REMOTE - Third Party Senior Risk Analyst
Trinity Health
Livonia Michigan
United States
Customer Service / Call Center
(No Timezone Provided)
Ability to work 100% Remote
Provides information security risk knowledge and serves as a specialist to identify, prioritize, and collaboratively mitigate cyber risk enterprise-wide. Candidate maintains the ability to be an analytical thinker, collaborative team player, an effective, dynamic communicator, and able to bridge the gap between business demands and cybersecurity requirements. Responsible for the following:
- Plan, coordinate and oversee security risk assessments for information systems and third parties
- Design and compose reports, assessments, and other documents to provide decision support on information security risks and controls for executives, system owners and management
- Aid the team in assessing the likelihood and impact of adverse events and recommend effective controls and mitigations to management
- Research, analyze and report on the cybersecurity risk of doing business with third parties
- Manage and facilitate the response and mitigation of third party security incidents
- Support the continuous improvement and implementation of Information Security Policies, Standards, Processes, and Procedures
- Contribute to the enhancement and implementation of the information security risks & controls library
- Design, implement and manage control assessments to determine if cybersecurity controls are effective and in compliance with applicable requirements
- Establish and implement effective security awareness practices across the System, including training, phishing, and communications.
- Keep pace with emerging technology, cyber threats, and industry trends around cybersecurity.
- Assists and supports the Enterprise Information Security (EIS) Managers, Directors and Health Ministry (HM) Information Security Managers in ensuring all projects and services meet Trinity Health Information Security and regulatory standards while delivering business requirements.
- ESSENTIAL FUNCTIONS
Knows, understands, incorporates and demonstrates the Trinity Health Mission, Vision and Values in behaviors, practices and decisions. Develops designs and operates one or more information security domains. Provides technical consultation and assistance in identifying, evaluating and documenting use of systems and other related services to ensure compliance with EIS policies. Resolves complex security issues, and mitigates threats and vulnerabilities across an Information Security service. Reviews various system and technical documents and applies security templates. Defines security configuration and operational standards for security systems and applications. Interacts with multiple vendors to ensure a cohesive client-vendor relationship that maintains and upholds services in the best interest of Trinity Health. Provides guidance and direction on enterprise security procedures, security technology, and security design work; works with business stakeholders to define Information Security processes. Works collaboratively with other security professionals and Security Managers to standardize information security industry best practices. Contributes to the creation of department procedures, standards and documentation for all information security services. Utilizes excellent verbal and written communication skills. Participates in the creation of annual objectives and tactical plans. Responsible for the prioritization of Infrastructure investments and maintenance involving IT security. Represents the EIS Director, when applicable, on EIS matters as well as serve as EIS liaison with MO Security and Privacy Officials. Participates in the development and promotion of Information Security information for general awareness. Participates in site-specific meetings. Participates in the creation of the development and implementation of annual objectives and tactical plans to achieve strategic planning initiatives. Monitors or enforces security policies, procedures and standards to ensure conformance with TIS objectives. Ensures all projects and services meet Trinity Health Information security and regulatory standards, policies and procedures while delivering business requirements. Maintains a working knowledge of applicable Federal, State and local laws/regulations; the Trinity Health Integrity and Compliance Program and Code of Conduct; as well as other policies and procedures in order to ensure adherence in a manner that reflects honest, ethical and professional behavior.
MINIMUM QUALIFICATIONS
Bachelor's degree or an equivalent combination of education and experience.
Minimum of five (5) years of progressive experience in information services including three (3) years in information security, including experience in compliance with federal and state security regulations.
Certified Information Systems Security Professional (CISSP), International Social Security Association (ISSA), Certified Information Systems Auditor (CISA) or equivalent required.
Must possess a good understanding of enterprise security best practices relating to implementing and managing enterprise security solutions.
Working knowledge of HIPAA, ISO 27001/2, FISMA, FIPS, and NIST security.
Experience with administrative and technical assessments as well as enforcing organizational compliance.
Must be team oriented, supportive, and committed to excellence and possess high level of initiative and self-motivation with demonstrated work ethic.
Must be committed to continual personal and professional growth, possess a pro-active approach with a willingness to "go the extra mile" every time for the customer.
Ability to work under general direction, manage multiple priorities and to effectively adapt to rapidly changing technology and business needs with demonstrated ability to prioritize projects and work load.
A personal presence which is characterized by a sense of honesty, integrity and caring with the ability to inspire and motivate others to promote the philosophy, mission, vision, goals and values of Trinity Health.
PHYSICAL AND MENTAL REQUIREMENTS AND WORKING CONDITIONS
Must be able to adapt to frequently changing work priorities, and be able to prioritize and balance the requirements of working with multiple members of the Enterprise Information Security team.
Must be able to communicate frequently, in person and over the phone, with people in a number of different locations on technical issues.
Manual dexterity is needed in order to operate a keyboard. Hearing is needed for extensive telephone and in person communication.
Must be able to travel to the various Trinity Health sites (25%).
The above statements are intended to describe the general nature and level of work being performed by persons assigned to this classification. They are not to be construed as an exhaustive list of duties so assigned.
