Senior Information Security Analyst
Company: Peace Health
Posted on: June 12, 2021
PeaceHealth is seeking a Senior Information Security Analyst
Responsible for leading the design, planning, facilitation,
evaluation and implementation of information security-related
policies, procedures, standards and controls across PeaceHealth.
Assists in the development of the goals, strategy, methodologies
and outcomes of the PeaceHealth Information Security Program and
related technologies. Provides leadership, expertise and technical
direction in collaboration with peers, junior team members and
caregivers from adjacent departments, such as Information
Technology (IT), Compliance, Privacy, Legal, Communications and
Operations. Responsible for the successful coordination, delivery
and tracking of outcomes related to 3-5 significant initiatives and
contributes to multiple smaller efforts concurrently. Responsible
for the day-to-day operations of multiple information
security-related program areas or technology systems. Prepares and
presents detailed and high-level reports to internal and external
stakeholders at multiple levels (up to Director). Acts as subject
matter expert in the integration of systems, applications,
processes, access controls, go-lives, upgrades, enhancements and
technologies, based on business and technical requirements. Assigns
work, plans and manages priorities, provides technical assistance,
oversees staff schedules, monitors quality of work, monitors team
projects, mentors staff, provides constructive feedback, oversees
staff training, ensures quality improvement, provides leadership
feedback on staff performance, and assists with goal setting for
the team. Assists in recruitment, development, and training of
security staff. Provides on-call after-hours support as
Leads the design, engineering, implementation and operation of
information security processes, policies, procedures, standards,
systems and controls based on business and technical
Analyzes and correlates data from information security
technology sources, such as endpoint protection, intrusion
detection, security event monitors and secure proxies, to identify
potential threats and defend PeaceHealth against threats.
Protects PeaceHealth's information and information systems by
analyzing public and private information sources to develop
effective defensive techniques, policies, procedures and
Leads information security, technology teams and business
stakeholders to respond to and remediate identified vulnerabilities
and gaps in security controls, policies, procedures and
Leads the design and implementation of security response
automation, integrating various information and information
security tools to create fast, intelligent responses to common
and/or critical cyber incidents.
Effectively communicates technical issues and investigative
findings to technical and non-technical audiences in written and
Leads information sharing and integration procedures across
information security through the exchange of threat intelligence
and cyber security vulnerability assessment data.
Leads information security assessment activities in
collaboration with technical and non-technical teams across the
Proactively identifies and develops recommendations related to
information security gaps and vulnerabilities in collaboration with
stakeholders across the organization.
Serves as an advisor and subject matter expert on identified
information security issues, projects, or any other PeaceHealth
initiative that may have an information security implication.
Leads and facilitates information security work groups,
including project management, scheduling, coordination, follow up,
status reports and report outs.
Leads and responds to security-related investigations and other
information security requests across PeaceHealth.
Leads the development of information security intellectual
capital by making process or procedure improvements, enhancing team
documentation, conducting informal team training sessions, and
creating new team training documents.
Develops, promotes and implements information security education
and awareness policies, procedures, standards and controls in
collaboration with stakeholders across the organization.
Analyzes, designs, builds and manages role-based access controls
for users of applications and systems.
Develops and leads user access review processes.
Develops and generates reports and metrics (e.g., system/control
metrics, status updates, risk assessment reports, remediation
reports) to support information security measurement and reporting
Provides support and assistance to caregivers across the
organization related to information security related technology and
- Provides on-call after-hours support on a rotational basis as
assigned, including evenings, weekends, and holidays.
- Bachelor's Degree in Computer Science, Healthcare Information
Technology, or relevant field or equivalent knowledge and skills
obtained through a combination of education, training and
EXPERIENCE / TRAINING:
- Minimum of ten (10) years of experience in IT, information
security, cyber risk management, compliance or a related field
required; of which at least 5 years of experience in information
security is required.
- Leadership experience working with project or technical teams
- Healthcare experience preferred.
LICENSE / CERTIFICATION:
- Two or more relevant information security-related
certifications preferred. Examples include: CISSP, CISA, HCISPP,
CCSP, CRISC, CISM, CGIH, GCFA, GNFA, GPEN, GSEC, CEH, and Epic
KNOWLEDGE / SKILLS / ABILITIES:
- Ability to work independently across multiple
initiatives/technologies and seek guidance as needed.
- Excellent project management, written and oral communications
- Ability to create and present information in various forms such
as textual, graphical and statistical.
- Ability to collect and analyze data to guide decision making
while under potentially intense pressure to address security
- Ability to work collaboratively with and lead a broad range of
constituencies and respond to their needs and collaborate
effectively towards solutions.
- Ability to lead matters of high sensitivity and confidentiality
with both professionalism and discretion.
- Hands-on experience implementing and operating three or more
common information security tools, such as endpoint protection,
intrusion detection, security event monitors, secure proxies,
firewalls, encryption, single sign-on, multi-factor authentication,
- Hands-on experience implementing and operating three or more
common information security methodologies, such as incident
response, risk management, data protection, identity and access
management, role- based access control, etc.
- Ability to identify and correlate cyber threats and
- Strong understanding of adversarial tactics and
- Hands-on experience with cybersecurity, ethics and privacy
principles, along with related regulatory requirements and industry
frameworks (e.g., NIST CSF).
- Strong understanding of government and other regulatory
requirements for medical billing and benefit verification as they
pertain to access and user management.
- Knowledge of Microsoft Azure cloud and security services.
- Ability to effectively lead others informally and
PeaceHealth, based in Vancouver, Wash., is a not-for-profit
Catholic health system offering care to communities in Washington,
Oregon, and Alaska. PeaceHealth has approximately 16,000
caregivers, a multi-specialty medical group practice with more than
900 providers and 10 medical centers serving both urban and rural
communities throughout the Northwest. In 1890, the Sisters of St.
Joseph of Peace founded what has become PeaceHealth. Today,
PeaceHealth is the legacy of its founding Sisters and continues
with a spirit of respect, stewardship, collaboration and social
justice in fulfilling its Mission.
We offer competitive compensation, a robust benefits package and
a collaborative, Mission-driven work environment! To learn more
about working at PeaceHealth and the community please visit our
Get a feeling for the Spirit of PeaceHealth through this
three-minute video, and visit us on Facebook or LinkedIn!
Questions? Review our Employment FAQ or email [email protected].
Please note this email does not accept resumes or applications.
See how PeaceHealth is committed to Inclusivity, Respect for
Diversity and Cultural Humility. For full consideration of your
skills and abilities, please attach a current resume with your
application. EEO Affirmative Action Employer/Vets/Disabled in
accordance with applicable local, state, or federal laws.
Keywords: Peace Health, Vancouver , Senior Information Security Analyst, Other , Vancouver, Washington
Didn't find what you're looking for? Search again!