Security Analyst

The Security Analystwill report to OneOncology’sSr. Director, IT Security.This position will play a critical role in enhancing the security posture of our oncology physician practices while ensuring strict compliance with HITRUST standards for our corporate office. Youwillbe responsible forimplementing andmaintainingrobust security measures, analyzing vulnerabilities, and responding to security incidents. Yourexpertisewill contribute to safeguarding sensitive healthcare data andmaintainingthe confidentiality, integrity, and availability of our systems and information.

Responsibilities

• Collaborate with cross-functional teams toidentifyand address security risks and vulnerabilities acrossour oncology physician practices. 

• Develop and implement security policies, procedures, and guidelines tailored to the unique needs of thehealthcare environment. 

• Conduct ongoing risk assessments and security audits tomaintainand demonstrate compliance 

• Stay updated with the latest security trends, threats, and technologies to proactively enhance our securityposture. 

• Ensure compliance with HITRUST standards, HIPAA regulations, and other relevant healthcare securityrequirements. 

• Conduct ongoing risk assessments and security audits to maintain and demonstrate compliance.

• Assistin the preparation of documentation, reports, and evidencefor compliance audits. 

• Develop andmaintainan incident response plan to effectively handle security breaches, incidents, andbreaches of sensitive data. 

• Investigate security incidents, perform root cause analysis, and recommend corrective actions to preventrecurrence. 

• Collaborate with IT teams to implement security patches, updates, and configurations to mitigatevulnerabilities. 

• Provide education and training to staff and stakeholders to promote a culture of security awareness andcompliance.

• Monitor and analyze security alerts, logs, and reports to detect, proactively mitigate, and respond tosecurity threats and breaches. 

• Evaluate the security practices of third-party vendors and partners to ensurecompliancewith oursecurity standards.

• Other duties as assigned to help drive our mission of improving the lives of everyone living with cancer.  

Key Competencies

• Success in leading and managing large, complex projects with multiple phases.

• Excellent interpersonal, written (grammar, spelling, format), and verbal communication skills

• Excellent organizational skills and attention to detail

• Reliable, fast learner, self-motivated

• Ability to effectively handle shifting priorities and adapt to changing demands in a dynamicenvironment

• Ability to develop alternative solutions to problems; comparing and analyzing data andmeasuring results.

Qualifications

• Bachelor's degree in Information Security, Computer Science, ora relatedfield. Relevant certifications (e.g., CISSP, CISM, CompTIA Security+) are preferred.

• Proven experience in information security and compliance, preferably in a healthcare or regulated environment.

• In-depth knowledge of HITRUST, HIPAA, and other relevant healthcare security standards and regulations.

• Strong understanding of security technologies, tools, and methodologies, including intrusion detection systems, firewalls, encryption, and vulnerability assessment.

• Excellent analytical, problem-solving, and communication skills.

• Ability to work independently and as part of a team, effectively managing multiple tasks and priorities.

• Strong interpersonal skills to collaborate with stakeholders across various departments and levels of the organization.

• Experience with security incident response and management protocols.