Health Information Security Analyst

HEALTH INFORMATION SECURITY ANALYST

• 23001589

Shift: Monday – Friday, 8:00AM – 5:00PM

Location: Columbia, MO

Department: IT Administration

Salary Range: $68,266 - $111,426

Job Summary:

Responsible for assisting in the development, implementation, and monitoring of tools and processes that protect the confidentiality, integrity, and availability of all MU Health information technology (IT) systems and infrastructure. Maintain compliance with all relevant laws and policies.

:

Work within the framework of established security and compliance policies and procedures. Review and recommend changes to policies, procedures, and standards as assigned, including regulatory, security framework, and best practice gap analysis. Maintain the policy development queue. Coordinate interdepartmental review of policies. Monitor compliance with relevant information security policies, laws, and standards. Identify areas for improvement and recommend changes.

Develop and deliver information security and HIPAA compliance training to all MU Health employees.

Review and analyze vulnerability scans of MU Health Information Systems, including vendors. Provide recommendations for vulnerability remediation. Maintain informed awareness of security compromises through all stages; means of entry, effects on systems, plan for prevention, and preparation for recovery.

Assist in maintaining the risk register to track current and emerging risks. Perform information security, vendor, and third party software risk evaluations. Participate in MU Health Information Security Corrective Action Plans and remediation efforts. Maintain vendor, solution, and data inventories. Audit and maintain documentation related to evaluations, assessments, and remediation efforts.

Assist in the coordination and testing against adopted security control framework on MU Health information systems, identifying gaps and documenting corrective actions until control-failures are mitigated. May complete unit/department specific duties as outlined in department documents.

KNOWLEDGE, SKILLS, AND ABILITIES

Knowledge of healthcare information and systems.

Knowledge of the HIPAA Security Rule.

Understanding of information security practices for the network, servers, databases, applications, and advanced use of information security assessment and risk management techniques.

Experience in vulnerability management.

Experience monitoring data loss and prevention solutions.

Experience in IT auditing or IT risk governance/ compliance.

Bachelor’s degree in computer science, information technology, information security, or related area, or an equivalent combination of education and experience from which comparable knowledge, skills and abilities can be acquired.

Two (2) years of experience in information technology.

One of the following certifications within one (1) year as a condition of continued employment in this job classification.

• -Security+ by CompTIA

• -Network+ by CompTIA

• -Certified in Healthcare Privacy and Security (CHPS) by AHIMA

• -GIAC Information Security Fundamentals (GISF) by GIAC

• -Systems Security Certified Practitioner (SSCP) by ISC2

• -or equivalent certification.