Analyst IT Data Security Sr.

Purpose of Job

Under the supervision of the IT Director of Technology and Security, The Senior Data Security Analyst (Sr. DSA) is responsible for directing a comprehensive long-term program of security at Ridgeview Medical Center, education curriculum, and to assess the adequacy and effectiveness of Ridgeview Medical Center compliance with security, policies, laws and regulations. In addition, this position will recommend and draft policy changes as necessary for industry, technological and/or regulatory changes to ensure appropriate responses to incidents, and performs scheduled and unscheduled audits. In addition this role assists in providing work direction to other resources responsible for technical security at Ridgeview Medical Center, and tracking internal and external security audits and remediation efforts. The Sr. DSA is also responsible for working with IT staff, manufacturers, consultants, and business partners to participate in technology evaluations to ensure cybersecurity concerns are identified, addressed, and documented. The incumbent will deliver updates on the state of the security infrastructure, and work with the Infrastructure Solutions Architect and IT leadership to address any identified gaps and recommend solutions.

Job Functions

• Serves as an internal information security consultant to the organization
• Maintains and manages the internal technical security program
• Documents, implements and monitors security policies and procedures created by the Information Security Committee, referring problems to the appropriate department manager
• Assists in providing work direction for staff involved in technical security management
• Performs information security risk assessments and serves as an internal auditor for security issues
• Reviews current and new applications and systems for possible security vulnerabilities
• Monitors and maintains the security control systems to ensure that appropriate access levels are maintained
• Reviews all system-related security plans throughout the organization's network
• Advises the organization with current information about information security technologies and related regulatory issues.
• Reviews and manages the organizations technical resiliency and disaster recovery plans
• Performs other duties as assigned.

Minimum Education/Work Experience

• Bachelor's degree in Computer Science, Business or related field or at least 5 years of service experience in lieu of a degree
• 5+ years of related experience in Information Technology Services or equivalent combination of education and experience
• Experience working in a diverse information systems environment
• Ability to effectively manage multiple competing priorities

Knowledge/Skills/Abilities

• Knowledge of HIPPA, HITECH, and other applicable data privacy practices and laws
• Understanding of cybersecurity
• Ability to communicate in the English language for effective written and verbal correspondence
• Ability to communicate to all levels of the organization and clearly articulate business needs to internal partners and external vendors
• Strong presentation skills
• Strong ability to see business needs from the user point of view and translate those needs into a technical solution
• Highly developed problem solving skills
• Ability to manage multiple projects and deliverables

Preferred Qualifications

• Prior cybersecurity experience
• Prior management experience
• Certified HIPPA Professional (CHP)
• Certified Health Care Privacy and Security (CHPS)
• Certified Information Systems Security Professional (CISSP)