Sr Analyst, Information Security

Now is the time to join PDS Health. You will have opportunities to learn new skills from our team of experienced professionals. If you're ready to take your career to the next level and gain valuable experience, apply today!

Sr Analyst, Information Security will serve as a primary evaluator of systems and controls, drive and facilitate the execution of the PDS Security, Risk Management and Service Improvement projects. These initiatives require a significant amount of hands-on attention to detail to keep all of the complex work streams aligned and on track. This role will identify gaps and ensure vulnerabilities are fixed promptly within Information Security & Compliance team by bolstering detailed business and technical coordination in critical projects. The Sr Analyst, will use key risk indicators and IT general controls when assessing system design, data privileges/access and the complete supply chain. Results and reports are shared with risk teams and other internal PDS Health stakeholders. The Controls Assessor follows up and verifies appropriate actions have taken place to manage risk and ensure PDS Health remains in compliance with applicable federal, state, and local regulations.

Responsibilities

• Assist Lead, Information Security Analyst in tracking and monitoring Security & Compliance, Risk Management and Service Improvement projects.
• Develop and implement audit practices and processes with detailed reporting and accompanying technology recommendations.
• Serve as part of a team of Controls Assessors to confirm a rigorous audit program focusing on IT Governance and Compliance and key risk indicators across the business.
• Specify guidance on key risk indicators and IT Governance and Compliance testing methodology, validation and alignment with policies and documentation.
• Draft and deliver presentations to management explaining audit findings and recommendations for corrective action that are operationally feasible, within budget and team skillset.
• Ensure required documentation is completed to support the California Consumer Privacy Act (CCPA), and other Information Security Controls.
• Conduct third-party risk assessments as part of the contract approval process.
• Continually improves the quality of PDS Security, Risk Management, and Service Improvement Projects through the use of Metrics and Key Risk Indicators (KRIs).
• Create, coordinate and develop project charters, business cases, technical and architecture specifications and project plans for identified projects.
• Responsible for completeness of all technical project documentation throughout the project lifecycle and for obtaining appropriate approvals at each phase of the project.
• Act as a liaison with the business users to document requirements and identify gaps/enhancements.
• Elicit system requirements and documenting detailed process flow diagrams to be handed over to the development teams.
• Collaborate with Learning on creating training material on how to use the applications and systems.
• Build relationships with business units to verify security-by-design controls are incorporated into projects, architecture, infrastructure, and applications.
• Identify and raise awareness of potential risks, while proposing mitigation strategies.
• Contributes in technical design sessions to ensure technical architecture will address current and future business needs.
• Leads requirements gathering sessions to evaluate and document existing business processes and future business needs.
• Monitor and direct resolution to ensure solution design meets standard architecture considerations and approvals - standard database structures, code standards, common components and reusable programs, security and performance levels system interfaces and dependencies.
• Explore new processes and tools/systems which will improve metric tracking, ensure efficient processes and increase knowledge sharing with the collaboration of internal stakeholders.
• Create metrics and analyze progress of initiatives, prepare solutions, and document Key Risk Indicators (KRIs).
• Stay abreast of new laws, regulations, and standards, and assess their impact to the business.
• Travel as needed to office locations and third-party on-site engagements.
• Other duties as assigned by the management.
  
  

Qualifications

• Bachelor’s Degree in Business, Information Technology or other related fields. In lieu of degree, 5 years of experience.
• 6 years of professional relatable experience, of those years, 3 years of project management or business analysis
• Must have working knowledge of waterfall and agile development methodologies.
• Experience in supporting IT Infrastructure
• Experience supporting security applications such as endpoint protection, IAM, CASB, DLP, NAC, Data Classifications, etc.
• Proficiency with MS Office products including some or all of the following Word, Excel, Access, PowerPoint, Outlook and Visio.
• Knowledgeable in Information Security & Compliance controls and standards (ISO, HITRUST, HIPAA, PCI, etc.)
  
  

Preferred

• Experience in either the dental, healthcare or retail industry required.
• Knowledge of the California Consumer Privacy Act (CCPA)
• Analyst, Information Security specializing in Cybersecurity Risk Management:
• Knowledge of the HITRUST framework, Gramm-Leach Blilley Act (GLBA) and General Data Protection Regulation (GDPR)
• Possesses one or more of the following certifications: Certified in Risk and Information Systems, (CRISC), Certified Information System Audtior (CISA), Security , Certified Information Systems Security Professional (CISSP), or Systems Security Certified Practioner (SSCP), Factor Analysis of Information Risk (FAIR)
• CISA highly recommended
• CISSP, CRISC
  
  

Knowledge/Skills/Abilities

• Ability to multi-task effectively without compromising the quality of the work.
• Operates within a personal scope of authority and collaborates when beneficial to achieving an objective.
• Excellent interpersonal, oral and written communication skills.
• Detail oriented, organized, process focused, problem solver, proactive, ambitious, customer service focused.
• Ability to draw conclusions and make independent decisions with limited information.
• Ability to respond to common inquiries from customers, staff, regulatory agencies, vendors, and other members of the business community.
• Self-motivated, reliable individual capable of working independently as well as part of a team.
• Skilled at working with diverse teams and promoting enterprise-wide risk management rigor and security-first culture.
• Demonstrated understanding and comprehension of a wide range of compliance and technology frameworks.
  
  

Benefits

• Medical, dental, and vision insurance
• Paid time off
• Tuition Reimbursement
• 401K
• Paid time to volunteer in your local community
  
  

Compensation Information

$116,000.00-$150,000.00 / Annually

PDS Health is an Equal Opportunity Employer. We celebrate diversity and are united in our mission to create healthier and happier team members.