Harris Health is a nationally recognized health system comprising three teaching hospitals and an extensive network of ambulatory care centers serving the people of Harris County, Texas, since 1966. Staffed by the faculty, fellows and residents from two nationally ranked medical schools, Baylor College of Medicine and The University of Texas Health Science Center at Houston (UTHealth), Harris Health is the first healthcare system in Houston to receive the prestigious National Committee for Quality Assurance (NCQA) designation for its network of patient-centered medical homes.
Each year, Harris Health provides more than 1.8 million total outpatient visits through its more than 40 ambulatory care facilities. Additionally, Harris Health sees more than 177,000 emergency visits at its Level 1 and Level 3 trauma centers and 35,000 hospital admissions through its three hospitals: Ben Taub, LBJ and Quentin Mease.
Established by voter referendum to enhance the level of charity care available in the community, Harris Health System has often received national recognition for serving those in need and for its achievements in operational excellence, such as being named to the 2011, 2012, 2013 and 2014 Most Wired Hospitals lists by the American Hospital Association’s Hospitals & Health Networks magazine.
Additionally, Harris Health System is pleased that each of its three hospitals — Ben Taub, Lyndon B. Johnson and Quentin Mease — achieved Pathway to Excellence™ designation by the American Nurses Credentialing Center.
The Sr. Information Security Risk Assessment Analyst
- Assists the Chief Information Security Officer (CISO) in developing, maintaining and executing a continuous, flexible information security risk management program that aligns with Harris Health's overall strategic business and IT goals, and addresses the higher-risk areas and concerns of Executive Management.
- Works alongside the Harris County legal team and the Harris Health corporate compliance department to review third-party contracts and ensure compliance to standards and regulations regarding information access, security, and privacy.
- Leads all phases of internal and third-party risk assessments as-well-as planned IT audits and reviews.
- Coordinates internal and third-party security audits, to include HIPAA audits, PCI DSS audits, Service Organization Controls (SOC) audits, ISO audits, SSAE 16 / ISAE 3402 audits, customer audits, and other compliance/regulatory audits.
- Assists VP/ CISO with decisions regarding risk and audit planning, testing plans and methodologies for risk and audit projects.
- Assists VP/CISO in determining reportable observations, findings and recommendations to relay to Executive Management and Board of Trustees.
- Develops and publishes IT- related risk and audit reports and reviews.
- Drafts and updates various departmental and organization-wide information security policies.
- Four (4) year degree in an Information Systems, Business Management or equivalent work experience.
- Knowledge of HIPAA Security rule, HITECH, Payment Card Industry (PCI), NIST Cybersecurity Framework. In addition, understanding of NIST SP 800-53r4, COBIT, and ITIL frameworks preferred. RSAM or other GRC tools experience preferred
- Previous IT audit and risk management experience, or equivalent combination of education and experience.
- HCISPP, CIPP, CISA, CISM, CRISC, GSNA and/or CISSP highly desirable or must be obtained within 6 months of accepting position.
Work Experience (Years and Area):
- Five (5) years related industry experience (business).
- Five (5) years in Information Security, Cyber Risk and/or Compliance or GRC role.
- Three (3) years of RSAM system administration desired or other GRC tool.
- Ability to evaluate, review and report on a range of information systems and applications to include EPIC, Windows, Unix, IBM, Cisco,
Exceptional Verbal (e.g., Public Speaking)
Writing /Composing: Correspondence
Analytical, PC, and Word Proc
Harris Health System benefits program is designed to provide you with more flexibility and choices in meeting your specific needs. Harris Health System benefits program allows you to protect your income in case of illness, death and disability, and to help you save for retirement.
It is the policy of Harris Health System to provide equal opportunity for all applicants for employment regardless political affiliation, race, color, national origin, age, sex, religious creed or disability. Applicants may request any reasonable accommodation(s) to participate in the application process.