Senior Analyst, IT Security Risk and Compliance (Remote based in US)
Internal Number: 2205019639
OVERVIEW AND REPORTING RELATIONSHIP
Member of Security & Risk team, reporting to the Manager of Security & Risk. Responsible for safeguarding the interests of Tenet, its patients, employees, and shareholders by assessing information security risks to Tenet data and networks.
REPORTING STRUCTURE & WORK SETTING
Remote work position, within the Security & Risk team, under the Director of Cybersecurity Risk Management, within the Tenet Corporate Cybersecurity organization.
OTHER REPRESENTATIVE DUTIES
NOTE: The essential duties and primary accountabilities below are intended to describe the general content of and requirements of this position and are not intended to be an exhaustive statement of duties.
Work across Tenet and its facilities to complete security risk analysis activities.
Perform assessment of information security risk posed by internal and external threats and vulnerabilities.
Work with internal or external stakeholders to build and track remediation plans to mitigate residual risk.
Assist various facility and corporate contacts to ensure that risks to ePHI are properly identified, documented, prioritized and reported to facility leadership.
Assist, coach, mentor, or train new team members as needed
Assist in identifying opportunities for cost savings throughout the process (e.g. process refinement, elimination of duplicated efforts).
Assist management with enterprise risk assessment and annual Security Risk Analysis plan development.
As an Information Security subject matter expert, negotiate provisions or agreements with vendors and other third-parties to ensure the existence and effectiveness of administrative, technical, and physical security controls and to provide adequate legal protection for Tenet in the event of a disclosure of its proprietary or confidential data.
Evaluate IT general controls (ITGC) including information security, systems development life cycle (SDLC), change management, data center / physical security, data backup and recovery, business continuity, and associated risk exposures.
Stay abreast of advances in technology and IT Security trends and developments; regularly share knowledge with staff and IS management; effectively interact with various levels of internal management.
Identify emerging issues and recommend solutions to IT Audit & Compliance Management.
Information Technology (IT) security professional with a broad range of knowledge in the assessment of risk, compliance and audit of systems/processes.
Experience evaluating compliance of national entities, specific to the healthcare industry.
Skilled in coordination with vendors, service providers, customers, executives and subject matter experts.
Proficient in mediation, negotiation, and effecting discrepancy remediation.
Technically astute, experience in conducting security audits and compliance activities via telecommuting and site-based operations.
EDUCATION AND WORK EXPERIENCE
Minimum ten years of experience or five years of experience with a BS in Computer Science or equivalent field.
Preferred education and/or experience: Experience working in cross-departmental teams and leading efforts through collaboration and influence.
SPECIALIZED KNOWLEDGE, SKILLS & ABILITIES:
Proven ability in the performance of information security risk assessments.
Experience in performing risk and compliance assessments of new and existing solutions.
Experience in negotiating Information Security Agreements helpful.
Demonstrated ability in identification of vulnerabilities/threats to data, systems and networks.
Ability to provide guidance and recommended remediation or alternative solutions for both internal and external supported environments.
Ability to provide guidance in the identification, documentation and rating of threats/vulnerabilities, and remediation steps recommended to reduce risks to data, systems and networks.
Specialized training, certifications, or other special requirements:
Certified Information Systems Security Professional (CISSP)
Health Insurance Portability and Accountability Act (HIPAA)
Sarbanes-Oxley Act (SOX) (Preferred)
Service Organization Compliance (SOC 1 and SOC 2) (Preferred)
Payment Card Industry Data Security Standards (PCI-DSS) (Preferred)
Federal Financial Institutions Examination Council (FFIEC) (Preferred)
Tenet Healthcare/USPI complies with federal, state, and/or local laws regarding mandatory vaccination of its workforce. If you are offered this position and must be vaccinated under any applicable law, you will be required to show proof of full vaccination or obtain an approval of a religious or medical exemption prior to your start date. If you receive an exemption from the vaccination requirement, you will be required to submit to regular testing in accordance with the law.
Primary Location: Alabama
Facility: Tenet Headquarters
Job Type: Full-time
Shift Type: Days
Employment practices will not be influenced or affected by an applicantâ��s or employeeâ��s race, color, religion, sex (including pregnancy), national origin, age, disability, genetic information, sexual orientation, gender identity or expression, veteran status or any other legally protected status. Tenet will make reasonable accommodations for qualified individuals with disabilities unless doing so would result in an undue hardship.
Tenet Healthcare Corporation (NYSE: THC) is a diversified healthcare services company headquartered in Dallas with 112,000 employees. Through an expansive care network that includes United Surgical Partners International, we operate 65 hospitals and approximately 510 other healthcare facilities, including surgical hospitals, ambulatory surgery centers, urgent care and imaging centers and other care sites and clinics. We also operate Conifer Health Solutions, which provides revenue cycle management and value-based care services to hospitals, health systems, physician practices, employers and other clients. Across the Tenet enterprise, we are united by our mission to deliver quality, compassionate care in the communities we serve.