Senior Information Security Analyst; NOT Remote

Job Summary

As a member of the Information Security team, responsibilities include managing and mitigating information security risk by identifying, evaluating, assessing, designing, monitoring, administering, reporting and implementing systems, policies and processes. Provides information security risk insight and guides management on information security risk issues and serves as advisor to peers, team members and management.

Bachelor's degree in Computer Science, MIS, Computer Engineering, Cyber Security or related discipline.

None. One or more of the following certifications are preferred:
Certified Information Systems Security Professional (CISSP), or Certified in Risk and Information Systems Control (CRISC) or Certified Information Systems Auditor (CISA).

3 - 4 years related experience inclusive of two years working directly in an Information Services department and previous experience with HIPAA/PHI compliance programs, policies, procedures, risk assessments and audits.

In-depth knowledge of cyber security methodology and security practices. Knowledge of HIPAA, PCI, SOX, ISO and NIST cybersecurity frameworks. Knowledge of intrusion detection and intrusion prevention systems, penetration and vulnerability testing. Knowledge of data loss prevention, anti-virus and anti-malware software tools. Knowledge of computer networking, TCP/IP, routing and switching, network protocols and packet analysis tools. Knowledge of Windows, UNIX and Linux operating systems.

Excellent problem solving and analytical skills. Excellent written and oral communication skills. Excellent organizational and interpersonal skills. Ability to work independently as well as in a team setting.

Define, implement, and enforce information security policies, strategies, and procedures that align with healthcare laws and regulations, such as HIPAA. Conduct and/or support targeted risk assessment. Determine significant risk points and exercise process for risk assessment and risk acceptance. Review assessment results for vulnerabilities, gaps, control deficiencies, and work with key stakeholders to establish plans for sustainable resolution. Maintain an effective information security awareness program and educate internal teams on best practices.

Ensure that business and clinical software applications include adequate information and security controls. Establish and maintain metrics based on the information security framework used at SFHS.

Independent judgment in making decisions from many diversified alternatives that are subject to general review in final stages only.

Works directly with patients and/or customers. Works with internal customers via telephone or face to face interaction. Works with external customers via telephone or face to face interaction. Works with other healthcare professionals and staff. Works frequently with individuals at Director level or above.

This document generally describes the essential functions of the job and the physical demands required to perform the job. This compilation of essential functions and physical demands is not all inclusive nor does it prohibit the assignment of additional duties.

Information Technology - Information Security - Yale Campus

Location:

Tulsa, Oklahoma 74136

EOE Protected Veterans/Disability