Security Analyst GRC

Job Description

Increase your chances of an interview by reading the following overview of this role before making an application.

The Security Analyst reflects the mission, vision, and values of NM, adheres to the organization's Code of Ethics and Corporate Compliance Program, and complies with all relevant policies, procedures, guidelines and all other regulatory and accreditation standards.

Responsibilities :

• Perform third party risk management including cybersecurity risk assessments to ensure third party partners meet NM requirements.
• Collaborate with third party partners and internal departments to ensure NM security requirements are being adhered to.
• Examine third party contracts to ensure the accuracy of cybersecurity language and provisions.
• Perform annual third party partner cybersecurity assessments and create accompanying reports and audits.
• Participate in HIPAA, PCI and security assessments.
• Analyze architectural diagrams and recommend security measures to safeguard valuable information assets including third party solution diagrams.
• Perform risk assessments on cloud services, applications, servers, mobile devices, medical devices and IT resources.
• Perform annual security policy reviews to keep policies up to date with the changing technologies and services.
• Follow up with IS teams to ensure risk assessments are updated in the GRC tracking tool.
• Perform daily operational tasks required for the department to protect NM’s assets. Tasks range from (but are not limited to) :
• Respond to daily security tickets / requests
• On call rotation

Competencies / Performance Expectations

Qualifications : Required :

Preferred :

Additional Information

Northwestern Medicine is an affirmative action / equal opportunity employer and does not discriminate in hiring or employment on the basis of age, sex, race, color, religion, national origin, gender identity, veteran status, disability, sexual orientation or any other protected status.

J-18808-Ljbffr