Job Description

ECU Health

About ECU Health

ECU Health is a mission-driven, 1,708-bed academic health care system serving more than 1.4 million people in 29 eastern North Carolina counties. The not-for-profit system is comprised of 13,000 team members, nine hospitals and a physician group that encompasses over 1,100 academic and community providers practicing in over 180 primary and specialty clinics located in more than 130 locations.

The flagship ECU Health Medical Center, a Level I Trauma Center, and ECU Health Maynard Children’s Hospital serve as the primary teaching hospitals for the Brody School of Medicine at East Carolina University. ECU Health and the Brody School of Medicine share a combined academic mission to improve the health and well-being of eastern North Carolina through patient care, education and research.

Position Summary

Security Compliance Analyst will be responsible for monitoring, managing and closing existing compliance issues while also ensuring that internal systems are compliant with security standards. In carrying out these functions, the Security Compliance Analyst's responsibilities include the identification, evaluation and interpretation of regulatory, statutory and member security requirements, control deficiencies and information security risks.

Responsibilities

Ability to learn new skills quickly; Keen attention to detail; and Adept at multi-tasking such as concurrently managing multiple incidents, project tasks, or keep lights on maintenance activities.

Implements preventive measures for similar issues. Partners with other teams to develop complex unit and integrated test plans.

Proactively evaluates needs for required system upgrades or patches to ensure compliant with technology versioning for technology supported directly or indirectly by team.

Coordinates and performs cross functional team evaluation, testing, and implementation of defect patches, system upgrades and releases according to the Information Services support model and change control procedures.

Implement and provide ongoing monitoring and enhancing of testing automation tools to reduce labor effort to perform unit or integrated testing time.

Performs an extensive range and variety of complex technical, financial, quality, and/or professional work activities.

Undertakes work which requires the application of principles in a wide and often unpredictable range of contexts.

Possesses clear understanding of technology interdependency from a business or clinical operations and IT system perspective on complex or enterprise level.

Initiates and assists in coordinating the technical aspects on your team.

Analyze data and present information in a way this is understandable and supports decision making.

Proactively ensures security is appropriately addressed within their area by self and others. Engages or works with security specialists as necessary. Contributes to the security culture of the organization.

Understand how services provided by your area share data between systems, internal and external to the organization.

Develop diagrams that represent how the system communicates or interfaces with other systems. Advanced documentation may also include security entitlements, architecture, or logical environments.
Effectively guides work of other team members.

Follows methodology and procedures set by IS Project Management Office (PMO) and completes assigned tasks related to projects.

Proposes ideas, solutions and action plans.

Ability to coach and mentor to grow.

Provides subject matter expertise to help improve team performance and drive results. Leads by example and demonstrates flexibility to adapt to different situations.
Communications effectively to others strategy alignment and big picture.

Leads team members and engaging business partners in learning opportunities within department, vendor user groups, or industry forums.

Sought out by organization team members for subject matter expertise.
Accepts responsibility for own actions and decisions. Does not make excuses for errors. Acknowledges and corrects own mistakes, following the Just Culture Model. Understands the risks and consequences that errors in work could have on patient care and/or organizational finances.

Deep knowledge of ITIL including Service Value System and demonstrates ability to mentor others on ITIL guiding principles.

Monitors and supports team based metrics for service management and leads team in discussing real-time interventions to mitigate missing targets and make recommends on implementing plans to avoid future incidents.
Aware of how processes and systems affect the organization, what is or is not working as they perform work and deliver services.

Constantly analyzing data and metrics and associated end user interactions in problem definition, and is willing to challenge long-held beliefs. Uses subject matter expertise to propose multiple alternatives and recommend and implement optimal solution. Makes effective decisions for self and team within scope of authority. Coaches other team members on problem solving techniques.
Interacts with team members and customers in a courteous, respectful and reciprocal manner.

Fosters coaching, feedback and listening skills as strategic tools for individual and team growth and development.

