IT Cybersecurity Sr Analyst

Inspired by faith. Driven by innovation. Powered by humankindness. CommonSpirit Health is building a healthier future for all through its integrated health services. As one of the nation’s largest nonprofit Catholic healthcare organizations, CommonSpirit Health delivers more than 20 million patient encounters annually through more than 2,300 clinics, care sites and 137 hospital-based locations, in addition to its home-based services and virtual care offerings. CommonSpirit has more than 157,000 employees, 45,000 nurses and 25,000 physicians and advanced practice providers across 24 states and contributes more than $4.2 billion annually in charity care, community benefits and unreimbursed government programs. Together with our patients, physicians, partners, and communities, we are creating a more just, equitable, and innovative healthcare delivery system.

*This is a remote opportunity

CommonSpirit Health is seeking a highly motivated Cybersecurity Senior Analyst to join other Analysts and Engineers in the pursuit of actionable cyber risk throughout the organization. 

As a Senior Analyst within the Cybersecurity Risk Treatment team, you will be empowered to participate in, facilitate, and support the Governance, Risk, and Compliance Integrated Risk Management program. You will help facilitate active governance processes to ensure that treatment of identified cybersecurity risk is performed as planned. 

The Integrated Risk Management program within Cybersecurity is grounded in the proactive detection of cyber risk. Once a cyber risk to the organization has been identified, collaborative development of action plans and timelines ensure that key stakeholders are involved and can act quickly to protect the organization. You will collaborate with leaders throughout the organization. You will foster relationships with key business partners, internal technology and cybersecurity teams, and external vendors to leverage technology, enabling detection of cyber risk. You will remain knowledgeable about security issues, vulnerabilities, regulatory, legal, and security policies and standards that may impact information security. 

The Cybersecurity Senior Analyst, Cyber Risk Treatment position will report to the Cybersecurity Manager, Cyber Risk Treatment, within the Governance, Risk and Compliance Department.

• Provides assistance and support of medium to high complexity tasks as requested to Cyber Risk Treatment and/or other Cybersecurity and IT teams
• Participates and/or leads in Discovery, Intake, Quality Assurance of Data, Triage, and Governance activities within the space of the Integrated Risk Management program as well as strategy design and other initiatives
• Manages workload, prioritizing tasks and documenting time, and other duties as directed by management, as well as assisting other team members
• Assists in Continual Service Improvement efforts by identifying opportunities for process improvement
• Leads Root Cause Analysis activities as it pertains to cyber risk findings
• Pursuit of continuing education to grow and maintain knowledge of best practices, compliance requirements, threats, and trends in information security, translating into operational action items, policies, procedures, standards and guidelines
• Acts as a security advocate for adherence to CommonSpirit Health policies and industry best practices
• Identifies and drives opportunities for process improvement
• May act as an escalation point for others
• Leads and/or participates in the collection and documentation of departmental knowledge artifacts, leads and/or participates in the population of knowledge management and collaboration systems for the Cybersecurity department
• Communicates technical information and acts as a mentor for other team members

The job summary and responsibilities listed above are designed to indicate the general nature of the work performed within this job. They are not designed to contain or be interpreted as a comprehensive inventory of all job responsibilities required of employees assigned to this job. Employees may be required to perform other duties as assigned

• 4-5 years job related experience required
• 2 or more relevant technical/professional security certifications preferred (such as: COMP-TIA Network+, Security+, SANS GIAC, CISSP, CRISC, CISA, or vendor-specific).
• 5+ years job related experience preferred
• Demonstrated ability to effectively communicate and present complex technical information to a broad audience and make recommendations with justification to leadership.
• Proven investigative and problem solving, critical thinking, root-cause analysis, and business risk analysis skills.
• Experience in the healthcare industry or critical infrastructure preferred.