IS Senior Risk Analyst - Meaningful Use Assessor
Dorchester, MA

Job Description

POSITION SUMMARY

* Reporting to the IS Risk Manager, the IS Senior Risk Analyst will have corporate responsibility for monitoring and reporting on IS system and process compliance with required authoritative obligations (e.g., HIPAA, HITECH, Meaningful Use, MA 201.CMR.17, PCI, etc) and remediation efforts to resolve gaps in compliance
* Under the direction of the Information Security Risk Manager, the IS Senior Risk Analyst will document controls necessary to assure compliance with required authoritative obligations based-upon industry best practice frameworks
* The IS Senior Risk Analyst will work closely with the Compliance, Privacy & Audit organizations to assess and report upon the processes and solutions necessary to maintain compliance with required authoritative obligations
* The IS Senior Risk Analyst oversee efforts necessary to assure compliance with authoritative obligations
* The IS Senior Risk Analyst will be responsible for assisting with vendor risk assessments
* Working with established contacts throughout the business and clinical environments, the IS Senior Risk Analyst will be responsible for tracking, investigating and responding to any discovered/reported incidents or audit findings related to IS non-compliance

KEY RESPONSIBILITIES

* Follow the third-party risk assessment and treatment process within the organization
* Maintain the security awareness program designed to facilitate a safe computing environment for all associates, contractors and other business partners
* Monitor regulatory compliance (e.g., HIPAA, HITECH, MA 201.CMR.17, PCI, etc.) among associates, contractors and other business partners
* Periodically evaluate and audit internal controls to ensure that they comply with authoritative obligations
* Assist in ensuring that appropriate business continuity and disaster recovery programs are developed, tested, and maintained
* Monitor changes in legislative, regulatory and statutory obligations pertaining to the healthcare industry in particular and contribute to ensuring that internal controls remain compliant
* Serve as the information risk management liaison for the Information Security Office to system users
* Review all system-related compliance plans and act as liaison for the Information Security Office to the information systems department

QUALIFICATIONS

* Understanding of information security and privacy concepts and practices
* Understanding of information technology concepts and practices
* Ability to communicate effectively
* Ability to understand and assess business risk
* Ability to integrate long-range planning with short-term activity
* Ability to relate with patients, hospital/practices and providers and understand their needs
* Ability to relate with regulators and other external auditors and understand their needs
* Ability to maintain professional image and enthusiasm

Education/Relevant Experience

* Three-plus years' experience in information security risk assessments, , IT auditing, project management, operational readiness assessment and risk management, with a focus on the healthcare environments
* Bachelor's degree required
* Archer administration/development a plus
* Certification in information security and/or audit, such as CISSP, CISM or CISA a plus
* Three-plus years of process/program management experience in large-scale public or private audit/consulting, business, financial or information systems operations, with a focus on the healthcare environments a plus
* Large systems/client-server information security knowledge/experience: operating systems, database management systems, system security software, storage and tape library management, telecommunications, EDI, e-Commerce security issues and controls