Handles difficult interpersonal situations with the intent of making positive contributions that result in desired outcomes and resolve issues. Honest and caring feedback is provided, oriented toward problem solving and removing obstacles.
Presents highly complex technical information to various audiences effectively including department, cross team, or larger group settings. Strives for Win-Win solutions with every interaction. Promotes transparency and awareness through communication with appropriate detail matching audience. Understands how and when to raise awareness to team and leadership with the needed effective content.
Respects team processes and holds self personally accountable.

Leads efforts to build collaboration across multiple teams, vendors, and business partners, recognizing and valuing varying expertise and input for complex workflows and enterprise level decisions.

Encourages open dialog and different points of view to elicit sound solution.

Influences strategy formation. Initiates influential relationships with vendors, peers and business partners in senior level positions.

Acknowledges and celebrates the achievements of team and team members.

Minimum Requirements

Bachelor's degree or 2-year degree in computer science, computer technology, information management, business, healthcare administration or related field desired.

1-3 certifications in related technologies required, CISA and HITRUST CCSFP required. CISSP or CRISC or CISM highly desired.

5-7 plus years of relevant technical experience working in large cyber security risk management team

5-7 plus years of collaborative experience with other technical teams that have shown positive results.

A technically strong individual with 5-7 years of knowledge of Healthcare IS solutions strongly desired.

Knowledge of Application Security Risks (e.g. Open Web Application Security Project Top 10 list)

Knowledge of emerging security issues, risks, and vulnerabilities.

Knowledge of countermeasure design for identified security risks.

Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).

Knowledge of information technology (IT) supply chain security and supply chain risk management policies, requirements, and procedures.

Knowledge of Risk Management Framework (RMF) requirements.

Knowledge of client organizations, including information needs, objectives, structure, capabilities, etc.

Knowledge of supply chain risk management standards, processes, and practices.

Knowledge of structured analysis principles and methods.

Knowledge of risk/threat assessment.

Knowledge of information technology (IT) risk management policies, requirements, and procedures.

Knowledge of information security concepts, facilitating technologies and methods.

Ability to apply supply chain risk management standards.

Skill in performing impact/risk assessments.

Knowledge of risk management and mitigation strategies.

Knowledge of program protection planning (e.g. information technology (IT) supply chain security/risk management policies, anti-tampering techniques, and requirements).

Knowledge of the Risk Management Framework Assessment Methodology.

Ability to establish and maintain automated security control assessments

Ability to share meaningful insights about the context of an organizations threat environment that improve its risk management posture.

Knowledge of internal and external customers and partner organizations, including information needs, objectives, structure, capabilities, etc.

Knowledge of organization's risk tolerance and/or risk management approach.

Knowledge of data classification standards and methodologies based on sensitivity and other risk factors.

Knowledge of cybersecurity and privacy principles used to manage risks related to the use, processing, storage, and transmission of information or data.

Skill to express orally and in writing the relationship between intelligence capability limitations and decision-making risk and impacts on the overall operation.

Knowledge of policy-based and risk adaptive access controls.

General Statement

It is the goal of ECU Health and its entities to employ the most qualified individual who best matches the requirements for the vacant position.

Offers of employment are subject to successful completion of all pre-employment screenings, which may include an occupational health screening, criminal record check, education, reference, and licensure verification.

We value diversity and are proud to be an equal opportunity employer. Decisions of employment are made based on business needs, job requirements and applicant’s qualifications without regard to race, color, religion, gender, national origin, disability status, protected veteran status, genetic information and testing, family and medical leave, sexual orientation, gender identity or expression or any other status protected by law. We prohibit retaliation against individuals who bring forth any complaint, orally or in writing, to the employer, or against any individuals who assist or participate in the investigation of any complaint.

Contact Information

For additional information, please contact:

D'metrius Dew, Talent Acquisition Consultant

ECU Health Talent Acquisition

Email: [email protected]