Security Analyst, GRC @ Northwestern Memorial Healthcare

Northwestern Memorial Healthcare Northwestern Medicine is a leader in quality healthcare and service, bringing together faculty, physicians, and researchers to support and advance that care through leading-edge treatments and breakthrough discoveries.At Northwestern Medicine, every patient interaction makes a difference in cultivating a positive workplace. This patient-first approach is what sets us apart as a leader in the healthcare industry. As an integral part of our team, you'll have the opportunity to join our quest for better healthcare, no matter where you work within the Northwestern Medicine system. We pride ourselves on providing competitive benefits : from tuition reimbursement and loan forgiveness to 401(k) matching and lifecycle benefits, we take care of our employees. Ready to join our quest for better?Job Description The Security Analyst reflects the mission, vision, and values of NM, adheres to the organization's Code of Ethics and Corporate Compliance Program, and complies with all relevant policies, procedures, guidelines, and all other regulatory and accreditation standards.Responsibilities : Perform third party risk management including cybersecurity risk assessments to ensure third party partners meet NM requirements.Collaborate with third party partners and internal departments to ensure NM security requirements are being adhered to.Examine third party contracts to ensure the accuracy of cybersecurity language and provisions.Perform annual third party partner cybersecurity assessments and create accompanying reports and audits.Participate in HIPAA, PCI, and security assessments.Analyze architectural diagrams and recommend security measures to safeguard valuable information assets including third party solution diagrams.Perform risk assessments on cloud services, applications, servers, mobile devices, medical devices, and IT resources.Perform annual security policy reviews to keep policies up to date with the changing technologies and services.Follow up with IS teams to ensure risk assessments are updated in the GRC tracking tool.Perform daily operational tasks required for the department to protect NM’s assets, including : Respond to daily security tickets / requestsOn-call rotationCompetencies / Performance Expectations : Third party risk management proficiencyFamiliarity with HIPAA Security and Privacy RulesUnderstanding of cybersecurity contract languageSecurity operations experiencePCIQualifications Required : Bachelor's degree or equivalent work experienceTwo or more years of professional IT experience, including Cyber SecurityWorking knowledge of the following subjects : Network (protocols, topologies)Security controls (proxies, IPS, IDS, Firewall, and packet analyzers)Systems (Windows, Linux / UNIX)Software development (development / scripting languages)Incident ResponseThreat and Vulnerability ManagementExperience and knowledge of at least two of the major security vendors relevant to the position.Working knowledge of Security Standards / Controls specified under various IT governance and compliance models (NIST, HIPAA, PCI, ISO 27001 & 27002, ITIL).Excellent problem-solving skillsDemonstrated timely task completion involving solid organizational skills, task tracking, follow-up, and productive peer interaction.Excellent verbal and written communication skills.Preferred : Certification or courses : Associate of (ISC) / CISSP, GSEC, GCWN, GCED, or CEH a plusAdditional Information Northwestern Medicine is an affirmative action / equal opportunity employer and does not discriminate in hiring or employment on the basis of age, sex, race, color, religion, national origin, gender identity, veteran status, disability, sexual orientation, or any other protected status.#J-18808-Ljbffr