Information Security Risk Assessment Team Lead - Remote Option

Dignity Health

Dignity Health, one of the nation's largest health care systems, is a 22-state network of more than 9,000 physicians, 63,000 employees, and 400 care centers, including hospitals, urgent and occupational care, imaging and surgery centers, home health, and primary care clinics. Headquartered in San Francisco, Dignity Health is dedicated to providing compassionate, high-quality, and affordable patient-centered care with special attention to the poor and underserved. In FY17, Dignity Health provided $2.6 billion in charitable care and community services. For more information, please visit our website at . You can also follow us on Twitter and Facebook.

Position Summary:

Follows established process for common requests and issues. Determines course of action on uncommon/unique requests.
Performs complex tasks related to Security Risk Management processes.
May act as an escalation point for other InfoSec Analysts.
May include team-lead responsibilities.
Provide leadership and subject matter expertise across the Governance, Risk and Compliance (GRC) organization and to business and clinical stakeholders in areas including HIPAA, PCI, NIST Cybersecurity framework and Dignity Health policies and standards.
Works with key stakeholders to support Governance, Risk and Compliance (GRC) initiatives across the enterprise.
Support and improve information security governance, risk and control framework by conducting testing and internal control reviews and heavy emphasis on risk assessments.
Completes assigned responsibilities within service level objectives as assigned by management.
Provides consultation and guidance to Dignity Health business partners to ensure initiatives and projects are implemented in a compliant manner.

Provides assistance and support as requested to Security Engineering, IDM Engineering, Network Engineering, Security Risk Management and/or Information Security Ops.
Proactively identifies and escalates incidents as well as operational performance concerns.
Manage workload, prioritizing tasks and documenting time, and other duties as directed by management.
Assists in Continual Service Improvement efforts by identifying opportunities for process improvement. Drives some process improvement efforts.
Pursue continuing education to grow and maintain knowledge of best practices, compliance requirements, and threats and trends in the information security, translating into operational action items, policies, procedures, standards and guidelines as part of the IT Security team
Act as a security advocate for IT operations team's adherence to Dignity Health policies and industry best practices.
Participate in the collection and documentation of departmental knowledge artifacts, participant in the development and population of knowledge management and collaboration systems for the IT Security team.
Communicates technical information to team members and across the IT Organization and all management levels.
Assists Management in identifying knowledge gaps and providing training to Analysts and Technicians in the IT Security Organization.
Leads development of training material
Acts as Lead for other InfoSec Analysts.


Minimum Qualifications: - Bachelors Degree in Computer Science, Information Security, Information Systems, or related field, or equivalent professional experience required. - Two or more relevant technical/professional security certifications (such as: COMP-TIA Network+ , Security+, SANS GIAC, CISSP, CRISC, CISA, or vendor-specific) required. - 6-10 years of professional experience in leading Cybersecurity risk assessment and management functions - 4+ years experience in related job area (information security, identity/access management, IT Audit, forensics/eDiscovery) required. - 3-5 years in risk assessments associated with 3rd and 4th party external entities - 1-2 years in management or mentoring of Cybersecurity staff - Experience in reviewing and revising cybersecurity content relative to contracts and statements of work - Experience in Windows Office (Work, Excel, etc.) required. - Advanced knowledge of HIPAA Privacy and Security Rules. - Strong research, analysis and problem-solving skills required. - Strong verbal and written communication skills. - Ability to understand laws, regulations, policies, and standards and apply them to unique situations. Preferred Qualifications: - 4+ years experience in programing or system/network operations and administration preferred. - Experience in UNIX/Linux OS and/or Cisco IOS preferred. - Functional understanding of regulatory and compliance mandates, including but not limited to HIPAA, HITECH, PCI, Sarbanes-Oxley preferred. - Strong knowledge of healthcare environments preferred. - Experience in the Health Care industry and HIPAA desired - Experience with NIST Risk Management Framework, NIST Cybersecurity Framework desired - Experience using RSAM GRC products is considered a plus - Certified Risk and Information Systems Control (CRISC) or GRC Professional (GRCP) is considered a plus - 1-2 years project management for minor projects experience preferred - 3-5 years experience in Cybersecurity Governance, Risk, and/or Compliance in the healthcare/medical environment preferred - 3-5 years of audit, compliance, analytics, research, or legal in an industry outside of healthcare will be considered - some experience leading small teams is helpful. Travel Required: - Travel may be required up to 10% during the normal course of business but may be required to travel more frequently during certain events.

View this job on