IS Risk & Compliance Analyst

Get Referred

Job Description

The Information Systems (IS) Risk and Compliance Analyst mid-level position supporting the Director IS Risk and Compliance is responsible for sustaining and improving the enterprise information security risk management framework, policy, processes, and tools for reducing Encompass Health¿s susceptibility to cybersecurity threats and vulnerabilities. Familiarity with computing technology, healthcare regulatory requirements, cybersecurity standards, vulnerability scanning and risk management is essential to the success of this position. The position is responsible for identifying, assessing, prioritizing, and monitoring internal and external risks to information systems including those of 3rd and 4th parties (vendors). The position supports efforts to gather prepare evidence in support of audits, assessments, and investigations and coordinates sometimes highly-visible cybersecurity risk/compliance assessments conducted by 3rd parties. The Risk and Compliance Analyst is adept at analyzing complex issues and distilling needed organizational responses into easy to comprehend actionable items.

The position requires a broad understanding of computer technologies, network administration, cloud computing, virtualization, cybersecurity, risk management, compliance, and the communication skills that facilitate effective communication. The position also requires effective engagement with internal and external stakeholders including various corporate departments, vendors, auditors, assessors, end users, other cybersecurity and risk management professionals, and ITG leadership.


Job Code: 101286

License or Certification:
- CRISC (Certified Risk and Information System Control) or equivalent
- CISSP (Certified Information System Security Professional) preferred but not required
Education, Training and Years of Experience:
- Associates Degree or Undergraduate Degree required
-Minimum 3 years IT Security or closely related experience required
-Expertise in:
     - Risk management
     - Vulnerability management and tools (e.g. Security Center, eGRC platforms, Imperva)
     - Identifying, tracking, monitoring, and remediating risk
     - Developing and documenting security policies and procedures
     - Preparing evidence for regulatory audits and investigations
      - Effective communication with stakeholders
      - Foundational technical concepts:
         - Web based technologies and VPN technology
          - TCP/IP Networking
          - User authentication (e.g. Active Directory, SAML 2.0)
          - Windows OS
          - Linux/Unix
          - Firewalls in high-availability environment and clustering
          - Virtualization
          - Cloud computing
          - Patch and vulnerability management
          - Application security
     - Regulatory compliance, cybersecurity standards, and audits:
          - HIPAA
          - HITECH
          - NIST
          - PCI
          - Sarbanes-Oxley
          - Privacy and Security
- Experience and/or expertise in one or more of the following concepts:
     - Layered security models
     - Information / data security
     - Network / transport security
     - Systems security
     - Application security
     - Email security / organizational phishing resiliency
     - Cloud computing security
     - Web security
     - 3rd party risk management
-IS risk and compliance analyst will also be a subject matter expert in the following:
     - Project management
     - Stakeholder engagement and coordination
     - Technical environment and support organization processes
- Ability to utilize Adobe Pro and Microsoft Office products including Word, PowerPoint, Excel, and Visio

Address: 9001 Liberty Parkway, Birmingham 35242
Schedule: Full-time
Job ID: 1924863