Information Security Risk Analyst
Description:
Thanks for your interest in Children's Mercy!:
Do you envision finding a meaningful role with an inclusive and compassionate team? At Children’s Mercy, we believe in making a difference in the lives of all children and shining a light of hope to the patients and families we serve. Our employees make the difference, which is why we have been recognized by U.S. News & World Report as a top pediatric hospital, for eleven consecutive years.
Children’s Mercy is in the heart of Kansas City – a metro abounding in cultural experiences, vibrant communities and thriving businesses. This is where our patients and families live, work and play. This is a community that has embraced our hospital and we strive to say thanks by giving back. As a leader in children’s health, we engage in meaningful programs and partnerships throughout the region so that we can improve the lives of children beyond the walls of our hospital.
Overview:
The Information Security Risk Analyst is a member of the Corporate Compliance team reporting to the Privacy Officer. The Information Security Risk Analyst is responsible for assessing risk to Hospital systems and data in accordance with regulatory requirements, industry standards, accepted best practices, and CM policy. The Information Security Risk Analyst work activities include but are not limited to: (1) assisting with regulatory readiness, including but not limited to privacy rounds to identify potential privacy and security concerns (2) evaluate the implementation of information security controls within the computing environment (3) coordinates risk assessment of vendor-supported systems located at CM or hosted offsite (4) assists with security audits, privacy and security investigations, and participate in incident response efforts, and prevention of security breaches (5) acts as a resource to employees regarding the HIPAA Security Rule and Hospital expectations (6) routine review of policies related to ensuring security practices are consistent with law and standards
At Children’s Mercy, we are committed to ensuring that everyone feels welcomed within our walls. A successful candidate for this position will join us as we strive to create a workplace that reflects the community we serve, as well as our core values of kindness, curiosity, inclusion, team and integrity.
Additionally, it’s important to us that we remain transparent with all potential job candidates. Because we value the safety of the patients and families we serve, as well as the Children’s Mercy staff, we want to let you know that the seasonal influenza and COVID-19 vaccines are a condition of employment for all employees in our organization. New employees must be willing to be vaccinated if found non-immune to measles, mumps, rubella (MMR) and chicken pox (varicella) and/or without evidence of tetanus, diphtheria, acellular pertussis (Tdap) vaccination since 2005. If you are selected for this position, you will be asked to supply your immunization records as proof of vaccination. If you and have any concerns about receiving these vaccines, medical and/or religious exemptions can be further discussed with Human Resources.
Responsibilities:
Information Security Risk Assessment
Performs information security risk assessments of new systems and related processes.
Identifies gaps, vulnerabilities, or other weaknesses in the implementation of security controls, and recommends strategies to remediate risk.
Works with the Privacy Officer and other departments as applicable to formally document risks and align recommendations for remediation with industry-regarded best practices including ISO 27001/27002, NIST Special Publications, and HITRUST security framework.
Reassesses risk periodically and when major changes occur within the computing environment.
Monitoring of Information Security Controls
Executes audit reports and analysis of employee and non-employee access to the Hospital's medical record system.
Examines employee and third-party compliance or deficiencies regarding access policies.
Performs continuous monitoring to verify applicable risk factors are formally documented for each system.
Works with responsible staff to ensure issues identified through the monitoring process are addressed and corrected.
Requests and reviews compliance status of CM’s vendors and partners who are subject to GDPR, HIPAA and other applicable laws.
Maintaining Compliance
Develop privacy rounding report that outlines the items to be checked with a regulatory reference. Schedule privacy rounds to operational and administrative with the involvement of the manager of the area to accompany. Document findings, send report to the manager. Schedule unannounced return visit to validate any corrective actions are resolved.
Review of HIPAA Security policies with individuals involved in the outlined process to ensure that the process is consistent with the policy. Inconsistencies will be addressed and memorialized in the revised policy. If applicable work with the Office of General Counsel for review of the policy changes.
Privacy and Security Incident Response
Work privacy and security cases in accordance with the Corporate Compliance Department investigation and resolution policies and procedures with the established HIPAA 60 day requirement.
Effectively and professionally collaborate with other department management and Employee Relations to investigate, mitigate, and ensure appropriate corrective action has occurred prior to closing the case.
File OCR reports when indicated.
Tracks remediation activity as needed to ensure issues are addressed.
Information Security Compliance Awareness, Education and Training
Identifies staff to receive targeted information security compliance training based on issues investigated and inquiries identified.
Communicates training requirements to Education for the delivery of information security compliance training.
Verifies completion of information security compliance training.
Assists with review and maintenance of HIPAA Privacy and Security intranet website content as needed.
Qualifications:
Bachelor's Degree Information Systems, Computer Science, or related field, and 3-5 years' experience. Combination of knowledge and technical expertise in risk assessment, auditing, data analysis, vendor management, and information systems principles and controls OR
High School diploma, or equivalent, 5-7 years' experience. Years' of experience may be accepted in lieu of a Bachelor’s degree.
Certified Information Systems Security Professional
Employees must obtain Certified Information Systems Security Professional or equivalent within 365 days
Certified Information Systems Security Professional (CISSP) Required 1 Year
Starting Pay:
Our pay ranges are market competitive. The pay range for this job begins at $32.26/hr, but your salaried offer will be determined based upon your education and experience.
Remote Work/Work from Home:
This is an intermittent remote position, which means that the person hired will work with his or her manager to determine a schedule that includes both at home and on-site hours at a Children’s Mercy location. The incumbent must live in the Kansas City metro area.
EEO Employer/Disabled/Vet:
Children’s Mercy hires individuals based on their job skills, expertise and ability to maintain professional relationships with fellow employees, patients, parents and visitors. A personal interview, formal education and training, previous work experience, references and a criminal background investigation all are factors used to select the best candidates. The hospital does not discriminate against prospective or current employees based on the race, color, religion, sex, national origin, age, disability, creed, genetic information, sexual orientation, gender identity or expression, ancestry or veteran status. A drug screen will be performed upon hire. Children’s Mercy is smoke and tobacco free.
Our commitment to Diversity & Inclusion:
CM is committed to creating a diverse and inclusive workforce. Our patients and families come from all walks of life, and so do we. We know that our greatest strengths come from the people who make up our team so we hire great people from a wide variety of backgrounds, not just because it’s the right thing to do, but because it makes our hospital stronger and our patient care more compassionate.
If you share our values and our enthusiasm for service, you will find a home at CM. In recruiting for our team, we welcome the unique contributions that you can bring, including education, ideas, culture, ethnicity, race, sex, sexual orientation, gender identity and expression, national origin, age, languages spoken, veteran status, color, religion, disability and beliefs.
Permanent