IS Risk & Compliance Analyst

Get Referred

Job Description

The Information Systems (IS) Risk and Compliance Analyst mid-level position supporting the Director IS Risk and Compliance is responsible for sustaining and improving the enterprise information security risk management framework, policy, processes, and tools for reducing Encompass Health¿s susceptibility to cybersecurity threats and vulnerabilities. Familiarity with computing technology, healthcare regulatory requirements, cybersecurity standards, vulnerability scanning and risk management is essential to the success of this position. The position is responsible for identifying, assessing, prioritizing, and monitoring internal and external risks to information systems including those of 3rd and 4th parties (vendors). The position supports efforts to gather prepare evidence in support of audits, assessments, and investigations and coordinates sometimes highly-visible cybersecurity risk/compliance assessments conducted by 3rd parties. The Risk and Compliance Analyst is adept at analyzing complex issues and distilling needed organizational responses into easy to comprehend actionable items.

The position requires a broad understanding of computer technologies, network administration, cloud computing, virtualization, cybersecurity, risk management, compliance, and the communication skills that facilitate effective communication. The position also requires effective engagement with internal and external stakeholders including various corporate departments, vendors, auditors, assessors, end users, other cybersecurity and risk management professionals, and ITG leadership.


Job Code: 101286

License or Certification:
- CRISC (Certified Risk and Information System Control) or equivalent
- CISSP (Certified Information System Security Professional) preferred but not required
Education, Training and Years of Experience:
- Associates Degree or Undergraduate Degree required
-Minimum 3 years IT Security or closely related experience required
-Expertise in:
     - Risk management
     - Vulnerability management and tools (e.g. Security Center, eGRC platforms, Imperva)
     - Identifying, tracking, monitoring, and remediating risk
     - Developing and documenting security policies and procedures
     - Preparing evidence for regulatory audits and investigations
      - Effective communication with stakeholders
      - Foundational technical concepts:
         - Web based technologies and VPN technology
          - TCP/IP Networking
          - User authentication (e.g. Active Directory, SAML 2.0)
          - Windows OS
          - Linux/Unix
          - Firewalls in high-availability environment and clustering
          - Virtualization
          - Cloud computing
          - Patch and vulnerability management
          - Application security
     - Regulatory compliance, cybersecurity standards, and audits:
          - HIPAA
          - HITECH
          - NIST
          - PCI
          - Sarbanes-Oxley
          - Privacy and Security
- Experience and/or expertise in one or more of the following concepts:
     - Layered security models
     - Information / data security
     - Network / transport security
     - Systems security
     - Application security
     - Email security / organizational phishing resiliency
     - Cloud computing security
     - Web security
     - 3rd party risk management
-IS risk and compliance analyst will also be a subject matter expert in the following:
     - Project management
     - Stakeholder engagement and coordination
     - Technical environment and support organization processes
- Ability to utilize Adobe Pro and Microsoft Office products including Word, PowerPoint, Excel, and Visio
Machines, Equipment Used:
- General office equipment such as telephone, copy machine, fax machine, calculator, computer.
Physical Requirements:
- Good visual acuity and ability to communicate.
- Ability to lift, lower, push, pull, and retrieve objects weighing a minimum of 30 pounds including medical supplies and equipment and the transferring and repositioning of patients.  Reasonable assistance may be requested when lifting, pushing, and/or pulling are undertaken which exceeds these minimum requirements.
Skills and Abilities:
- Ability to speak, read, write, and communicate effectively.
- Ability to coordinate, analyze, observe, make decisions, and meet deadlines in a detail-oriented manner.
- Ability to work independently without constant supervision.
Environmental Conditions:
- Indoor, temperature controlled, smoke-free environment. 
- Handicapped accessible.
- May work under stressful circumstances at times.
Proficiency or Productivity Standards:
- Has regular, reliable and predictable attendance and punctuality.
- Adheres to dress code including wearing ID badge.
- May be required to work weekdays and/or weekends, evenings and or night shifts if needed to meet deadlines. 
- May be required to work on religious and/or legal holidays on scheduled days/shifts.
- Will be required to work as necessary during disaster situations, i.e., before, during or after a disaster.
- May be required to stay after workday to assist after a disaster situation until relief arrives.
- May be required to perform other duties as assigned by supervisor.

Address: 9001 Liberty Parkway, Birmingham 35242
Schedule: Full-time
Job ID: 2026554