Senior Cybersecurity Risk Analyst

We are more than a health system. We are a belief system. We believe wellness and sickness are both part of a lifelong partnership, and that everyone could use an expert guide. We work hard, care deeply and reach further to help people uncover their own power to be healthy. We inspire hope. We learn, grow, and achieve more – in our careers and in our communities.

Job Description Summary:

The Senior Information Security Assessor will be part of the Risk & Compliance team in Enterprise Information Security (EIS). The Risk & Compliance team is responsible for assessing and monitoring compliance to our information security policies and procedures across the enterprise. The Senior Information Security Assessor will oversee, evaluate, and support the documentation, validation, and accreditation processes necessary to ensure new and existing information technology (IT) systems meet the organization's information assurance (IA) and security requirements. Ensures appropriate treatment of risk, compliance, and monitoring assurance from internal and external perspectives.

Responsibilities And Duties:

1. 20%
Review authorization and assurance documents to confirm that the level of risk is within acceptable limits for each software application, system, and network. 2.
20%
Develop and Implement information assurance I a independent audit processes for application software/networks/systems and oversee ongoing independent audits to ensure that operational processes and procedures are in compliance with organizational and mandatory IA requirements and accurately followed by Systems Administrators and other cybersecurity staff when performing their day-to-day activities. 3.
10%
: Develop Methods to monitor and measure risk, compliance, and assurance efforts. 4.
10%
: Perform validation steps, comparing actual results with expected results and analyze the differences to identify impact and risks. 5.
10%
: Monitor and evaluate a systems' compliance with information technology I t security, resilience, and dependability requirements. 6.
10%
: Maintain information systems assurance and accreditation materials. 7.
10%
: Provide an accurate technical evaluation of the software application, system, or network, documenting the security posture, capabilities, and vulnerabilities against relevant information assurance I a compliances. 8.
10%
: Develop specifications to ensure risk, compliance, and assurance efforts conform to security, resilience, and dependability requirements at the software application, system, and network environment level. ** COMPLETION OF WITH PERCENT

Minimum Qualifications:

Bachelor's Degree (Required)

Additional Job Description:

Degree
Field of Study: Bachelors Degree
or equivalent, related experience
Years of experience: minimum 7 yrs. exp in cybersecurity principles, cyber threats & vulnerabilities

SPECIALIZED KNOWLEDGE
Knowledge of conducting Meaningful Use (MU) Assessments Knowledge of computer networking concepts and protocols, and network security methodologies. Knowledge of risk management processes (e. g. , methods for assessing and mitigating risk). Knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity. Knowledge of cybersecurity principles. Knowledge of cyber threats and vulnerabilities. Exceptional verbal and written communication skills. Capable of relating compliance, technical and nontechnical information to varied audiences with impact. Requires knowledge of regulatory and contractual compliance, including PCI, and HIPAA requirements for information systems, security and privacy. Minimum 7 Years of Experience in cybersecurity principles, cyber threats and vulnerabilities. Proven ability to establish and maintain effective, respectful, and trusting relationships with individuals at all levels of the organization, external colleagues and vendors representing varying needs, personalities, and styles.

DESIRED ATTRIBUTES
Bachelors Degree in Computer Science (or related discipline) CISSP, CRISC, CFCE, GCIH or equivalent security certification Knowledge of information technology (IT) supply chain security and risk management policies, requirements, and procedures. Knowledge of incident categories, incident responses, and timelines for responses. Knowledge of how a security system should work, including its resilience and dependability capabilities, and how changes in conditions, operations, or the environment will affect these outcomes. Knowledge of risk analysis principles and methods. Knowledge of what constitutes a network attack and the relationship to both threats and vulnerabilities. Knowledge of basic system administration, network, and operating system hardening techniques. Knowledge of Personally Identifiable Information (PII) and Payment Card Industry (PCI) data security standards. N/A

Work Shift:

Day

Scheduled Weekly Hours :

40

Department

Information Security

Join us!
... if your passion is to work in a caring environment
... if you believe that learning is a life-long process
... if you strive for excellence and want to be among the best in the healthcare industry

Equal Employment Opportunity

OhioHealth is an equal opportunity employer and fully supports and maintains compliance with all state, federal, and local regulations. OhioHealth does not discriminate against associates or applicants because of race, color, genetic information, religion, sex, sexual orientation, gender identity or expression, age, ancestry, national origin, veteran status, military status, pregnancy, disability, marital status, familial status, or other characteristics protected by law. Equal employment is extended to all person in all aspects of the associate-employer relationship including recruitment, hiring, training, promotion, transfer, compensation, discipline, reduction in staff, termination, assignment of benefits, and any other term or condition of employment