Senior IT Security Analyst Policy, is responsible for using variety of IT Risk, Compliance, Security management tools and technologies to assess, review, analyze, measure and recommend actionable guidance to IT System and Service Owners to define, enhance security policies, controls, standards to manage and/or mitigate security risks for M Health Fairview. Successful candidate would possess understanding of security principles, frameworks, company policies, risk and compliance needs for M Health Fairview. Operational duties may include collaborating with peer engineers/analysts, analyzing, prioritizing and leading gap mitigation efforts to address key security policy, standards and regulatory compliance gaps. Senior Security Analysts will have deep understanding of potential security threats, vulnerabilities, risks or exposure and exploitability, criticality of service or technology to business and disaster and recovery, resiliency needs, counter measures and methods to address risks. Successful candidate will proactively lead actions to assess, enumerate risk and collaborate with IT and Business teams to come up with remediation steps and help minimize security risk.
Understanding of security policies, standards, risk enumeration techniques, cybersecurity frameworks
Understanding of various domains of security including authentication, authorization, network security, data, system device and Operating Systems, coding principles, development methodologies, web/mobile applications, use of public and private networks, devices and applications hosted in public/private/hybrid cloud environments
Expert in one or more areas of IT Risk assessments, risk management, regulatory compliance needs for PCI/HIPAA/SOX, Security & Risk Policies, IT & Security Governance, Disaster Recovery/Business Continuity Management, Internal Audit, Risk Matrix & IT General Controls
Work with vendors, health and business partners to ensure security remediation milestones are being met
Lead technical and risk management groups to identify and remediate gaps including tool/technology deficiencies
Perform analyses to validate established security requirements and to recommend additional security requirements and safeguards.
Define and document processes and enhance existing processes partnering with business and IT teams.
Understanding of vulnerability classes (OWASP) and how they can be exploited
Serve as security subject matter expert in assisting external and internal audits, risk assessments, business resiliency, policy and standard violation investigations, IT capacity planning, potential security/privacy investigations and remediation of identified gaps.
Lead complex projects related to information security regulatory compliance and the implementation and maintenance of all cybersecurity programs, processes and technologies. Assure the implementation of appropriate security configurations or re-configurations and work with appropriate teams to execute them as required.
Foster a culture of improvement, efficiency gains and innovative thinking. Coach and mentor team members as needed. Adapt and embrace change and demonstrate flexibility in taking up and fulfilling other duties as assigned.
Demonstrates ability to provide service adjusting approaches to reflect developmental level and cultural differences of population served
Partners with patient care giver in care/decision making.
Communicates in a respective manner.
Ensures a safe, secure environment.
Fulfills all organizational requirements
Completes all required learning relevant to the role
Complies with and maintains knowledge of all relevant laws, regulation, policies, procedures and standards.
Fosters a culture of improvement, efficiency and innovative thinking.
Performs other duties as assigned
Bachelors degree in Computer Science, Computer Engineering, Technology Information Systems, Engineering or related technical discipline or combination of relevant experience/education.
7+ years of cumulative experience in policy, risk management, audit, compliance, governance, development and/or support of IT or Business Systems
3+ years of experience in two or more areas of managing/supporting Security policy, security standards, risk management, internal/external security audit, threat modeling, security access governance, deployment/support of Cybersecurity tools and technologies
Ability to thrive in a sense-of-urgency environment and leverage best practices
Bachelors degree in Computer Science, Computer Engineering, Technology Information Systems, Engineering or related technical discipline
Ability to author and edit scripts such as PowerShell, Python and exposure to or knowledge of REST API and JSON batching and workflow automation
Industry specificcertifications Security+, CASP, CEH, Pentest+ or equivalents, Technical certifications such as SANS GIAC, OCSP are a plus
Together with the University of Minnesota and University of Minnesota Physicians we have created M Health Fairview. M Health Fairview is the newly expanded collaboration among the University of Minnesota, University of Minnesota Physicians, and Fairview Health Services. The healthcare system combines the best of academic and community medicine — expanding access to world-class, breakthrough care through our 10 hospitals and 60 clinics.
Fairview Health Services (fairview.org) is an award-winning, nonprofit health system providing exceptional care across the full spectrum of health care services. Fairview is one of the most comprehensive and geographically accessible systems in the state, with 10 hospitals—including an academic medical center and long-term care hospital—serving the greater Twin Cities metro area.
Its broad continuum also includes 60 primary care clinics, specialty clinics, senior living communities, retail and specialty pharmacies, pharmacy benefit management services, rehabilitation centers, counseling and home health care services, medical transportation, an integrated provider network and health insurer PreferredOne. In partnership ...with the University of Minnesota, Fairview’s 32,000 employees and 2,400 affiliated providers embrace innovation to drive a healthier future through healing, discovery and education.
To improve the patient experience by providing health care providers; patients and their families; and others with information, education, networking opportunities, and related resources focused on best practices.