Information Security Risk Assessment Analyst Sr
At Harris Health System, we champion better health for our patients, their families and our community, by connecting them to an integrated healthcare system that provides high-quality healthcare. Harris Health focuses on the delivery of primary care, wellness and prevention services to the residents of Harris County, Texas, through its extensive network of inpatient and outpatient facilities. Harris Health is a proud recipient of the prestigious National Committee for Quality Assurance designation for its patient-centered medical homes. Harris Health's medical faculty and residents are provided by its nationally recognized medical school partners: Baylor College of Medicine; McGovern Medical School at The University of Texas Health Science Center at Houston (UTHealth); and The University of Texas MD Anderson Cancer Center.
Skills / Requirements
The Sr. Information Security Risk Assessment Analyst assists the Vice President (VP) and Chief Information Security Officer (CISO) in developing, maintaining, and executing a continuous, flexible information security risk management program that aligns with Harris Health's overall strategic business and IT goals, and addresses the higher-risk areas and concerns of Executive Management. Works alongside the Harris County legal team and the Harris Health corporate compliance department to review third-party contracts and ensure compliance to standards and regulations regarding information access, security, and privacy. Leads all phases of internal and third-party risk assessments, as-well-as planned IT audits and reviews. Coordinates internal and third-party security audits, to include HIPAA audits, PCI DSS audits, Service Organization Controls (SOC) audits, ISO audits, SSAE 16 / ISAE 3402 audits, customer audits, and other compliance / regulatory audits. Assists VP/CISO with decisions regarding risk and audit planning, testing plans and methodologies for risk and audit projects. Assists VP/CISO in determining reportable observations, findings and recommendations to relay to Executive Management and Board of Trustees. Develops and publishes related risk and audit reports and reviews. Drafts and updates various departmental and organization-wide information security policies.
Education/Specialized Training/Licensure: Four (4) year degree in an Information Systems, Business Management or equivalent work experience. Knowledge of HIPAA Security rule, HITECH, Payment Card Industry (PCI). Previous IT audit and risk management experience, or equivalent combination of education and experience HCISPP, CIPP, CISA, CISM, CRISC, GSNA and/or CISSP , highly desirable or must be obtained within 6 months of accepting position.
- Five (5) years related industry experience (business).
- Five (5) years in Information Security, Cyber Risk and/or Compliance position.
- Ability to evaluate, review and report on a range of information systems and applications to include EPIC, Windows, Unix, IBM, Cisco,
Exceptional Verbal (e.g., Public Speaking)
Writing /Composing (Correspondence)
Work Schedule: Eligible for Telecommute