C

IT Cybersecurity Sr Analyst

CommonSpirit Health
Remote
United States






Overview






CommonSpirit Health was formed by the alignment of Catholic Health Initiatives (CHI) and Dignity Health. With more than 700 care sites across the U.S. from clinics and hospitals to home-based care and virtual care services CommonSpirit is accessible to nearly one out of every four U.S. residents. Our world needs compassion like never before. Our communities need caring and our families need protection. With our combined resources CommonSpirit is committed to building healthy communities advocating for those who are poor and vulnerable and innovating how and where healing can happen both inside our hospitals and out in the community.

Β 

CommonSpirit Health is the second largest not-for-profit health care provider in the United States.Β  With 142 hospitals and over 700 care sites across 21 states, CommonSpirit cares for millions of patients each year and employs over 150,000 people.Β  As a mission-driven health system, CommonSpirit is committed to building healthier communities, advocating for the poor and disenfranchised, and innovating how and where healing can happenβ€”both inside our hospitals and out in the community.

The Cybersecurity Sr Analyst supports the CommonSpirit Cyber Data Governance program.Β  This program is responsible for designing and implementing policies and procedures to safeguard confidential information, protected health information as well as other sensitive information while balancing business requirements and policy limitations to ensure productivity and data protection.Β Β 

The position supports and helps lead the Data Loss Prevention team’s efforts within the organization.Β  This program is responsible for designing policies and procedures within our suite of DLP tools.Β  This includes managing the balance of business requirements and policy limitations to ensure an acceptable level of productivity for employees while protecting patient’s personal data.Β  The position also requires a good understanding of enterprise information security practices and information protection/security applications at the application, endpoint, server, and network infrastructure levels.Β  This position works closely within the Cyber towers as well as engages with other CSH business partners at all levels of the organization.









Responsibilities






*This is a Remote Opportunity

Β 

  • Advanced support to the CommonSpirit Data Loss Prevention and Data Protection program. Supports junior analysts in maintaining service levels. Under guidance from the System Director, mentors and checks the work of junior analysts.
  • Independently conducts investigations and reports on inappropriate use of CommonSpirit confidential information. Monitors and analyzes information from multiple applications/resources to identify information security risks and compliance gaps related to the protection of confidential information.
  • Exercises judgment within defined practices and policies in engaging and providing guidance to end users, business teams, Regional Cybersecurity Officers, Corporate Responsibility Officer and Regional Privacy Officers regarding highly complex information security issues.
  • Creates monthly reports of key risk indicators, performance, and success, highlighting areas in need of improvement and making recommendations.
  • Participates in the design, documentation, and implementation of policies and procedures for monitoring confidential information. Collaborates with IT, Cybersecurity, business, and operations teams to institute mitigating controls. Develops and maintains user manuals, guides, and other program documentation.
  • Works as an intermediary with teams in identifying and prioritizing remediation of information security risks and compliance gaps. Prepares actionable recommendations to mitigate identified risks and ensure compliance with policies and standards. Conducts independent information security reviews and risk assessments/compliance reviews for major programs in coordination with Cybersecurity and other functional groups.
  • Performs assessments of current security technology, authentication systems, and data loss prevention tools, evaluating them against HIPAA, Federal and State Information Protection and Privacy regulations, CommonSpirit Cybersecurity policies/standards, and other relevant regulations pertaining to the protection of confidential information.
  • Willing to participate in On-Call schedule for Que coverage 24x7 with a one (1) hour response expectation Service Level Agreement (SLA).Β 
  • Provides business-focused recommendations for improvement and implements procedural changes to ensure technical solutions align with organizational objectives, regulatory standards, and business needs.
  • Facilitates and leads meetings supporting all phases of assigned projects.
  • Fosters a partnered approach, building and maintaining strong productive working relationships with internal stakeholders within the business.
  • Adheres to data policies and standards while enforcing the approved management of sensitive data in compliance with CSH business rules, legal, and governmental regulations.
  • Mentors and grows the talents and abilities of junior analysts within the team.
  • Ensures data integrity, accuracy, and reconciliation within reports and dashboards by reviewing, identifying, and resolving gaps and inconsistencies.








Qualifications






  • Bachelor of Science degree in computer science with emphasis on information security or in a related technical field; equivalent work experience may be considered in lieu of degree.
  • Experience with Sky-HIGH, Trellix ePO, and/or Varonis DatAdvantage Required
  • Minimum of seven (7) yearsΒ RequiredΒ of progressive experience in information services, including five (5) years in systems security including implementation, maintenance and use of security products in a distributed enterprise environment.Β 
  • Minimum of four (4) years’ experience in a highly regulated industry: healthcare, finance, clinical research, or Federal (ex. FERC, NERC, DOD, etc.).
  • Minimum of three (3) years’ experience with implementing and managing data loss prevention tools, policies, and rules.
  • 5 years job related experience required
  • 5+ years job related experience preferred
  • Strength in verbal and written communication skills.
  • Self MotivatedΒ 
  • Team Orientated.