Indiana University Health is unlike any other healthcare system and we're looking for team members who share the things that matter most to us. People who are inspired by challenging and meaningful work for the good of every patient. People motivated to do their best every day. People who are always ready to apply themselves. As one of Indiana's largest employers, our vision is to lead the transformation of healthcare through quality, innovation and education, and make Indiana one of the nation's healthiest states.

Cybersecurity Risk Senior Analyst

RESPONSIBILITIES:

Leads risks assessments for various cyber security scenarios utilizing both quantitative and qualitative methodologies.  Maintains control documentation for critical systems, including mappings to relevant frameworks (i.e. NIST 800-53, HIPAA Security Rule, etc.) and leads periodic control testing engagements, including quality assurance reviews.  Documents and tracks risk remediation plans and effectively communicates risk status to various levels of management.  Assist department leadership with development / maintenance of department process and procedure design / documentation.

STRONGLY PREFERRED:

Healthcare background (5+ years) Business Continuity/Disaster Recover experience 

REQUIREMENTS:

5-7 years of relevant experience is required. Requires knowledge of computer networking concepts and protocols, and network security methodologies. Requires knowledge of cybersecurity and privacy principles used to manage risks related to the use, processing, storage and transmission of information or data (relevant to confidentiality, integrity, availability, authentication, non-repudiation). Requires skill in conducting reviews of systems, assessing security systems designs and security controls based on cybersecurity principles and tenets (e.g. NIST SP 800-53, ISO 27001, etc.). Requires skill in performing impact / risk assessments (utilizing quantitative risk analysis methodologies). Requires skill and knowledge to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation). Requires demonstrated project management skills. Must have a proven track record of effective communication skills with all levels of organizational leadership.  Bachelor's Degree or equivalent years of experience is required. At least one relevant certification is required, multiple are preferred (i.e. CISA, CISM, CRISC, Security+, FAIR Fundamentals, etc.).