Providence Health & Services Senior Information Security Analyst (Governance, Risk, & Compliance) in California
Providence St. Joseph Health is calling a Senior Information Security Analyst to one of our locations in Irvine, CA, Portland, OR, or the Seattle area.
We are seeking a Senior Information Security Analyst to be an individual contributor on the Information Security Services team, supporting enterprise and regional requirements. The Senior Information Security Analyst works under minimal supervision and is expected to understand the organization’s information security strategy and substantially contribute to the development, maintenance and implementation of the overall system-wide information security program needed for the protection of Providence St. Joseph Health. This includes managing significant bodies of work within the scope of the overall Information Security program. They demonstrate advanced project management skills and are able to garner business requirements; create appropriate supporting schedule, scope and budget and coordinate all aspects of a project for on-time delivery with ongoing support mechanisms identified and in place.
The Senior Information Security Analyst possesses healthcare / business acumen and can proficiently assess security risk while considering health system operational needs and adherence to regulatory requirements, anticipating and articulating potential operational impacts of policy and controls changes. They work collaboratively with interdisciplinary teams to identify, assess and address information security risks, often taking a lead role in areas such as, but not limited to information security frameworks, business continuity management, physical security, security risk management, firewall protection, information security training, intrusion prevention, data loss prevention, anti-virus endpoint protection, policy and standards, regulatory/contractual requirements, planning, mitigation, metrics and reporting, and/or crisis and incident management.
The Senior Information Security Analyst will utilize various tools and methods to provide support to end users, technology teams, and projects on a regular and ad hoc basis. Responsible for working collaboratively and effectively with caregivers across the enterprise to conduct information security activities such as, but not limited to analyzing information security risk and threat data, monitoring and investigating anomalies, developing and promulgating security controls and risk mitigation recommendations, establishing standards, determining information security-related business needs and requirements for potential projects/initiatives and contributing to the system-wide information security training and awareness program.
In this position you will have the following responsibilities:
Coordinates the work of others, works proactively with moderate supervision, collaborates across organizational boundaries.
Identify, develop, and implement needed enterprise-wide security programs and projects that include budget, resource plans, work-plans, schedules and supporting training and documentation.
Develop business and technical requirements; create use cases, test cases and QA criteria to support project implementation while driving health system objectives relative to standardization, integration, efficiency and regulatory compliance.
Facilitate /coordinate resources required for system implementations.
Drive /coordinate departmental organizational and operational transformation initiatives. Manage initiatives that support the creation and implementation of operational support models, availability models, system portfolios, service delivery playbooks, service dashboards (key performance indicators, key risk indicators) and system inventory financial portfolios. Lead teams to drive ongoing process improvement and optimization of these initiatives.
Drive /coordinate resources assigned to security initiatives in support of Information Services (IS) and other departmental transformation initiatives.
Serve as Information Security Services liaison on clinical and business information services projects throughout all project phases, including planning, implementation, and go-live support.
Drive and coordinate system optimization and remediation initiatives. "
Collaborate across departments to document, implement and manage procedures and processes that ensure security control effectiveness. May coordinate the work of others in completing associated tasks.
Leads work assignments for assigned security domains.
Execute activities in the areas of security risk identification, analysis, classification, and mitigation strategies.
Leads creation of information security regulatory requirements, health system security policies, and security best practices. Advises departments across the health system on appropriate controls consistent with security policies, standards and best practices.
Contributes information pertinent to formal security training and provide informal information security awareness information to PSJH caregivers as needed. Can confidently and accurately disseminate information to an audience.
Works collaboratively as part of a team, with moderate supervision to provide relevant input and feedback on the investigation and proposal of technologies and methodologies that can enhance PSJH's security and/or business continuity posture.
Works collaboratively as part of a team, with moderate supervision to provide relevant input and feedback to develop and maintain documentation for all assigned responsibilities.
Manages expectations and effectively communicates and collaborates with colleagues and project team members.
Required qualifications for this position include:
Bachelor's Degree in CS, MIS, Information Security, EE, Business or related field or equivalent education/experience.
7 years Information Security experience.
Demonstrated experience working independently and in collaboration with cross-functional teams.
Demonstrated experience providing in-depth analysis of complex issues which are then presented to cross-functional teams.
Demonstrated experience in service delivery, process definition, and basic system development.
Hands-on experience with security risk management practices.
Either of the following upon hire:
Certified Information Systems Security Professional (CISSP)
Certified Information Systems Auditor (CISA)Certified Information Security Manager (CISM)
Certified Business Continuity Professional (CBCP)
Master Business Continuity Professional (MBCP)
PCI-ISA designation (Payment Card Industry-Internal Security Assessor)
PCIP (Payment Card Industry Professional)
Preferred qualifications for this position include:
Master's Degree in CS, MIS, Information Security, EE, Business or related field.
Healthcare industry knowledge.
About the department you will serve.
Providence Shared Services provides a variety of functional and system support services for our Providence family of organizations across Alaska, California, Montana, New Mexico, Oregon, Texas and Washington. We are focused on supporting our Mission by delivering a robust foundation of services and sharing of specialized expertise.
We offer comprehensive, best-in-class benefits to our caregivers. For more information, visit
As expressions of God’s healing love, witnessed through the ministry of Jesus, we are steadfast in serving all, especially those who are poor and vulnerable.
Providence is a comprehensive not-for-profit network of hospitals, care centers, health plans, physicians, clinics, home health care and services continuing a more than 100-year tradition of serving the poor and vulnerable. Providence is proud to be an Equal Opportunity Employer. Providence does not discriminate on the basis of race, color, gender, disability, veteran, military status, religion, age, creed, national origin, sexual identity or expression, sexual orientation, marital status, genetic information, or any other basis prohibited by local, state, or federal law.
Job Category: Quality/Risk/Safety (Non-Clinical)
Other Location(s): Oregon-Beaverton, California, Oregon, Washington-Redmond, Washington-Renton, Washington-Seattle, Washington
Req ID: 321028