Job details

Security Analyst, GRC - job 1 of 2

Company Description

At Northwestern Medicine, every patient interaction makes a difference in cultivating a positive workplace. This patient-first approach is what sets us apart as a leader in the healthcare industry. As an integral part of our team, you'll have the opportunity to join our quest for better healthcare, no matter where you work within the Northwestern Medicine system. At Northwestern Medicine, we pride ourselves on providing competitive benefits: from tuition reimbursement and loan forgiveness to 401(k) matching and lifecycle benefits, we take care of our employees. Ready to join our quest for better?

Job Description

The Security Analyst reflects the mission, vision, and values of NM, adheres to the organizations Code of Ethics and Corporate Compliance Program, and complies with all relevant policies, procedures, guidelines and all other regulatory and accreditation standards.

Responsibilities:

Perform third party risk management including cybersecurity risk assessments to ensure third party partners meet NM requirements.

· Collaborate with third party partners and internal departments to ensure NM security requirements are being adhered to.

· Examine third party contracts to ensure the accuracy of cybersecurity language and provisions.

· Perform annual third party partner cybersecurity assessments and create accompanying reports and audits.

· Participate in HIPAA, PCI and security assessments.

· Analyze archectual diagrams and recommend security measures to safeguard valuable information assets including third party solution diagrams.

· Perform risk assessments on cloud services, applications, servers, mobile devices, medical devices and IT resources.

· Perform annul security policy reviews to keep policies up to date with the changing technologoies and services.

· Follow up with IS teams to ensure risk assessments are updated in the GRC tracking tool.

· Perform daily operational tasks required for the department to protect NM’s assets. Tasks range from (but are not limited to):

o Respond to daily security tickets / requests

o On call rotation

· AA/EOE.

COMPETENCIES / PERFORMANCE EXPECTATIONS

Third party risk management proficiency

·Famaliarity of HIPAA Security and Privacy Rules

·Understanding of cybersecurity contract language

·Security operations experience

PCI

QUA

Qualifications

Required:

Bachelors degree or equivalent work experience
Two or more years of professional IT experience, including Cyber Security
Working knowledge of the following subjects:
- Network (protocols, topologies)
- Security controls (proxies, IPS, IDS, Firewall and packet analyzers)
- Systems (Windows, Linux/UNIX)
- Software development (development / scripting langages)
- Incident Response
- Threat and Vulnerability Management
Experience and knowledge of at least two of the major security vendors relevant to the position.
Working knowledge of Security Standards/Controls specified under various IT governance and compliance models (NIST, HIPAA, PCI, ISO 27001&27002, ITIL).
Excellent problem solving skills
Demonstrated timely task completion involving solid organizational skills, task tracking, follow-up, and productive peer interaction.
Excellent verbal and written communication skills.

Preferred:

Certification or courses: Associate of (ISC)/CISSP, GSEC, GCWN, GCED or CEH a plus

Additional Information

Northwestern Medicine is an affirmative action/equal opportunity employer and does not discriminate in hiring or employment on the basis of age, sex, race, color, religion, national origin, gender identity, veteran status, disability, sexual orientation or any other protected status.

Average salary estimate

$80000 / YEARLY (est.)

min

max

$70000K

$90000K

If an employer mentions a salary or salary range on their job, we display it as an "Employer Estimate". If a job has no salary data, Rise displays an estimate if available.

What You Should Know About Security Analyst, GRC, Northwestern Memorial Healthcare

At Northwestern Medicine, we’re on a mission to cultivate a positive workplace through excellent patient interactions, and we're excited to announce an opportunity for a Security Analyst in the GRC team! This vital role not only reflects our values and commitment to ethical practices but also provides the chance to make a difference in healthcare security. As a Security Analyst, your focus will be on third-party risk management, performing detailed cybersecurity risk assessments to ensure our partners align with Northwestern Medicine's high standards. You’ll collaborate closely with various internal departments and external partners, ensuring that cybersecurity requirements are met and effectively communicated. Enjoy the challenge of reviewing contracts, analyzing architectural diagrams, and conducting thorough assessments of our diverse IT resources, from cloud services to medical devices. You’ll also stay on top of evolving technologies by performing annual policy reviews and operational tasks to protect our assets. If you have a knack for problem-solving, a solid grounding in cybersecurity, and a willingness to engage with our teams, this could be your next rewarding career step. Join us in our quest for better healthcare and make a lasting impact at Northwestern Medicine!

Frequently Asked Questions (FAQs) for Security Analyst, GRC Role at Northwestern Memorial Healthcare

What are the main responsibilities of a Security Analyst at Northwestern Medicine?

As a Security Analyst at Northwestern Medicine, your core responsibilities include performing third-party risk management through comprehensive cybersecurity risk assessments. You'll collaborate with internal departments and external partners to ensure compliance with security requirements. Additional tasks involve scrutinizing third-party contracts for cybersecurity provisions, conducting annual cybersecurity assessments, and analyzing architectural diagrams to recommend security measures.