CommonSpirit Health Privacy Info Security Analyst II in ENGLEWOOD, Colorado
CommonSpirit Health was formed by the alignment of Catholic Health Initiatives (CHI) and Dignity Health. With more than 700 care sites across the U.S. & from clinics and hospitals to home-based care and virtual care services CommonSpirit is accessible to nearly one out of every four U.S. residents. Our world needs compassion like never before. Our communities need caring and our families need protection. With our combined resources CommonSpirit is committed to building healthy communities advocating for those who are poor and vulnerable and innovating how and where healing can happen both inside our hospitals and out in the community.
The Corporate Responsibility (CRP) Privacy and Information Security Analyst II will contribute to the organization’s mission and vision by assisting the Manager CRP, Information Security Oversight and other CRP Analysts with the development and monitoring of the organization-wide CRP Information Security program. This individual will monitor, research, and respond to inappropriate leakage and use of confidential information. This position will focus on Data Loss Prevention in key threat vectors including: email, end points, and confidential data storage.
The CRP Privacy and Information Security Analyst II performs risk assessments and reviews to identify key corporate information security and privacy risks that affect the confidentiality, integrity and availability of electronic protected health information and other company confidential data. This individual conducts reviews of existing systems and technical processes to evaluate whether appropriate information security controls exist.
The CRP Privacy and Information Security II position requires a good understanding of the CommonSpirit enterprise and market level business, information security and privacy practices, and information protection/security applications at the application, endpoint, server, and network infrastructure level.
This position works closely with Information Security Officers, Privacy Officers and Officials, IT Cybersecurity personnel, ITS application and network personnel at all levels of the organization. This position requires excellent verbal and written communication skills.
The CRP Privacy and Information Security Analyst II performs independent reviews of privacy events using Fairwarning and other DLP applications to identify potential inappropriate and unauthorized access and use of medical and confidential records. The review process for this position includes all relevant detection, prevention, education, and correction activities.
Works closely with Fairwarning MSP to ensure application administrative and support functions are performed to a high standard. Maintains monitoring controls, troubleshoots issues, and reviews utilization of the Fairwarning application by Junior Analysts and MSP staff to ensure timely review and resolution of all privacy events.
Provides Tier I and Tier II support to the CommonSpirit Data Leakage Prevention (DLP) and Information Governance (IG) Program. Monitors and resolves incidents involving confidential information within defined Service Level Agreements. Under guidance from Manager, CRP Information Security Oversight and Senior Analysts, conducts investigations and reports on inappropriate use of CommonSpirit confidential information.
Exercises judgment within defined practices and policies in engaging and providing guidance to end users, business teams and Division Information Security Officers and Division Privacy Officers regarding moderately to highly complex DLP and IG issues.
Prepares reports and metrics on key aspects of DLP and IG program including data in use, data in transit, and data at rest. Provides Manager, CRP Information Security Oversight with process improvements and program enhancements and, under direction, develops and documents new workflows.
Monitors and analyzes information from multiple applications/resources to identify information privacy and security risks and compliance gaps as related to the protection of confidential information. Prepares actionable recommendations and works with Cybersecurity, ITS, and business teams to remediate identified risks and ensure compliance with CommonSpirit policies and standards.
Works as an intermediary with Cybersecurity and ITS teams in identifying and prioritizing remediation of information security risks and compliance gaps.
Under guidance of Manager CRP, Information Security Oversight and Senior Analysts, conducts privacy, information security reviews, and risk assessments/compliance reviews for major programs in coordination with ITS, Cybersecurity, and other functional groups.
Under guidance of Manager CRP, Information Security Oversight and Senior Analysts, performs assessments of current security technology, authentication systems, and data loss prevention tools and evaluates against HIPAA, Federal and State Information Protection and Privacy regulations, CommonSpirit Cybersecurity policies/standards, and other relevant regulations pertaining to the protection of confidential information.
Benefits Include: Benefits include Medical, Dental, Vision, Paid Time Off, Holidays, Retirement Program, Disability Plans, Tuition Reimbursement, Adoption Assistance, Employee Assistance Program (EAP), Discount Programs, Life Insurance Plans, Worker Compensation, Dress for Your Day Policy, Voluntary Benefits.
Compensation Range: $30.62 to $39.80, hourly rates, annualized.
Bachelor of Science degree in computer science with emphasis on information security or in a related technical field or equivalent work experience.
Certified Information Systems Security Professional (CISSP) or Certified Information Systems Auditor (CISA), required. May substitute an equivalent combination of education or experience.
Minimum of two (2) years’ experience in supporting an enterprise Electronic Health Records (EHR) application such as EPIC, eClinicalWorks, Cerner, Meditech. OR Minimum of two (2) years’ experience with FairWarning, Sentinel P2, Protenus and/or Data Loss Prevention software in an enterprise environment.
Experience in systems security with certification, maintenance and use of security products in a distributed Microsoft Windows enterprise environment.
Certified Healthcare Privacy Compliance (CHPC), Registered Health Information Administrator (RHIA), or Registered Health Information Technician (RHIT) certifications are strongly desired.
Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), or Certified Information Privacy Professional (CIPP) certifications are a plus/
Experience in healthcare compliance, auditing, data analysis, data science, or related field is favorable.
Connect With Us!
Not ready to apply, or can't find a relevant opportunity?
Join one of our Talent Communities (https://careers-commonspirit.icims.com/connect?back=intro&in_iframe=1&hashed=-435626305) to learn more about a career at CommonSpirit Health and experience #humankindness.
CommonSpirit Health participates in E-verify.
Requisition ID 2021-160964
Employment Type Full Time
Department Corporate Compliance
Hours / Pay Period 80
Standard Hours Monday - Friday 8am-5pm
Facility / Process Level : Name CommonSpirit Health
Equal Opportunity CommonSpirit Health™ is an Equal Opportunity/ Affirmative Action employer committed to a diverse and inclusive workforce. All qualified applicants will be considered for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, marital status, parental status, ancestry, veteran status, genetic information, or any other characteristic protected by law.