The Sr.Information Security Risk Assessment Analyst assists the Vice President (VP) and Chief Information Security Officer (CISO) in developing, maintaining, and executing a continuous, flexible information security risk management program that aligns with Harris Health's overall strategic business and IT goals, and addresses the higher-risk areas and concerns of Executive Management. Works alongside the Harris County legal team and the Harris Health corporate compliance department to review third-party contracts and ensure compliance to standards and regulations regarding information access, security, and privacy. Leads all phases of internal and third-party risk assessments, as-well-as planned IT audits and reviews. Coordinates internal and third-party security audits, to include HIPAA audits, PCI DSS audits, Service Organization Controls (SOC) audits, ISO audits, SSAE 16 / ISAE 3402 audits, customer audits, and other compliance / regulatory audits. Assists VP/CISO with decisions regarding risk and audit planning, testing plans and methodologies for risk and audit projects. Assists VP/CISO in determining reportable observations, findings and recommendations to relay to Executive Management and Board of Trustees. Develops and publishes related risk and audit reports and reviews. Drafts and updates various departmental and organization-wide information security policies.
MINIMUM QUALIFICATIONS: Education/Specialized Training/Licensure: Four (4) year degree in an Information Systems, Business Management or equivalent work experience. Knowledge of HIPAA Security rule, HITECH, Payment Card Industry (PCI). Previous IT audit and risk management experience, or equivalent combination of education and experience HCISPP, CIPP, CISA, CISM, CRISC, GSNA and/or CISSP , highly desirable or must be obtained within 6 months of accepting position.
Five (5) years related industry experience (business).
Five (5) years in Information Security, Cyber Risk and/or Compliance position.
Ability to evaluate, review and report on a range of information systems and applications to include EPIC, Windows, Unix, IBM, Cisco,
SPECIAL REQUIREMENTS: Communication Skills: Exceptional Verbal (e.g., Public Speaking) Writing /Composing (Correspondence)
The Harris Health System is a fully integrated healthcare system that cares for all residents of Harris County, Texas. We are the first accredited healthcare institution in Harris County to be designated by the National Committee for Quality Assurance as a Patient-Centered Medical Home, and are one of the largest systems in the country to achieve the quality standard. Our system includes 23 community health centers, five school-based clinics, a dental center and dialysis center, mobile health units, a rehabilitation and specialty hospital and two full-service hospitals.Ben Taub Hospital is a world renowned Level I Trauma Center with 586 licensed acute-care beds and provides a wide range of specialty care outpatient services. Lyndon B. Johnson Hospital is a 328 licensed bed acute-care hospital with a newly expanded Level III trauma center and a distinguished regional center for neonatal intensive care for high-risk deliveries.Harris Health is a teaching system for Baylor College of Medicine and The University of Texas Health Science Center at Houston (UTHealth). We train the next generation of healthcare providers on the latest medical procedures and technological breakthroughs.With... our fully integrated electronic medical records system, we offer patients the convenience and assurance that their medical history is accurate, safe and available when and where it is needed. Our Medical Home designation ensures that we offer a full range of preventive, specialty and acute care services for the entire family.