CISM - Certified Information Security Manager
The Senior Cyber Risk Management Analyst is an integral part of the Information Security team and helps improve the maturity level of technology risk practices across the enterprise, as the organization continues to grow at a rapid pace. The Analyst is responsible for adhering with regulatory guidance for identifying, managing, and reporting on risks impacting the organization’s strategy and operations, consistent with a commitment to maintain a high standard of compliance with all applicable laws and regulations, as well as overall sound risk management. Works collaboratively with various stakeholders and levels across the organization to execute a risk-based methodology for identifying, measuring, and managing the various types of third-party and information risk to the organization. The Senior Cyber Risk Management Analyst is responsible for providing guidance to business decision-makers on issues and development of risk mitigation strategies. May develop or assist with evaluating policies, processes and standards to reduce risk, and ensure information confidentiality, integrity and availability.
Perform quantitative security reviews on new applications and devices, assessing technologies, processes, risks and controls; monitor evolving risks and threats maintained within the risk register, including third party risks, and collaborate with business owners on threat mitigation strategies. Recommend enhancements and improvements to the security review process.
Coordinate and perform information security risk assessments to ensure that controls surrounding data protection, privacy, and access (among other areas) are compliant with corporate standards and risk appetite, as well as regulatory requirements. Recommend, develop and track remediation plans to address the identified vulnerabilities.
Develop, coordinate, plan and execute risk-based security assessments of third parties to ensure ongoing compliance with regulations, legislation, contractual obligations, company policies, and internal controls. Develop risk mitigation plans and strategy in conjunction with the relevant third parties and track to timely remediation. Perform in-depth reviews and analysis of contracts and agreements to support the business when selecting vendors in order to proactively identify information security risks prior to contracting with a third party. Contribute to the development of operational data quality standards, metrics, and supporting processes. Prepare and develop executive-level metrics reports and periodic communication to leadership and governing committees.
Support the execution and continual enhancement of an information security risk assessment program, with emphasis on compliance with the HIPAA Security Rule, NIST 800-53 and Cybersecurity Framework.
Act as Technology and Cybersecurity Risk Subject Matter Expert on assigned projects and working groups, developing a positive working relationship with internal clients, staff, peers, and management. Prepare reports and communication to leadership, stakeholders, and governing committees.
Proactively work with technology and business unit professionals to identify and assess technology and cybersecurity risks associated with business activities, ensuring alignment with information security risk and privacy frameworks. Provide guidance and support initiatives leading to the adoption and execution of new and existing information protection policy requirements. Develop, maintain and perform testing of the security risk register, supporting tooling and automation. Participate and assist with the implementation of new tools as well as the corresponding workflows and processes.
Maintain a high level of technical knowledge through ongoing research and development activities; maintain a deep understanding and advanced knowledge of commonly used IT governance, risk and compliance frameworks.
Responds to emergency situations when they arise and will assist to resolve problems as required.
Assist in special projects or assignments within other areas of Information Security or possibly outside of Information Security.
Minimum 7 years experience in an information security risk management role.
Bachelor’s degree in technology or information security related field or 8 years related work experience required.
Requires working knowledge of information security legal and regulatory requirements such as HIPAA, FIPA, and PCI-DSS as well as several years exposure to frameworks such as NIST, ISO, COBIT, or HITRUST.
The position requires an intermediate level of technical knowledge in the areas of network, operating, system, database, identity management, Internet/web, cloud and endpoint security.
Experience with industry standard enterprise risk assessment and management solutions is preferred.
Ability to partner with, and influence others to build consensus utilizing strong analytical skills and demonstrated aptitude for identifying and interpreting enterprise risks and mitigating controls including evolving risks, threats, vulnerabilities, impact, and emerging technologies.
Excellent written, oral and presentation skills and an ability to synthesize information to assist in making clear, concise recommendations on courses of action or mitigation.
Ability to effectively prioritize and maintain focus on multiple tasks while working in an agile environment with a diverse set of stakeholders as well as an ability to work both independently and as part of a team.
Certifications such as CISSP, CRISC, CISM, CISA, CSX-P, CAP are desirable.
Baptist Health South Florida is once again one of the 2021 Fortune 100 Best Companies to Work For! This is the 21st time Baptist Health has been recognized on the list. We have also been recognized for being among the best healthcare providers in the nation by U.S. News & World Reports in its 2020-2021 Best Hospitals and have been honored as one of PEOPLE's 2020 50 Companies that Care by PEOPLE magazine and Great Place to Work. Baptist Health South Florida is the region's largest not-for-profit healthcare organization with more than 23,000 employees working across 11 hospital campuses and more than 100 outpatient facilities throughout Miami-Dade, Monroe, Broward, and Palm Beach counties. In 2016 we welcomed the newest weapon in the fight against cancer, the world-class Miami Cancer Institute, and proton therapy center. Everything we do at Baptist Health, we do to the best of our ability. That includes supporting our team with extensive training programs, millions of dollars in tuition assistance, comprehensive benefits, and more. Working within our award-winning culture means getting the respect and support you need to do your best work ever. Find out why this is the best place to be your best!