Security Analyst, GRC

Benefits

• $10,000 Tuition Reimbursement per year ($5,700 part-time)
• $10,000 Student Loan Repayment ($5,000 part-time)
• $1,000 Professional Development per year ($500 part-time)
• $250 Wellbeing Fund per year($125 for part-time)
• Matching 401(k)
• Excellent medical, dental and vision coverage
• Life insurance
• Annual Employee Salary Increase and Incentive Bonus
• Paid time off and Holiday pay

Pay Starting at: $40.34+ per hour based on experience

Northwestern Medicine is powered by a community of colleagues who are purpose-driven and committed to our mission to deliver world-class care. Here, you'll work alongside some of the best clinical talent in the nation leading the way in medical innovation and breakthrough research with Northwestern University Feinberg School of Medicine.

We recognize where you've been, and we support where you're headed. We celebrate diverse perspectives and experiences, which fuel our commitment to equity and culture of service.

Grow your career with comprehensive training and development opportunities, mentorship programs, educational support and student loan repayment.

• Create the life you envision for yourself with flexible work options, a Reimbursable Well-Being Fund and a Total Rewards package that support your physical, mental, emotional and financial well-being.
• Make a difference through volunteer opportunities we offer in local communities and drive inclusive change through our workforce-led resource groups.

From discovery to delivery, come help us shape the future of medicine.

Description

The Security Analyst reflects the mission, vision, and values of NM, adheres to the organizations Code of Ethics and Corporate Compliance Program, and complies with all relevant policies, procedures, guidelines and all other regulatory and accreditation standards.

Responsibilities:

  Perform third party risk management including cybersecurity risk assessments to ensure third party partners meet NM requirements.

· Collaborate with third party partners and internal departments to ensure NM security requirements are being adhered to.

· Examine third party contracts to ensure the accuracy of cybersecurity language and provisions.

· Perform annual third party partner cybersecurity assessments and create accompanying reports and audits.

· Participate in HIPAA, PCI and security assessments.

· Analyze archectual diagrams and recommend security measures to safeguard valuable information assets including third party solution diagrams.

· Perform risk assessments on cloud services, applications, servers, mobile devices, medical devices and IT resources.

· Perform annul security policy reviews to keep policies up to date with the changing technologoies and services.

· Follow up with IS teams to ensure risk assessments are updated in the GRC tracking tool.

· Perform daily operational tasks required for the department to protect NM’s assets. Tasks range from (but are not limited to):

o Respond to daily security tickets / requests

o On call rotation

· AA/EOE.

 

COMPETENCIES / PERFORMANCE EXPECTATIONS

Third party risk management proficiency

·Famaliarity of HIPAA Security and Privacy Rules

·Understanding of cybersecurity contract language

·Security operations experience

 PCI

QUA

Qualifications

Required:

• Bachelors degree or equivalent work experience
• Two or more years of professional IT experience, including Cyber Security
• Working knowledge of the following subjects:
  • Network (protocols, topologies)
  • Security controls (proxies, IPS, IDS, Firewall and packet analyzers)
  • Systems (Windows, Linux/UNIX)
  • Software development (development / scripting langages)
  • Incident Response
  • Threat and Vulnerability Management
• Experience and knowledge of at least two of the major security vendors relevant to the position.
• Working knowledge of Security Standards/Controls specified under various IT governance and compliance models (NIST, HIPAA, PCI, ISO 27001&27002, ITIL).
• Excellent problem solving skills
• Demonstrated timely task completion involving solid organizational skills, task tracking, follow-up, and productive peer interaction.
• Excellent verbal and written communication skills.

Preferred:

• Certification or courses: Associate of (ISC)/CISSP, GSEC, GCWN, GCED or CEH a plus

Equal Opportunity

Northwestern Medicine is an affirmative action/equal opportunity employer and does not discriminate in hiring or employment on the basis of age, sex, race, color, religion, national origin, gender identity, veteran status, disability, sexual orientation or any other protected status.