Senior IT Control and Risk Analyst

Gaithersburg, MD
Apr 03, 2019
May 08, 2019
Analyst, IT
Full Time
The Senior IT Control and Risk Analyst is responsible for identifying and monitoring information security risks throughout Adventist HealthCare. This will be accomplished through development and completion of audits, projects and monitoring activities to test the effectiveness and efficiency of IT controls and related processes and validate compliance with applicable policies and regulatory requirements.

Work Schedule:

Job Responsibilities

1. Develop and implement an IT Security monitoring program including such activities as"
  • Performing HIPAA and general IS Security Risk Assessments
  • Executing an IT Audit program including detailed tests of controls
  • Establishing a Capacity Maturity Model to assess critical business processes
  • Developing and implementing a balanced score card to monitor and evaluate the effectiveness of the IT Security program
  • Facilitate Control Self Assessments system-wide

2. Validate implementation of information security risk mitigation plans. Provide status updates to Information Services and Organizational Integrity leadership as appropriate.

3. Collaboratively with the Chief Information Security Officer, manage all information security related policies by:
  • Inventorying all information security related policies, periodically reviewing and updating all information security related polices as required
  • Identifying emerging information security related risks and developing policies to help mitigate those risks

4. Act as an IT Security subject matter specialist for IT related projects and committees

5. In collaboration with the Information Services Security team, develop and implement the information security awareness program including development of

annual and periodic training materials, performing phishing simulations and other activities to raise awareness of IT security risks.

6. Maintain a working knowledge of:
  • Applicable federal, state and local laws and regulations including Meaningful Use, HIPAA, NIST, ISO27001, and Payment Card Industry compliance
  • Adventist HealthCare policies and procedures related to the Adventist HealthCare Organizational Integrity Program, Code of Ethics, and other Adventist HealthCare policies and procedures

7. Validate that access control, disaster recovery, business continuity, incident response and risk management needs of Adventist HealthCare are properly addressed

Required Qualifications

1. Ability to work effectively and efficiently, and manage competing priorities with minimal direct supervision

2. Possess and demonstrate an in-depth knowledge of healthcare applications, technology, EHR and experience in health information systems

3. Experience auditing HIPAA, Meaningful Use and PCI related processes and controls

4. Demonstrated Ability to advise others and provide meaningful input on IT related Internal projects

5. Understands IT and general business processes, and applies risk and control concepts as appropriate

6. Demonstrates strong active listening skills

7. Technical expertise in Internal Audit methodology

8. Builds collaborative relationships with entity and department leadership to facilitate improvement to the IT Security environment

9. Communicates effectively, both orally and in writing with all levels of executive management and staff

10. Proactively communicates issues or concerns to the Senior Manager, Audit & Advisory Services and to audit clients

11. Adapts well to new circumstances, information and challenges

12. Ability to flourish in a fast-paced, complex environment

13. Ability and willingness to work in a collaborative, team environment

  • Bachelor's degree in Business, Computer Science, Information Systems/Sciences, Computer Security, Engineering or a related field
  • Master's degree in a business or information security related field preferred.

  • At least 3 years of IT audit or IT security experience
  • Two years of experience leading projects and working independently, preferably in the healthcare setting

  • CISA, CRISC, CISSP, HCISSP or equivalent certification preferred.

Tobacco Statement

Tobacco use is a well-recognized preventable cause of death in the United States and an important public health issue. In order to promote and maintain a healthy work environment, Adventist HealthCare will not hire applicants for employment who either state that they are nicotine users or who test positive for nicotine use.

Adventist HealthCare will withdraw offers of employment to applicants who test positive for Cotinine (nicotine). Those testing positive for cotinine are given the opportunity to re-apply in 90 days, if they can truthfully attest that they have not used any nicotine products in the past ninety (90) days and successfully pass follow-up testing.

Equal Employment Opportunity

Adventist HealthCare is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability, or protected veteran status.

Similar jobs