REMOTE - Third Party Senior Risk Analyst
Trinity Health
Livonia Michigan
United States
Customer Service / Call Center
(No Timezone Provided)
Ability to work 100% Remote
Provides information security risk knowledge and serves as a specialist to identify, prioritize, and collaboratively mitigate cyber risk enterprise-wide. Candidate maintains the ability to be an analytical thinker, collaborative team player, an effective, dynamic communicator, and able to bridge the gap between business demands and cybersecurity requirements. Responsible for the following:
- Plan, coordinate and oversee security risk assessments for information systems and third parties
- Design and compose reports, assessments, and other documents to provide decision support on information security risks and controls for executives, system owners and management
- Aid the team in assessing the likelihood and impact of adverse events and recommend effective controls and mitigations to management
- Research, analyze and report on the cybersecurity risk of doing business with third parties
- Manage and facilitate the response and mitigation of third party security incidents
- Support the continuous improvement and implementation of Information Security Policies, Standards, Processes, and Procedures
- Contribute to the enhancement and implementation of the information security risks & controls library
- Design, implement and manage control assessments to determine if cybersecurity controls are effective and in compliance with applicable requirements
- Establish and implement effective security awareness practices across the System, including training, phishing, and communications.
- Keep pace with emerging technology, cyber threats, and industry trends around cybersecurity.
- Assists and supports the Enterprise Information Security (EIS) Managers, Directors and Health Ministry (HM) Information Security Managers in ensuring all projects and services meet Trinity Health Information Security and regulatory standards while delivering business requirements.
- ESSENTIAL FUNCTIONS
Knows, understands, incorporates and demonstrates the Trinity Health Mission, Vision and Values in behaviors, practices and decisions. Develops designs and operates one or more information security domains. Provides technical consultation and assistance in identifying, evaluating and documenting use of systems and other related services to ensure compliance with EIS policies. Resolves complex security issues, and mitigates threats and vulnerabilities across an Information Security service. Reviews various system and technical documents and applies security templates. Defines security configuration and operational standards for security systems and applications. Interacts with multiple vendors to ensure a cohesive client-vendor relationship that maintains and upholds services in the best interest of Trinity Health. Provides guidance and direction on enterprise security procedures, security technology, and security design work; works with business stakeholders to define Information Security processes. Works collaboratively with other security professionals and Security Managers to standardize information security industry best practices. Contributes to the creation of department procedures, standards and documentation for all information security services. Utilizes excellent verbal and written communication skills. Participates in the creation of annual objectives and tactical plans. Responsible for the prioritization of Infrastructure investments and maintenance involving IT security. Represents the EIS Director, when applicable, on EIS matters as well as serve as EIS liaison with MO Security and Privacy Officials. Participates in the development and promotion of Information Security information for general awareness. Participates in site-specific meetings. Participates in the creation of the development and implementation of annual objectives and tactical plans to achieve strategic planning initiatives. Monitors or enforces security policies, procedures and standards to ensure conformance with TIS objectives. Ensures all projects and services meet Trinity Health Information security and regulatory standards, policies and procedures while delivering business requirements. Maintains a working knowledge of applicable Federal, State and local laws/regulations; the Trinity Health Integrity and Compliance Program and Code of Conduct; as well as other policies and procedures in order to ensure adherence in a manner that reflects honest, ethical and professional behavior.
MINIMUM QUALIFICATIONS
Bachelor's degree or an equivalent combination of education and experience.
Minimum of five (5) years of progressive experience in information services including three (3) years in information security, including experience in compliance with federal and state security regulations.
Certified Information Systems Security Professional (CISSP), International Social Security Association (ISSA), Certified Information Systems Auditor (CISA) or equivalent required.
Must possess a good understanding of enterprise security best practices relating to implementing and managing enterprise security solutions.
Working knowledge of HIPAA, ISO 27001/2, FISMA, FIPS, and NIST security.
Experience with administrative and technical assessments as well as enforcing organizational compliance.
Must be team oriented, supportive, and committed to excellence and possess high level of initiative and self-motivation with demonstrated work ethic.
Must be committed to continual personal and professional growth, possess a pro-active approach with a willingness to "go the extra mile" every time for the customer.
Ability to work under general direction, manage multiple priorities and to effectively adapt to rapidly changing technology and business needs with demonstrated ability to prioritize projects and work load.
A personal presence which is characterized by a sense of honesty, integrity and caring with the ability to inspire and motivate others to promote the philosophy, mission, vision, goals and values of Trinity Health.
PHYSICAL AND MENTAL REQUIREMENTS AND WORKING CONDITIONS
Must be able to adapt to frequently changing work priorities, and be able to prioritize and balance the requirements of working with multiple members of the Enterprise Information Security team.
Must be able to communicate frequently, in person and over the phone, with people in a number of different locations on technical issues.
Manual dexterity is needed in order to operate a keyboard. Hearing is needed for extensive telephone and in person communication.
Must be able to travel to the various Trinity Health sites (25%).
The above statements are intended to describe the general nature and level of work being performed by persons assigned to this classification. They are not to be construed as an exhaustive list of duties so assigned.