IS Security Analyst Sr.
Assists the Information Security Manager, in defining, managing, and coordinating the diverse set of information security and internal controls and related activities comprising Tucson Medical Center’s Information Security Program. Implements a standardized security framework and ensures that the organization moves through the capability maturity process toward increasing levels of competencies in information security. Focused on developing and driving security strategies, policies/standards, ensuring the effectiveness of solutions, and providing security-focused consultative services to the organization. Provide expertise and assistance to IT projects to ensure the organizations infrastructure and information assets are protected.
Supports Information Services and Business Operations management in their efforts to identify and mitigate risks, implement necessary mitigating safeguards and controls, implement ongoing monitoring activities and countermeasures, and coordinate the multitude of activities.
Develops and delivers security awareness and compliance training programs.
Protects TMC information assets from intentional or inadvertent modification, disclosure or destruction, and provide support for applicable legal and regulatory requirements.
Ensures monitoring and compliance tracking for the protection of information assets to business units throughout the TMC enterprise based on the organization’s information security strategy, governance guidelines and risk assessment.
Participates as a key member of the various information security work groups and is responsible for recommending and assisting in the development and implementation of appropriate information security policies, standards, procedures, and guidelines required to safeguard information resources.
Creates and communicates status reports in accordance with departmental standards. Updates documentation consistently, following departmental policies and procedures.
Attends and participates in team, project and department meetings to increase awareness and information flow.
Identifies solutions to complex business directives or implementation impediments.
Aligns work to departmental goals.
Demonstrates ongoing dedication to expanding technical and business expertise and applies new skills and knowledge to TMC situations.
Adheres to and supports team members in exhibiting TMCH values of integrity, community, compassion, and dedication.
Adheres to TMC organizational and department-specific safety, confidentiality, values, policies and standards.
Performs related duties as assigned.
EDUCATION: Bachelor's degree or equivalent work experience in Computer Science, Information Management, or related technology field.
EXPERIENCE: Five (5) years of technology and/or information security experience, four (4) years experience with network, server, or application security technologies and concepts, and one (1) current security related certification such as CISSP, CISM, CISA, etc.; two (2) years healthcare experience preferred.
LICENSURE OR CERTIFICATION: CISSP (Certified Information Systems Security Professional) (ISSAP, ISSEP, ISSMP), CISM (Certified Information Security Manager), CISA (Certified Information Security Auditor) or other industry certifications in security and enterprise technical architecture preferred.
KNOWLEDGE, SKILLS AND ABILITIES:
- Knowledge of system analysis and operating systems preferably used in a hospital setting.
- Skill in assessing needs and determining through documentation what the best approach might be.
- Skill at problem definition and data collection by establishing facts, drawing valid conclusions.
- Ability to read, analyze and interpret general business periodicals, professional journals, technical procedures, or governmental regulations.
- Ability to write reports, business correspondence, and procedure manuals.
- Ability to effectively present information and respond to inquiries or complaints from employees, managers directors and the general public.
- Ability to calculate figures and compute rate, ratio, and percent and to draw and interpret bar graphs; ability to apply basic algebraic concepts.
- Ability to solve practical problems and deal with a variety of concrete variables in situations where only limited standardization exists.
- Ability to interpret a variety of instructions furnished in written, oral, diagram, or schedule form.