Privacy & Information Security Risk Management Analyst II

Organization:

SHSO-Sutter Health System Office-Valley

Position Overview:

Uses the Sutter Health governance, risk management, and compliance (GRC) platform to conduct and validate technical security reviews and security assessments in alignment with the Sutter Health information security controls framework, state and federal regulations, and industry security best practices, culminating in the production of security risk assessment reports. Functions as a technical advisor to security leadership, Information Services (IS) departments, and Sutter Health business units on security-related issues and risks and provides support by leading resolution on complex security issues and initiatives. Provides security training to IS staff members through new hire orientation, just-in-time training, and regular department training. Develops and/or reviews technical information security policies, procedures, standards, and guidelines to support Sutter Health business initiatives in alignment with regulatory requirements, security best practices, and evolving technologies. Conducts technical security-related research and analysis and translates the results into meaningful input to the Information Security program.

(Intended for use by SHSO only)

Job Description:

EDUCATION:
Equivalent experience will be accepted in lieu of the required degree or diploma.

• Bachelor's: Business, Computer Science, Engineering, Information Security, Management, Mathematics, Science, Technology or related field

CERTIFICATION & LICENSURE:

• CISSP-Certified Information Systems Security Professional within 1 Year of hire

TYPICAL EXPERIENCE:

• 2 years recent relevant experience.

SKILLS AND KNOWLEDGE:

• Proficient technical skills in planning, administration, and management of information systems, operational and technical security controls, and security risk analysis and management with thorough knowledge of information systems security concepts, current information security trends, practices including security processes, methods, and procedures.

• Working knowledge of software, hardware, databases, networks, firewalls, encryption, and other systems security devices, including a good understanding of Transmission Control Protocol/Internet Protocol (TCP/IP), Domain Name System (DNS), Dynamic Host Configuration Protocol (DHCP), Active Directory, network topologies, and intrusion detection systems.

• General knowledge regarding National Institute of Standards and Technology (NIST), Health Insurance Portability and Accountability Act/Health Information Technology for Economic and Clinical Health Act (HIPAA/HITECH), Federal Information Procession Standards (FIPS), and other related industry security standards, regulations, and best practices.

• Advanced understanding of federal and state security and privacy-related regulatory requirements.

• Good business acumen and advanced analytic skills, including the ability to analyze data and information, reach practical conclusions, recommend corrective actions, resolve conflicts, and institute effective changes.

• Effective organizational and project management skills required, including the demonstrated ability to prioritize tasks, manage multiple projects simultaneously, and complete deliverables.

• Attention to detail with time management and organization skills, including attention to detail, clear documentation, diagnostic capabilities and problem solving skills.

• Communication (written/verbal), interpersonal, and presentation skills to explain complex technical or sensitive information clearly and professionally to diverse audiences and all levels of internal and external constituencies.

• Robust computer skills, including an advanced knowledge of Microsoft Office Suite (Word, Excel, Outlook, Access, Access Control List (ACL)), Microsoft Visio or other flowcharting tool, various database architectures and related security and assessment tools and applications.

• Ability to identify key concepts, factors, and risks based on conversations and document them in clear and concise narrative.

• Ability to work independently, as well as part of a multidisciplinary team, while demonstrating organization skills to efficiently and effectively conduct reviews and assessments within established timeframes and government regulations.

Job Shift:

Days

Schedule:

Full Time

Shift Hours:

8

Days of the Week:

Monday - Friday

Weekend Requirements:

As Needed

Benefits:

Yes

Unions:

No

This position is work from home eligible.

Position Status:

Exempt

Weekly Hours:

40

Employee Status:

Regular

Number of Openings:

1

Sutter Health is an equal opportunity employer EOE/M/F/Disability/Veterans.

Pay Range is $40.25 to $60.38 / hour

The salary range for this role may vary above or below the posted range as determined by location. This range has not been adjusted for any specific geographic differential applicable by area where the position may be filled. Compensation takes into account several factors including but not limited to a candidate’s experience, education, skills, licensure and certifications, department equity, training and organizational needs. Base pay is just one piece of the total rewards program offered by Sutter Health. Eligible roles also qualify for a comprehensive benefits package.

Qualified applicants with arrest and conviction records will be considered for employment. Applicants for specific positions are still required to disclose certain convictions during the application process, and those convictions may also be considered in determining eligibility for employment in accordance with applicable law.

Apply Apply Later