Information Security Risk Assessment Analyst
At Harris Health System, we champion better health for our patients, their families and our community, by connecting them to an integrated healthcare system that provides high-quality healthcare. Harris Health focuses on the delivery of primary care, wellness and prevention services to the residents of Harris County, Texas, through its extensive network of inpatient and outpatient facilities. Harris Health is a proud recipient of the prestigious National Committee for Quality Assurance designation for its patient-centered medical homes. Harris Health's medical faculty and residents are provided by its nationally recognized medical school partners: Baylor College of Medicine; McGovern Medical School at The University of Texas Health Science Center at Houston (UTHealth); and The University of Texas MD Anderson Cancer Center.
Skills / Requirements
The Information Security Risk Assessment Analyst reports to Manager, Information Security Risk Management. The Information Security Risk Assessment Analyst (ISRAA) will participate in system-wide information security risk assessment program. The ISRAA will make recommendations on methods of safeguarding data, information systems, and technology infrastructure to ensure that organizational information security risks are identified and managed. The ISRAA will play a critical role on the information security risk assessment team, by performing information system risk assessments of applications, technology initiatives, business associates, third-party vendors and suppliers using RSAM. Assist with creation and updates to information security policies and standards.
a. Bachelors degree in Computer Science, MIS, CIS, preferred; or four (4) years experience in a related field.
b. CRISC, CISA, HCISPP, CIPP, CISSP, GSNA, preferred
Three (3) years of experience, Knowledge of HIPAA Security rule, HITECH, Payment Card Industry (PCI), NIST Cybersecurity Framework. In addition, understanding of NIST SP 800-53r4, COBIT, and ITIL frameworks preferred. RSAM or other GRC tools experience preferred. Previous IT audit and risk management experience, or equivalent combination of education and experience. HCISPP, CIPP, CISA, CISM, CRISC, GSNA and/or CISSP highly desirable or must be obtained within 6 months of accepting position
Exceptional Verbal (Public Speaking)