Providence Health & Services Principal Information Security Analyst (Governance, Risk, Compliance) in Redmond, Washington
Providence is calling a Principal Information Security Analyst (Governance, Risk, Compliance) to one of our locations in Redmond, WA, Seattle, WA, Renton, WA, Irvine CA, or Portland, OR.
We are seeking a Principal Information Security Analyst who will be the senior-most individual contributor position on the Information Security Services team, supporting enterprise and regional requirements. He/She possesses breadth and depth of expertise across security, risk management and related domains. They are expertly skilled in planning, managing and delivering all aspects of a significant program or subject area, and are a proven leader. The Principal Information Security Analyst will be assigned responsibilities commensurate with that position of seniority, knowledge and experience and lead significant aspects of the system-wide Information Security program, including development, ongoing planning and execution of the roadmap for their program domain(s). They are expected to provide thought leadership to the organization in areas such as, but not limited to: information security frameworks, business continuity management, reporting and metrics, security risk management, firewall protection, information security training, intrusion prevention, data loss prevention, anti-virus endpoint protection, security policy and standards, regulatory/contractual requirements, planning, mitigation, PCI, and HIPAA Compliance.
The Principal Information Security Analyst is able to translate strategy into tactical plans then achieve its milestones, determining resource needs and coordinating the work of a cross functional team, often in a lead role. They are responsible for overseeing and coordination of all aspects of a significant domain(s) within the information security program ranging from business requirements and detailed planning (schedule, scope, budget) to on-time completion of deliverables to QA criteria and testing and ongoing metrics and reporting. He/She works fairly autonomously to proactively develop enterprise security methodologies and implement enterprise-wide processes that address and show adherence to regulatory requirements, and that reduce risks to the organization while driving efficiencies. They formulate and lead interdisciplinary teams to identify, assess and address security risks. They are recognized both within EIS and by business units as an authoritative subject matter expert for their assigned domains and have a strong understanding of how the security programs support and effect the organization.
The Principal Information Security Analyst will create and utilize various tools and methods to provide support to end users, technology teams, projects and business leaders on a regular and ad hoc basis. Responsible for working collaboratively and effectively with project sponsors, IT site directors, regional leaders and project managers to assess, analyze and develop information security related business needs and requirements for potential projects/initiatives.
In this position you will have the following responsibilities:
Identify, develop, and implement needed enterprise-wide security programs and projects that include budget, resource plans, work-plans, schedules and supporting training and documentation. Readily able to translate strategic direction into a concrete action plan with milestones and success criteria. Works proactively with minimal supervision / provides leadership for cross functional teams.
Plans and leads the work of others. Works proactively with minimal supervision and collaborates across organizational boundaries. Routinely interfaces with business and technology leaders and sponsors to:
Identify, develop, and implement needed enterprise-wide security programs and projects that include budget, resource plans, work-plans, schedules and supporting training and documentation.
Develop business and technical requirements; create use cases, test cases and QA criteria to support project implementation while driving health system objectives relative to standardization, integration, efficiency and regulatory compliance.
Manage completion of deliverables of assigned resources in cross-functional project teams, often for concurrent projects. Serve as ISS liaison for new system implementations and enhancement projects.
Facilitate /coordinate resources required for system implementations.
Drive /coordinate departmental organizational and operational transformation initiatives. Manages initiatives that support the creation and implementation of operational support models, availability models, system portfolios, service delivery playbooks, service dashboards (key performance indicators, key risk indicators) and system inventory financial portfolios. Leads teams to drive ongoing process improvement and optimization of these initiatives.
Creates, documents, implements and manages procedures and processes that ensure security control effectiveness.
Develops and maintains documentation for all assigned responsibilities.
Drives/coordinates resources assigned to security initiatives in support of Information Services (IS) and other departmental transformation initiatives.
Facilitates/coordinates resources required for system implementations.
Manage, coach, mentor, and develop functional team, including identification of training needs and recommending development programs.
Recruits, leads, trains and inspires a diverse group of individuals
Translates strategic directions and guidance into tactical plans, processes, and tools to achieve the strategic outcomes.
Prioritize work, delegate tasks and effectively address difficult situations."
Drives /coordinates departmental organizational and operational transformation initiatives. Manages initiatives that support the creation and implementation of operational support models, availability models, system portfolios, service delivery playbooks, service dashboards (key performance indicators, key risk indicators) and system inventory financial portfolios. Leads teams to drive ongoing process improvement and optimization of these initiatives. Manages and oversees strategy, planning and delivery.
Drives/coordinates resources assigned to security initiatives in support of Information Services (IS) and other departmental transformation initiatives. Manages and oversees strategy, planning and delivery.
Drives and coordinates system optimization and remediation initiatives, often planning and leading the work of others while working proactively under minimal supervision. Collaborates across organizational boundaries. Routinely interfaces with business and technology leaders and sponsors..
Provides thought leadership and oversight for (multiple) assigned domains.
Lead efforts in the areas of security risk identification, analysis, classification, and mitigation strategies.
Leads creation of information security regulatory requirements, health system security policies, and security best practices. Advises departments across the health system on appropriate controls consistent with security policies, standards and best practices.
Contributes information pertinent to formal security training and provide informal information security awareness information to PSJH caregivers as needed. Commands subject matter expert level knowledge and can confidently and accurately disseminate information to an audience.
Manage expectations and effective communication to colleagues, project team members, sponsors, stakeholders, business leaders, as well as internal and external security stakeholders and leaders.
Required qualifications for this position include:
Bachelor's Degree in Computer Science, Management Information Systems, Information Security, Business Management or a related field or equivalent education/experience.
10 years Information Security experience.
Certified Information Systems Security Professional upon hire.
Certified Information Systems Auditor upon hire.
Either of the above or one of the following upon hire: Certified Information Security Manager (CISM), Certified Business Continuity Professional (CBCP), Master Business Continuity Professional (MBCP), PCI-ISA designation (Payment Card Industry-Internal Security Assessor), or PCIP (Payment Card Industry Professional).
Demonstrated experience working independently and in collaboration with cross-functional teams.
Demonstrated experience providing in-depth analysis of complex issues which are then presented to cross-functional teams.
Demonstrated experience in service delivery, process definition, and basic system development.
Hands-on experience with security risk management practices.
Preferred qualifications for this position include:
Master's Degree in Computer Science, Management Information Systems, Information Security, Business Management or a related field.
10 years healthcare experience.
Healthcare industry knowledge.
About the department you will serve.
Providence Strategic and Management Services provides a variety of functional and system support services for all eight regions of Providence Health & Services from Alaska to California. We are focused on supporting our Mission by delivering a robust foundation of services and sharing of specialized expertise.
We offer comprehensive, best-in-class benefits to our caregivers. For more information, visit
As expressions of God’s healing love, witnessed through the ministry of Jesus, we are steadfast in serving all, especially those who are poor and vulnerable.
Providence is a comprehensive not-for-profit network of hospitals, care centers, health plans, physicians, clinics, home health care and services continuing a more than 100-year tradition of serving the poor and vulnerable. Providence is proud to be an Equal Opportunity Employer. Providence does not discriminate on the basis of race, color, gender, disability, veteran, military status, religion, age, creed, national origin, sexual identity or expression, sexual orientation, marital status, genetic information, or any other basis prohibited by local, state, or federal law.
Job Category: Quality/Risk/Safety (Non-Clinical)
Other Location(s): Washington-Seattle, Oregon-Portland, Washington-Redmond, California-Irvine
Req ID: 303252