IT Security Compliance Analyst

Beth Israel Deaconess Medical Center
30 Sep 2022
23 Oct 2022
Job Type
IT Security
Employer Sector
Technology, IT & Telecoms
Contract Type
Full Time
Job Posting Job Summary: Provides direct support to the Director of Security Governance, Risk and Compliance and security shared service team by assuring information system processes and procedures meet or exceed our contractual security compliance requirements. Essential Responsibilities: Understand technical implementation details necessary to support the design of practical and scalable security controls to mitigate risks; assist in maintaining BILH's suite of security controls and policies (administrative and technical). Assist in performing audits using industry standard security methods to help strengthen internal security controls, procedures and policies; assist with the development, implementation, and execution of BILH–wide information security training and awareness programs. Support the development of required corrective action plans relating to security risks and compliance requirements; support the implementation and maintenance of technical security controls required to mitigate risks. Implement security procedures to address compliance requirements; support annual risk assessment and business impact analysis. Support security audits by working with internal tools and infrastructure to ensure effectiveness of control implementations and to produce evidence for external audits. Participate in team problem solving efforts and offer ideas to solve compliance issues. Act as a security compliance liaison with technical subject matter experts. Work with IT Security team in the development and acceptance of IT policies and procedures.; ensure program standards follow applicable State and Federal regulatory requirements. Maintains professional and technical knowledge by attending industry workshops, conferences, and participating in personal and professional networks. Performs related duties as assigned. Required Qualifications: High School diploma or GED required. Bachelor's degree preferred. Current certification on one of the following preferred: CISSP, CCISO, CISA, CISM, CRISC, CEH. 3–5 years related work experience required in Minimum 1 year experience in developing information security programs and assessing effectiveness of such programs. Experience working with Security Incident and Event Management (SIEM) tools, endpoint detection and response tools, vulnerability management suites, and various security solutions. Experience in working with GRC systems/modules. Experience in working across enterprises with various teams beyond security (infrastructure/IT, privacy, compliance, finance, etc.) Solid knowledge of security framework and best practices. Knowledge of operating system, application, network, and database security architectures. Solid understanding of network and systems security, system and network configuration, and application security. Knowledge of controls related to security, skills in creating, developing and improving controls. Ability to work independently and consultatively to apply applicable IT security rules, regulations, policies and procedures. Must demonstrate and maintain current knowledge of industry trends and technologies. Solid knowledge of generally accepted security frameworks. Advanced technical computer skills as required for technical support specific to functional area and related systems. Competencies: Decision Making: Ability to make decisions that are guided by general instructions and practices requiring some interpretation. May make recommendations for solving problems of moderate complexity and importance. Problem Solving: Ability to address problems that are varied, requiring analysis or interpretation of the situation using direct observation, knowledge and skills based on general precedents. Independence of Action: Ability to set goals and determines how to accomplish defined results with some guidelines. Manager/Director provides broad guidance and overall direction. Written Communications: Ability to summarize and communicate in English moderately complex information in varied written formats to internal and external customers. Oral Communications: Ability to comprehend and communicate complex verbal information in English to medical center staff, patients, families and external customers. Knowledge: Ability to demonstrate full working knowledge of standard concepts, practices, procedures and policies with the ability to use them in varied situations. Team Work: Ability to act as a team leader for small projects or work groups, creating a collaborative and respectful team environment and improving workflows. Results may impact the operations of one or more departments. Customer Service: Ability to provide a high level of customer service and staff training to meet customer service standards and expectations for the assigned unit(s). Resolves service issues in the assigned unit(s) in a timely and respectful manner. Physical Nature of the Job: Sedentary work: Exerting up to 10 pounds of force occasionally in carrying, lifting, pushing, pulling objects. Sitting most of the time, with walking and standing required only occasionally