and business regulatory requirements including HIPAA, Joint Commission, and Florida state laws
• Knowledge of network devices, data privacy, cybersecurity threats and attacks
• Proven ability to understand business issues and able to develop and implement complex mechanisms in a manner appropriate to management’s business needs
• Excellent and effective communication skills (verbal and written) with staff and senior management, especially when sensitive issues are involved

• Satisfactorily complete competency requirements for this position.

• Represent the Company professionally at all times through care delivered and/or services provided to all clients.
• Comply with all State, federal and local government regulations, maintaining a strong position against fraud and abuse.
• Comply with Company policies, procedures and standard practices.
• Observe the Company's health, safety and security practices.
• Maintain the confidentiality of patients, families, colleagues and other sensitive situations within the Company.
• Use resources in a fiscally responsible manner.
• Promote the Company through participation in community and professional organizations.
• Participate proactively in improving performance at the organizational, departmental and individual levels.
• Improve own professional knowledge and skill level.
• Advance electronic media skills.
• Support Company research and educational activities.
• Share expertise with co-workers both formally and informally.
• Participate in Quality Assessment and Performance Improvement activities as appropriate for the position.

• Establishes, develops and manages the information classification process and grants access in assigning and revoking privileges.
• Maintains and matures a role-based security program and manages identity and access management (IAM) standards and tools.
• Implements processes, such as GRC (governance, risk and compliance), to automate and continuously monitor information security controls, exceptions, risks, testing. Develops reporting metrics, dashboards, and evidence artifacts.
• Maintains and matures the Company HITRUST compliance program. Performs periodic audits of access to networks, applications, operating systems, etc. to ensure compliance.
• Provides technical advice and assistance to department management and other administrative personnel relative to the implementation and enforcement of HIPAA security and other related state and federal laws. Provides consultation on implementing information management policies and procedures.
• Documents and reports control failures and gaps to stakeholders. Provides remediation guidance and prepares management reports to track remediation activities.
• Analyzes and assesses moderately complex Corporate information risk analysis, assessment and acceptance processes; identifies risks and exposures, and provides solutions and options for resolution.
• Investigates alleged information security breaches or vulnerabilities. Assists with disciplinary and legal matters associated with breaches.
• Performs vendor security risk assessments during the vendor selection process to ensure vendors meet the Organization’s security and audit standards.
• Evaluates the effectiveness and efficiency of all Organization systems’ security and audit control measures, and ensures compliance with regulatory, state and federal standards.
• Performs other duties as assigned.