Job ID: 957530
Facility: Vidant Health
Location: Greenville, NC
Date Posted: May 18, 2022
About Vidant Medical Center
Vidant Medical Center is a 900+ bed Level-1 Trauma Center, regional referral hospital and is the flagship hospital for Vidant Health. We serve as the teaching hospital for the Brody School of Medicine at East Carolina University. Vidant Medical Center provides acute, intermediate, rehabilitation and outpatient services to more than 1.4 million people in 29 counties. But it's in our work environment that you'll find our sense of family and closeness that permeates everything we do.
Security Compliance Analyst will be responsible for monitoring, managing and closing existing compliance issues while also ensuring that internal systems are compliant with security standards. In carrying out these functions, the Security Compliance Analyst's responsibilities include the identification, evaluation and interpretation of regulatory, statutory and member security requirements, control deficiencies and information security risks.
Bachelor's degree or 2-year degree in computer science, computer technology, information management, business, healthcare administration or related field desired.
1-3 certifications in related technologies desired, CISA required. HITRUST highly recommended.
3-5 plus years of relevant technical experience working in large cyber security risk management team
3-5 plus years of collaborative experience with other technical teams that have shown positive results.
A technically strong individual with 3-5 years of knowledge of Healthcare IS solutions strongly desired. Knowledge of Application Security Risks (e.g. Open Web Application Security Project Top 10 list)
Knowledge of emerging security issues, risks, and vulnerabilities.
Knowledge of countermeasure design for identified security risks.
Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).
Knowledge of information technology (IT) supply chain security and supply chain risk management policies, requirements, and procedures.
Knowledge of Risk Management Framework (RMF) requirements.
Knowledge of client organizations, including information needs, objectives, structure, capabilities, etc.
Knowledge of supply chain risk management standards, processes, and practices.
Knowledge of structured analysis principles and methods.
Knowledge of risk/threat assessment.
Knowledge of information technology (IT) risk management policies, requirements, and procedures.
Knowledge of information security concepts, facilitating technologies and methods.
Skill in performing impact/risk assessments.
Knowledge of risk management and mitigation strategies.
Knowledge of program protection planning (e.g. information technology (IT) supply chain security/risk management policies, anti-tampering techniques, and requirements).
Knowledge of the Risk Management Framework Assessment Methodology.
Ability to establish and maintain automated security control assessments
Ability to share meaningful insights about the context of an organization's threat environment that improve its risk management posture.
Knowledge of internal and external customers and partner organizations, including information needs, objectives, structure, capabilities, etc.
Knowledge of organization's risk tolerance and/or risk management approach.
Knowledge of data classification standards and methodologies based on sensitivity and other risk factors.
Knowledge of cybersecurity and privacy principles used to manage risks related to the use, processing, storage, and transmission of information or data.
Skill to express orally and in writing the relationship between intelligence capability limitations and decision-making risk and impacts on the overall operation.
Knowledge of policy-based and risk adaptive access controls.
Full time w/benefits
It is the goal of Vidant Health and its entities to employ the most qualified individual who best matches the requirements for the vacant position.
Offers of employment are subject to successful completion of all pre-employment screenings, which may include an occupational health screening, criminal record check, education, reference, and licensure verification.
We value diversity and are proud to be an equal opportunity employer. Decisions of employment are made based on business needs, job requirements and applicant’s qualifications without regard to race, color, religion, gender, national origin, disability status, protected veteran status, genetic information and testing, family and medical leave, sexual orientation, gender identity or expression or any other status protected by law. We prohibit retaliation against individuals who bring forth any complaint, orally or in writing, to the employer, or against any individuals who assist or participate in the investigation of any complaint.