Sr Technology Risk Analyst - Remote

Join the transformative team at City of Hope, where we're changing lives and making a real difference in the fight against cancer, diabetes, and other life-threatening illnesses. City of Hope's growing national system includes its Los Angeles campus, a network of clinical care locations across Southern California, a new cancer center in Orange County, California, and treatment facilities in Atlanta, Chicago and Phoenix. Our dedicated and compassionate employees are driven by a common mission: To deliver the cures of tomorrow to the people who need them today.

This is a Fully Remote Opportunity within the United States

As a successful candidate, you will:

The Senior Technology Risk Analyst supports the CISO leading the evolution of the confidentiality, integrity, and availability of the information assets related to City of Hope business and information systems. The incumbent in this role acts as an expert in the development of the information security program by contributing to the development of an enterprise-wide security risk program, policies and standards, vulnerability life-cycle management and remediation, evaluation of new security technologies, and contributes to security incident and event management. The incumbent provides administrative support as well as supports and assists with coordination and implementation of all process and technical aspects of the Information Security Program.

• Develop, publish, risk analysis and assessment protocols for information security risk management purposes.

• Works with Info Sec staff and business and technical teams to implement risk-related activities including accessing, planning, testing, reporting and recommending appropriate remediation measures.

• Perform information security evaluations for information technology projects to ensure compliance with policies and regulatory requirements.

• Serves as the first point of contact for information security reviews and risk assessments pertaining to contracts with City of Hope (COH) business units and vendors.

• Conduct periodic self-assessments and gap analysis related to information security controls and manage the remediation to correct the gaps.

• Participate in verifying network, wireless and firewall security systems by conducting reviews and policy assessments.

• Validates HIPAA Security Rule requirements for administrative, physical and technical security safeguards have been established for potential and existing business partners using assessment questionnaire responses, policy and procedure review, vendor interviews and other relevant support documentation.

• Ensures compliance to regulations, business requirements and City of Hope policies, standards, and procedures.

• Creates Executive Summary reports for each completed assessment highlighting important safeguards, identifying potential risk areas, and deriving an overall risk rating for the vendor relationship.

• Monitor risk mitigation and coordination of policies, standards and controls with the ISO and Compliance Officer.

• Works with internal assessment team to develop a risk scoring methodology for the assessment questionnaire review to improve consistency in scoring individual and overall questionnaire responses.

• Continuously works toward improving workflow throughput by improving questionnaire content, reducing follow-up questions and improving overall vendor responses.

• Participates in effort to create questionnaire addressing vendor use of Cloud-based solutions within the requirements of HIPAA and of generally accepted security practices.

• Information Security liaison to MediTract/Contract Collaborator platform and Contracts Management team.

• Prepare documentation to support the development of information security policies, standards, guidelines, procedures and awareness training.

• Coordinates, schedules and tracks meetings of the ITS Policy Governance Committee.

• Participates in the development of the information security program by contributing to the development of Information Security policies, standards and procedures.

• Contributes to the forensic analysis of security violations.

• Participates in Privacy & Security Committee meetings as a liaison for information security items including exceptions.

• Develop the Exception Management Process and write the operating procedures.

• Works with Compliance Manager to track policy exceptions.

• Reviews new and renewed exception requests.

• Presents exception report at the monthly Privacy & Security Committee meetings.

• Supports the Chief Information Security Officer (CISO) in evolving the confidentiality, integrity, and availability of the information assets related to City of Hope business and information systems.

• Performs other related duties as assigned or requested.

Your qualifications should include:

• Bachelor's Degree; 3 additional years of experience plus the minimum experience requirement may substitute for minimum education.
• 5+ years of experience.

OR

• Masters degree and 3 years of experience

• Hospital/healthcare industry experience is desirable, but not required.

Preferred Certification/Licensure: GSEC - GIAC's Security Essentials Certification (or within 12 months of hire)

Any other certification is highly desirable:

CISA - Certified Information Systems Auditor

GIAC:

• GISP - Information Security Professional
• GSEC - Security Essentials Certification
• SSCP- Systems Security Certified Practitioner
• GISF- Information Security Forensics
• CBCP - Certified in Business Continuity Planning

City of Hope is an equal opportunity employer. To learn more about our commitment to diversity, equity, and inclusion, please click here.

To learn more about our Comprehensive Benefits, please CLICK HERE.