IS Security Analyst

SUMMARY:

Assists the Information Security Manager, in defining, managing, and coordinating the diverse set of information security and internal controls and related activities comprising Tucson Medical Center’s Information Security Program.  Assist in the implementation of a standardized security framework and ensure that the organization moves through the capability maturity process toward increasing levels of competencies in information security. Focused on developing and driving security strategies, policies/standards, ensuring the effectiveness of solutions, and providing security-focused consultative services to the organization. Provide expertise and assistance to IT projects to ensure the organization’s infrastructure and information assets are protected.

ESSENTIAL FUNCTIONS:

Supports Information Services and Business Operations management in their efforts to identify and mitigate risks, implement necessary mitigating safeguards and controls, implement ongoing monitoring activities and countermeasures, and coordinate the multitude of activities.

Develops and delivers security awareness and compliance training programs.

Protects TMC information assets from intentional or inadvertent modification, disclosure, or destruction, and provides support for applicable legal and regulatory requirements.

Ensures monitoring and compliance tracking for the protection of information assets to business units throughout the TMC enterprise based on the organization’s information security strategy, governance guidelines, and risk assessment.

Participates as a key member of the various information security workgroups and is responsible for recommending and assisting in the development and implementation of appropriate information security policies, standards, procedures, and guidelines required to safeguard information resources.

Creates and communicates status reports following departmental standards.  Updates documentation consistently, following departmental policies and procedures.

Attends and participates in team, project, and department meetings to increase awareness and information flow.

Identifies solutions to complex business directives or implementation impediments.

Aligns work to departmental goals.

Demonstrates ongoing dedication to expanding technical and business expertise and applies new skills and knowledge to TMC situations.

Adheres to and supports team members in exhibiting TMCH values of integrity, community, compassion, and dedication. 

Adheres to TMC organizational and department-specific safety, confidentiality, values, policies, and standards.

Performs related duties as assigned.

MINIMUM QUALIFICATIONS:

EDUCATION:  Bachelor's degree or equivalent work experience in Computer Science, Information Management, or related technology field.

EXPERIENCE: Three (3) years of technology and/or information security experience, and Two (2) years of experience with network, server, or application security technologies and concepts.   One (1) year of healthcare experience preferred.

LICENSURE OR CERTIFICATION: CompTIA Security+ or other industry certifications in security and enterprise technical architecture preferred.

KNOWLEDGE, SKILLS, AND ABILITIES: 

• Knowledge of system analysis and operating systems preferably used in a hospital setting.
• Skill in assessing needs and determining the best approach through documentation.
• Skill at problem definition and data collection by establishing facts, drawing valid conclusions.
• Ability to read, analyze and interpret general business periodicals, professional journals, technical procedures, or governmental regulations.
• Ability to write reports, business correspondence, and procedure manuals.
• Ability to effectively present information and respond to inquiries or complaints from employees, managers, directors, and the general public.
• Ability to calculate figures and compute rate, ratio, and percent and to draw and interpret bar graphs; ability to apply basic algebraic concepts.
• Ability to solve practical problems and deal with a variety of concrete variables in situations where only limited standardization exists.
• Ability to interpret a variety of instructions furnished in written, oral, diagram, or schedule form.