Job Description

M Health Care

JOB TITLE: HEALTH INFORMATION SECURITY ANALYST

SUPERSEDES: 08/18, 01/19

FLSA: EXEMPT

JOB CODE: 2505h

ISSUED: 08/2018

REVISED: 02/2022

BASIC FUNCTION AND RESPONSIBILITY

Responsible for assisting in the development, implementation, and monitoring of tools and processes that protect the confidentiality, integrity, and availability of all MU Health information technology (IT) systems and infrastructure. Maintain compliance with all relevant laws and policies.

ESSENTIAL FUNCTIONS

Work within the framework of established security and compliance policies and procedures. Review and recommend changes to policies, procedures, and standards as assigned, including regulatory, security framework, and best practice gap analysis. Maintain the policy development queue. Coordinate interdepartmental review of policies. Monitor compliance with relevant information security policies, laws, and standards. Identify areas for improvement and recommend changes.

Develop and deliver information security and HIPAA compliance training to all MU Health employees.

Review and analyze vulnerability scans of MU Health Information Systems, including vendors. Provide recommendations for vulnerability remediation. Maintain informed awareness of security compromises through all stages; means of entry, effects on systems, plan for prevention, and preparation for recovery.

Assist in maintaining the risk register to track current and emerging risks. Perform information security, vendor, and third party software risk evaluations. Participate in MU Health Information Security Corrective Action Plans and remediation efforts. Maintain vendor, solution, and data inventories. Audit and maintain documentation related to evaluations, assessments, and remediation efforts.

Assist in the coordination and testing against adopted security control framework on MU Health information systems, identifying gaps and documenting corrective actions until control-failures are mitigated.

May complete unit/department specific duties as outlined in department documents.

KNOWLEDGE, SKILLS, AND ABILITIES Knowledge of healthcare information and systems.

Knowledge of the HIPAA Security Rule.

Understanding of information security practices for the network, servers, databases, applications, and advanced use of information security assessment and risk management techniques.

Experience in vulnerability management.

Experience monitoring data loss and prevention solutions.

Experience in IT auditing or IT risk governance/ compliance.

SUPERVISION RECEIVED

General direction is received from the Information Security Officer or assigned personnel.

SUPERVISION EXERCISED

None

REQUIRED QUALIFICATIONS:

Degree/Diploma Obtained

Program of Study

Required/Preferred

Bachelor's degree in computer science, information technology, information security, or related area, or an equivalent combination of education and experience from which comparable knowledge, skills and abilities can be acquired.

Two (2) years of experience in information technology.

One of the following certifications within one (1) year as a condition of continued employment in this job classification.

  • --Security+ by CompTIA

  • --Network+ by CompTIA

  • --Certified in Healthcare Privacy and Security (CHPS) by AHIMA

  • --GIAC Information Security Fundamentals (GISF) by GIAC

  • --Systems Security Certified Practitioner (SSCP) by ISC2

  • --or equivalent certification.

PREFERRED QUALIFICATIONS

Additional license/certification requirements as determined by the hiring department.

PHYSICAL DEMANDS

The physical demands described here are representative of those that must be met with or without reasonable accommodation. The performance of these physical demands is an essential function of the job. The employee may be required ambulate, remain in a stationary position and position self to reach and/or move objects above the shoulders and below the knees. The employee may be required to move objects up to 10 lbs.

PERFORMANCE EXPECTATIONS

This job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee for this job; however, completion of these duties is a measure of successful performance. Employees of this job classification are subject to performance reviews. Basic function, responsibilities and characteristics duties may change at any time with or without notice.

SAFETY SENSITIVE STATUS

This position is considered safety sensitive.

This document is a general description of typical job duties, responsibilities and qualifications of employees holding the associated job title. Additional duties, specific qualifications and work emphasis may vary between individual positions.