IT Cybersecurity Sr Analyst

Inspired by faith. Driven by innovation. Powered by humankindness. CommonSpirit Health is building a healthier future for all through its integrated health services. As one of the nation’s largest nonprofit Catholic healthcare organizations, CommonSpirit Health delivers more than 20 million patient encounters annually through more than 2,300 clinics, care sites and 137 hospital-based locations, in addition to its home-based services and virtual care offerings. CommonSpirit has more than 157,000 employees, 45,000 nurses and 25,000 physicians and advanced practice providers across 24 states and contributes more than $4.2 billion annually in charity care, community benefits and unreimbursed government programs. Together with our patients, physicians, partners, and communities, we are creating a more just, equitable, and innovative healthcare delivery system.

The purpose of the Cyber Senior Analyst – Enterprise Risk & Effectiveness position is to support the Enterprise Cybersecurity Risk and Effectiveness programs.  This individual must demonstrate ability to break down complex problems, analyze data, identify patterns, and use logical reasoning to propose, develop and implement solutions.  This individual will assist in the development of the Cybersecurity Risk Program as well as lead the development and maintenance of subcomponents of the program.   This person must be confident, independent, detail oriented.  The incumbent will engage with members of the operations and leadership teams across Cybersecurity and will be responsible for aggregating all cyber risk, communicating enterprise cyber risk and supporting operational effectiveness of the GRC team.

The Cyber Senior Analyst, Cyber Enterprise Risk position will report to the System Manager, Policy & Assurance, Audit, Risk, and Effectiveness as part of the IT Audit, Risk, & Effectiveness team supporting the Cybersecurity Risk Management & Effectiveness programs for the greater CommonSpirit organization.  

• Conduct detailed data and risk analysis to identify key trends and provide actionable insights for leadership to help inform cybersecurity strategy, process maturity, and planned remediation.
• Support the management of the Cybersecurity Enterprise Risk program lifecycle, including enhancing and developing documentation, analysis, risk calculation, program enhancements, and reporting of Cybersecurity enterprise risk program.
• Collect and analyze scope of relevant projects, risk treatment data, or other cyber data to assess impact to overall cyber risk and organize meaningful information and present information and data in various risk models.
• Perform intermediate to complex qualitative and quantitative risk analysis in support of risk aggregation and Cybersecurity enterprise risk management activities.
• Provide input into strategy development and enhancements for the broader Cybersecurity enterprise risk program. 
• Manage and lead quarterly Tier 3 Risk Council and threat intelligence input sessions with stakeholders and leadership across Cyber and IT.  
• Prepare and deliver recurring quarterly cybersecurity enterprise risk reporting on an agreed upon schedule.
• Assist in development of quarterly risk reporting for the Audit and Compliance Committee of the Board and other leadership reporting as needed in support of the Cybersecurity enterprise risk program.  
• Perform data analysis using spreadsheet functionality (i.e. Excel, Google Sheets), including building formulas, use of pivot tables, charts, graphs, and other basic tools for data analysis and data visualization required.
• Perform basic to complex organizational effectiveness tasks and financial data analysis across Governance, Risk and Compliance to support GRC Budget management, support team collaboration, facilitate GRC contract management and renewals such as tracking and monitoring 
• Contract spend, invoices, & renewals
• Training and Travel requests and approvals
• Support maintenance of GRC Intranet google site, google groups, and shared drives
• Demonstrate strong knowledge of cybersecurity related control frameworks. Apply a foundational understanding of HIPAA, NIST 2.0, CIS 18, and standard cybersecurity principles.
• Able to understand, document and make recommendations for process improvements to peers and managers.
• Collaborates with internal and external stakeholders including Manager level and above across the organization.
• Perform industry research as needed.
• Perform other job duties as required.

The job summary and responsibilities listed above are designed to indicate the general nature of the work performed within this job. They are not designed to contain or be interpreted as a comprehensive inventory of all job responsibilities required of employees assigned to this job. Employees may be required to perform other duties as assigned.

Bachelors Preferred 

2 or more relevant technical/professional security certifications preferred

Soft Skills Required: 

• Strong analytical and data analysis skills including the ability to collect, process, interpret, and visualize data to find meaningful insights, answer specific questions, and support decision-making. 
• Strong critical thinking, problem-solving and presentation skills with attention to detail.
• Excellent communication skills, both written and verbal, with the ability to effectively communicate with peers across Cyber, IT, vendors, and leadership and convey complex concepts to non-technical stakeholders at all levels of the organization.
• Ability to work independently and manage multiple tasks effectively.
• Strong organizational skills and the ability to prioritize tasks, follow, establish, and document processes.
• Ability to work collaboratively in a team environment with internal and external stakeholders.
• Ability to execute tasks with minimal supervision. 
• Knowledge of Cybersecurity principles and key controls required.
• Knowledge of Google Suite and Service Management preferred.