How would you like to work in a place where your contributions and ideas are valued? A place where you can serve with compassion, pursue excellence and honor every voice? At Wellstar, our mission is simple, yet powerful: to enhance the health and well-being of every person we serve. We are proud to have become a shining example of what's possible when the brightest professionals dedicate themselves to making a difference in the healthcare industry, and in people's lives.

Work Shift

Job Summary:

The Sr. Information Security Analyst functions as an information security subject matter expert supporting all aspects of the WellStar Information Security GRC program with their knowledge and skills. The individual is experienced in many areas of the information security domains, and is able to conduct risk assessments, develop appropriate risk responses, report on findings and monitoring the security GRC environment for changes. The individual will have the capability to participate in multiple service engagements, projects and tactical initiatives at a time related to enterprise security, and is expected to be proficient at performing reviews of third-party risks assessments such as SOC reports and reports from vendor risk monitoring agencies, security certification organizations and regulatory agencies for potential security exposures. The Senior Analyst is also expected to mentor others interested in information security.

Core Responsibilities and Essential Functions:

Lead in: * Performing privacy and security risk assessments * Assessing third-party vulnerabilities and risk management, mitigating risks and vulnerabilities involved * Conducting threat analysis on data privacy, system security and their related operational activities * Planning risk responses as part of the security GRC cloud management process * Analyzing scope of incident responses, as well as planning and executing their related activities Assist in Information Security Program Development, including: * Development and maintenance of the information security plan and associated policies * Providing security policy updates, explanations, formal guidance, and related regulatory references * Creating program documentation and workflows to support PCI, NIST CSF, HIPAA HITRUST and other information security compliance management programs * Advising on information system security controls and standards, and their implementation Protect privacy of data and information assets by: * Gathering and documenting data flows, system flows and process flow information * Implementing information security governance, risk management and compliance * Assessing Information privacy assurance compliance pre and post implementation * Assessing security requirements of information assets pre and post implementation Conduct information security investigations * Modeling threats and quantifying risk appetites, and performing digital forensics * Calculating and qualifying security, vulnerability and compliance risk ratings * Conducting security investigations as well as privacy and security control assessments * Carrying-out policy and security control exception analysis and exception request response * Increase enterprise-wide security awareness and skill levels through planning and implementing large scale training and awareness programs and processes. Performs other duties as assigned Complies with all WellStar Health System policies, standards of work, and code of conduct.

Required Minimum Education:

Bachelor's Degree

Required Minimum License(s) and Certification(s):

All certifications are required upon hire unless otherwise stated.

Additional License(s) and Certification(s):

Required Minimum Experience:

Minimum 4 years additional experience Required and Minimum 5 years in information security, IT audit Required or a related field. Required

Required Minimum Skills:

Strong attention to details and accuracy Analytical, verbal and written communication Excellent problem solving and decision-making skills Expertise in performing System Security Plans (SSP) Third-party vendor contracting and risk management program leader Performing reviews of third-party risks assessments and SOC reports Leader in incident response planning and execution management Ability to perform privacy/security risk management and risk assessments Ability to effectively work on multiple projects or tasks simultaneously Subject matter expertise in at least one of the following: Security awareness, privacy assessments, threat assessments, identity management/RBAC, endpoint security, and data loss prevention Strategic planning and the development of supporting policies and procedures Knowledge leader of the HIPAA Security Rule, PCI DSS, NIST or ISO 270001/2

Join us and discover the support to do more meaningful work—and enjoy a more rewarding life. Connect with the most integrated health system in Georgia, and start a future that gives you more.