Job Description

Sentara Healthcare is seeking to hire a qualified individual to join our team as a IT Security Governance Analyst

Position Status: Full-time, Day Shift

Position Location: This position is 100% remote.

Standard Working Hours: 8:00AM to 5:00PM (ET).

Minimum Requirements:

• 3-5 years - Knowledge of IT Audit techniques and industry standards.
• 3-5 years - Knowledge of PCI-DSS, SOC 2 TYPE 2, HIPPA, ISO 27001:2022 (to name a few) standards and guidelines
• Strong analytical and technical skills.
• 3-5 years - Knowledge of information security standards, including CIS Critical controls and the NIST Cybersecurity Framework (to name a few).
• Ability to systematically assess a problem or situation to identify probable causes and solutions accurately.
• Understanding of a broad range of IT disciplines that would impact overall security posture.
• Proficiency in relating complex technical situations to non-technical customers.
• Ability to prioritize workload and consistently meet deadlines.
• CISSP, CISM, or equivalent.

Diversity and Inclusion at Sentara

Our vision is that everyone brings the strengths that come with diversity to work with them every day. When we are achieving our vision, we have team members that feel they belong and can be their authentic selves, and our workforce is reflective of the communities we serve.

We are realizing this vision through our Diversity and Inclusion strategy, which has three pillars: A diverse and talented workforce, an inclusive and supportive workplace, and outreach and engagement with our community. We have made remarkable strides in these areas over the past several years and, as our world continues to evolve, we know our work is never done.

Our strategies focus on both structural inclusion, which looks at our organizational structures, processes, and practices; as well as behavioral inclusion, which evaluates our mindsets, skillsets, and relationships. Together, these strategies are moving our organization forward in an environment that fosters a culture of mutual respect and belonging for all.

Please visit the link below to learn more about Sentara\xe2\x80\x99s commitment to diversity and inclusion:

https://www.sentara.com/aboutus/mission-vision-and-values/diversity.aspx

Sentara Overview
For more than a decade, Modern Healthcare magazine has ranked Sentara Healthcare as one of the nation\'s top integrated healthcare systems. That\'s because we are dedicated to growth, innovation, and patient safety at more than 300 sites of care in Virginia and northeastern North Carolina, including 12 acute care hospitals.

Sentara Benefits
As the third-largest employer in Virginia, Sentara Healthcare was named by Forbes Magazine as one of America\'s best large employers. We offer a variety of amenities to our employees, including, but not limited to:

• Medical, Dental, and Vision Insurance
• Paid Annual Leave, Sick Leave
• Flexible Spending Accounts
• Retirement funds with matching contribution
• Supplemental insurance policies, including legal, Life Insurance and AD&D among others
• Work Perks program including discounted movie and theme park tickets among other great deals
• Opportunities for further advancement within our organization

Sentara employees strive to make our communities healthier places to live. We\'re setting the standard for medical excellence within a vibrant, creative, and highly productive workplace. For information about our employee benefits, please visit:

Join our team! We are committed to quality healthcare, improving health every day, and provide the opportunity for training, development, and growth!

Please Note: The Covid Vaccination(s) and yearly Flu Vaccination are required for employment.

Note: Sentara Healthcare offers employees comprehensive health care and retirement benefits designed with you and your family\'s well-being in mind. Our benefits packages are designed to change with you by meeting your needs now and anticipating what comes next. You have a variety of options for medical, dental and vision insurance, life insurance, disability, and voluntary benefits as well as Paid Time Off in the form of sick time, vacation time and paid parental leave. Team Members have the opportunity to earn an annual flat amount Bonus payment if established system and employee eligibility criteria is met.

For applicants within Washington State, the following hiring range will be applied: $68,473.60 to $114,108.80.

