IT Cybersecurity Analyst

Inspired by faith. Driven by innovation. Powered by humankindness. CommonSpirit Health is building a healthier future for all through its integrated health services. As one of the nation’s largest nonprofit Catholic healthcare organizations, CommonSpirit Health delivers more than 20 million patient encounters annually through more than 2,300 clinics, care sites and 137 hospital-based locations, in addition to its home-based services and virtual care offerings. CommonSpirit has more than 157,000 employees, 45,000 nurses and 25,000 physicians and advanced practice providers across 24 states and contributes more than $4.2 billion annually in charity care, community benefits and unreimbursed government programs. Together with our patients, physicians, partners, and communities, we are creating a more just, equitable, and innovative healthcare delivery system.

*This is a Remote Opportunity

The purpose of the Cybersecurity Analyst position is to support the Governance, Risk, and Compliance program's risk assessment team for CommonSpirit. This program is responsible for cybersecurity risk and governance including vendor security risk assessments, application / software security risk assessments, and medical device security reviews.

The Cybersecurity Analyst, Risk Assessment position will report to the Manager, Governance, Risk and Compliance as part of the Risk Assessment team. The role will perform risk assessments on various solutions, with a focus on biomedical devices and internally hosted software, and communicate the risk of those solutions to our business partners and other stakeholders.

• Perform intermediate cybersecurity risk assessment tasks such as reviewing vendor questionnaire responses and supporting documentation, emailing or meeting vendor contacts as needed for follow-up, documenting findings and reports, and meeting with business owners to discuss findings, risk, and remediation steps.
• Review technical design documentation to understand the transmission of data between different endpoints and be able to identify potential risks within the design.
• Use tools such as ServiceNow to perform risk assessment duties.
• Learn and understand common control frameworks such as NIST 800-53 or CSF, CIS Security Controls, etc.
• Identify and escalate, as needed, any issues with assignment completion.
• Support and participate in development of risk assessment initiatives.
• Prepare detailed reports and documentation on security assessments, findings, and remediation efforts.
• Communicate security risks and recommendations to stakeholders, including technical and non-technical audiences.
• Identify opportunities for process improvements and share
• Perform other job duties as required

The job summary and responsibilities listed above are designed to indicate the general nature of the work performed within this job. They are not designed to contain or be interpreted as a comprehensive inventory of all job responsibilities required of employees assigned to this job. Employees may be required to perform other duties as assigned.

• Bachelors in Cybersecurity, IT, or related field Required
• 2-3 years job related experience Required
• 3-4 years job related experience Preferred
• 1 or more relevant technical/professional security certifications preferred, such as CISSP, CISA, CompTIA Security+ or CySA+ Preferred