Security Compliance Analyst I

ECU Health

About ECU Health Medical Center

ECU Health Medical Center, one of four academic medical centers in North Carolina, is the 974-bed flagship hospital for ECU Health and serves as the primary teaching hospital for The Brody School of Medicine at East Carolina University. ECU Health Medical Center has achieved Magnet® designation twice and provides acute and intermediate care, rehabilitation and outpatient health services to a 29-county region that is home to more than 1.4 million people.

Position Summary

Security Compliance Analyst will be responsible for monitoring, managing and closing existing compliance issues while also ensuring that internal systems are compliant with security standards. In carrying out these functions, the Security Compliance Analyst's responsibilities include the identification, evaluation and interpretation of regulatory, statutory and member security requirements, control deficiencies and information security risks.

Minimum Requirements

Bachelor's degree or 2-year degree in computer science, computer technology, information management, business, healthcare administration or related field desired- or higher.

1-3 certifications in related technologies preferred, CISA required.

1-3 plus years or more years total audit/system experience including at least one year of security risk assessment experience.

1-3 plus years of collaborative experience with other technical teams that have shown positive results.

A technically strong individual with a knowledge of Healthcare IS solutions.

Knowledge of Application Security Risks (e.g. Open Web Application Security Project Top 10 list)

Knowledge of emerging security issues, risks, and vulnerabilities.

Knowledge of countermeasure design for identified security risks.

Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).

Knowledge of information technology (IT) supply chain security and supply chain risk management policies, requirements, and procedures.

Knowledge of Risk Management Framework (RMF) requirements.

Knowledge of client organizations, including information needs, objectives, structure, capabilities, etc.

Knowledge of supply chain risk management standards, processes, and practices.

Knowledge of structured analysis principles and methods.

Knowledge of risk/threat assessment.

Knowledge of information technology (IT) risk management policies, requirements, and procedures.

Knowledge of information security concepts, facilitating technologies and methods.

Skill in performing impact/risk assessments.

Knowledge of risk management and mitigation strategies.

Knowledge of program protection planning (e.g. information technology (IT) supply chain security/risk management policies, anti-tampering techniques, and requirements).

Knowledge of the Risk Management Framework Assessment Methodology.

Ability to establish and maintain automated security control assessments

Ability to share meaningful insights about the context of an organization's threat environment that improve its risk management posture.

Knowledge of internal and external customers and partner organizations, including information needs, objectives, structure, capabilities, etc.

Knowledge of organization's risk tolerance and/or risk management approach.

Knowledge of data classification standards and methodologies based on sensitivity and other risk factors.

Knowledge of cybersecurity and privacy principles used to manage risks related to the use, processing, storage, and transmission of information or data.

Skill to express orally and in writing the relationship between intelligence capability limitations and decision-making risk and impacts on the overall operation.

Knowledge of policy-based and risk adaptive access controls.

Other Information

REMOTE-Hybrid

General Statement

It is the goal of ECU Health and its entities to employ the most qualified individual who best matches the requirements for the vacant position.

Offers of employment are subject to successful completion of all pre-employment screenings, which may include an occupational health screening, criminal record check, education, reference, and licensure verification.

We value diversity and are proud to be an equal opportunity employer. Decisions of employment are made based on business needs, job requirements and applicant’s qualifications without regard to race, color, religion, gender, national origin, disability status, protected veteran status, genetic information and testing, family and medical leave, sexual orientation, gender identity or expression or any other status protected by law. We prohibit retaliation against individuals who bring forth any complaint, orally or in writing, to the employer, or against any individuals who assist or participate in the investigation of any complaint.