Senior IT Security Analyst, Risk Management is responsible for using variety of IT Risk, Compliance, Security management tools and technologies to assess, review, analyze, measure and recommend actionable guidance to IT System and Service Owners to define, enhance security policies, controls, standards to manage and/or mitigate security risks for M Health Fairview. Successful candidate would possess understanding of security principles, frameworks, company policies, risk and compliance needs for M Health Fairview. Operational duties may include collaborating with peer engineers/analysts, analyzing, prioritizing and leading gap mitigation efforts to address key security policy, standards and regulatory compliance gaps. Senior Security Analysts will have deep understanding of potential security threats, vulnerabilities, risks or exposure and exploitability, criticality of service or technology to business and disaster and recovery, resiliency needs, counter measures and methods to address risks. Successful candidate will proactively lead actions to assess, enumerate risk and collaborate with IT and Business teams to come up with remediation steps and help minimize security risk.
Conduct information security assessments utilizing NIST-CSF and appropriate information security control structures; develop risk remediation plans, and facilitate risk remediation efforts.
Provide consultation on information security regulations and standards, such as PCI DSS, HIPAA, or NIST, to various audiences
Ensure the information security controls for M Health Fairview are consistent and appropriate
Facilitate the information security risk management program by identifying areas most in need of risk assessment and coordinating risk assessments with other teams.
Consult with various departments across M Health Fairview to address policy and process related information security risks identified through the information security risk and exception management programs.
Lead information security reviews of vendors and suppliers (including medical devices).
Facilitate the exception management process by tracking exceptions, evaluating associated risks by working with the other information security staff, and coordinating communication with the risk owner.
Ensure M Health Fairviews security standards comply to NIST-CSF, PCI, HITRUST, HIPAA and other regulatory needs.
Work with teams administering multiple operating systems in cloud-based infrastructure including AWS, Azure as well as containerized applications on Kubernetes to identify key Cybersecurity control gaps.
Collaborate with Cybersecurity Operations and Engineering team and counter parts to enhance intrusion detection, DDoS, DNS attacks and come up with counter measures for active threats
Continually research and be aware of emerging cybersecurity threats
Research, evaluate, and recommend new security tools, techniques, and technologies and introduces them to the enterprise in alignment with Cybersecurity and Risk Management strategy.
Understanding of vulnerability classes (OWASP) and how they can be exploited
Understanding of various domains of security including authentication, authorization, network security, data, system device and Operating Systems, coding principles, development methodologies, web/mobile applications, use of public and private networks, devices and applications hosted in public/private/hybrid cloud environments
Expert in one or more areas of IT Risk assessments, risk management, regulatory compliance needs for PCI/HIPAA/SOX, Security & Risk Policies, IT & Security Governance, Disaster Recovery/Business Continuity Management, Internal Audit, Risk Matrix & IT General Controls
Experience analyzing risk and prioritization of vulnerability remediation using MITRE ATT&CK within the greater context of assets and the control stack
Understanding of security policies, standards, risk enumeration techniques, cybersecurity frameworks
Work with vendors, health and business partners to ensure security remediation milestones are being met
Lead technical and risk management groups to identify and remediate gaps including tool/technology deficiencies
Perform analyses to validate established security requirements and to recommend additional security requirements and safeguards.
Define and document processes and enhance existing processes partnering with business and IT teams.
Serve as security subject matter expert in assisting external and internal audits, risk assessments, business resiliency, policy and standard violation investigations, IT capacity planning, potential security/privacy investigations and remediation of identified gaps.
Participate in Red/Blue/Purple teams as needed to help improve security posture of M Health Fairview.
Assist in define security policies and standards, train/educate/measure security awareness, audit development and build lifecycles, perform DR/BCP tests to measure resiliency of IT systems. Lead the design and development of security controls that ensure the safety of information assets and protect from unauthorized access or intentional destruction.
Lead complex projects related to information security regulatory compliance and the implementation and maintenance of all cybersecurity programs, processes and technologies. Assure the implementation of appropriate security configurations or re-configurations and work with appropriate teams to execute them as required.
Foster a culture of improvement, efficiency gains and innovative thinking. Coach and mentor team members as needed. Adapt and embrace change and demonstrate flexibility in taking up and fulfilling other duties as assigned.
Bachelors degree in Computer Science, Computer Engineering, Technology Information Systems, Engineering or related technical discipline or combination of relevant experience/education.
7+ years of cumulative experience in policy, risk management, audit, compliance, governance, development and/or support of IT or Business Systems
3+ years of experience in two or more areas of managing/supporting Security policy, security standards, risk management, internal/external security audit, threat modeling, security access governance, deployment/support of Cybersecurity tools and technologies
Ability to thrive in a sense-of-urgency environment and leverage best practices
Informal or formal leadership experience managing Security IT Risk and Compliance efforts.
Subject Matter Expert level experience in using one or more areas of Security Risk Management tools Identity and Access Management, GRC, BCP/DR, CMDB, Vendor Risk Management
Language & Communication Skills
Ability to effectively communicate both verbally and written with all levels within the organization
Ability to explain technical concepts and adjust messaging based on the audience, including non-technical groups
Ability to influence through outstanding interpersonal skills, collaboration, and negotiation skills
Ability to work well within a team environment, as well as independently
Bachelors degree in Computer Science, Computer Engineering, Technology Information Systems, Engineering or related technical discipline
Ability to author and edit scripts such as PowerShell, Python and exposure to or knowledge of REST API and JSON batching and workflow automation
Industry specificcertifications Security+, CASP, CEH, Pentest+ or equivalents, Technical certifications such as SANS GIAC, OCSP are a plus
Together with the University of Minnesota and University of Minnesota Physicians we have created M Health Fairview. M Health Fairview is the newly expanded collaboration among the University of Minnesota, University of Minnesota Physicians, and Fairview Health Services. The healthcare system combines the best of academic and community medicine — expanding access to world-class, breakthrough care through our 10 hospitals and 60 clinics.
Fairview Health Services (fairview.org) is an award-winning, nonprofit health system providing exceptional care across the full spectrum of health care services. Fairview is one of the most comprehensive and geographically accessible systems in the state, with 10 hospitals—including an academic medical center and long-term care hospital—serving the greater Twin Cities metro area.
Its broad continuum also includes 60 primary care clinics, specialty clinics, senior living communities, retail and specialty pharmacies, pharmacy benefit management services, rehabilitation centers, counseling and home health care services, medical transportation, an integrated provider network and health insurer PreferredOne. In partnership ...with the University of Minnesota, Fairview’s 32,000 employees and 2,400 affiliated providers embrace innovation to drive a healthier future through healing, discovery and education.