Responsible for day-to-day support and optimization of software applications, including builds, upgrades, and system enhancements. Analyzes business / clinical needs, evaluate software releases and/or new products, and gives recommendations to optimize processes and decrease expenses. Possesses in-depth business / clinical and application knowledge and experience. Performs and documents workflow assessments to determine functional requirements for optimal utilization of applications. Develops system test plans and performs testing of software upgrades and patches. Maintains a record of test progress and test results. Responsible for problem, incident, and change management and service requests. Provides daily on-call support to the customer base for application-related issues. Works within a cross-functional team and with end-users to achieve application integration to meet business / clinical needs. Responsible for the communication of software issues, requirements, upgrades, and enhancements. Oversees smaller-sized projects or components of projects. Coordinates implementation or project planning around software application releases. Possesses a key certification(s) or other credential(s) which is determined central to the systems or applications supported. An Experienced Professional applies practical knowledge of job areas typically obtained through advanced education and work experience. Responsibilities typically include: \xe2\x80\xa2 Works independently with general supervision. \xe2\x80\xa2 Problems faced are difficult but typically not complex. \xe2\x80\xa2 May influence others within the job area through explanation of facts, policies, and practices. Experience in lieu of Bachelor\xe2\x80\x99s Degree 3 years of relevant experience with a degree 5+ years of relevant experience without a degree

IT Security Governance Analyst

Summary:

Under general supervision of the Sr. Manager, Cyber & Privacy Governance, the IT Security Governance Analyst is a front-line member of the IT Security Program team responsible for the overall management of the IT Security Program. The IT Security Governance Analyst is responsible for supporting internal, external, and client audits, managing security risks within a GRC solution, and assessing security-related risks associated with third parties.

Essential Duties and Responsibilities

• Assist in developing checklists, programs, and/or guidelines to support Security Governance processes.
• Support auditors, including advising on scope, training of staff, interpretation of control requirements, and gathering of artifacts.
• Coordinate Internal/External audit artifact requests and meetings.
• Oversee the gathering and reporting of metrics related to audit support, including remediation of audit findings and potential audit impacts.
• Assist in the creation of security risk and metric reports provided to management.
• Gather client requirements and data which may include site surveys and system evaluations.
• Assist in managing the ongoing due diligence process of third-party oversight.
• Performs other related duties, as required by Sr. Manager, Cyber & Privacy Governance

Qualifications

• 3-5 years - Knowledge of IT Audit techniques and industry standards.
• 3-5 years - Knowledge of PCI-DSS, SOC 2 TYPE 2, HIPPA, ISO 27001:2022 (to name a few) standards and guidelines
• Strong analytical and technical skills.
• 3-5 years - Knowledge of information security standards, including CIS Critical controls and the NIST Cybersecurity Framework (to name a few).
• Ability to systematically assess a problem or situation to identify probable causes and solutions accurately.
• Understanding of a broad range of IT disciplines that would impact overall security posture.
• Proficiency in relating complex technical situations to non-technical customers.
• Ability to prioritize workload and consistently meet deadlines.

Education and Experience Requirement:

• Bachelor\xe2\x80\x99s degree in computer science, Information Systems, or Cyber Security preferred; or CISSP, CISM equivalent.
• 3+ years\' experience in Information Security, particularly GRC scope.
• PREFFERED HEALTHCARE EXPERIENCE: 3-5 years\' experience Exclusively in well-established Health Plan and Health Provider Organization(s) focused on Information Security (e.g. Anthem).
• Experience with ticketing systems and some experience with ServiceNow is PREFERRED
• Experience with office productivity, reporting, and technical documentation software
• Exposure to systems monitoring tools and logging tools.

This is a REMOTE position in the following states:

• Virginia,
• North Carolina,
• Alabama
• Delaware
• Florida
• Georgia
• Idaho
• Indiana
• Kansas
• Louisiana
• Maine
• Maryland
• Minnesota
• Nebraska
• Nevada
• New Hampshire
• North Dakota
• Ohio
• Oklahoma
• Pennsylvania
• South Carolina
• South Dakota
• Tennessee
• Texas
• Utah
• Washington (state)
• West Virginia
• Wisconsin
• Wyoming

• Bachelor\'s Level Degree

Sentara Health