Healthcare Sec Risk Analyst

Healthcare Security Risk Analyst
Hiring Range: $110,000 - $120,000

Please note, this position is not eligible for H-1B or Green Card sponsorship. This position does
not offer a STEM OPT training program.

The University of Minnesota is committed to fostering local talent through employment
opportunities. While this position utilizes a hybrid work modality, prospective applicants must
be located either in the state of Minnesota or near the Wisconsin border OR otherwise open to
relocation.

The Information Security Risk Analyst 3 works to improve the information security posture of the
University's Health Care Components (HCC) through information security risk assessments,
policy and regulatory consultation, and exception management. The role is responsible for
facilitation of the risk management program in the HCC, provides leadership to the risk
assessment process and technical and procedural guidance to less experienced peers, and
serves as a presenter and contact point for Deans and senior University leaders.

Job Responsibilities:

Governance, Risk and Compliance (60%)

• Lead the information security risk management program within the University's Health
  Care Components by identifying areas most in need of risk assessment, leading risk
  assessments with other information security risk analysts, and utilizing analysis from
  information security architects.
• Design and manage ongoing program improvements to ensure alignment with regulatory
  standards and best practices
• Lead and coordinate multiple security risk assessments independently
  utilizing Information Security control structures such as: ISO 27001 / 27002, NIST
  800-171; Health Industry Cybersecurity Practices (HICP): (805d), HITRUST; others;
  develop risk remediation plans and facilitate risk remediation efforts.
• Communicate risk assessment results and risk mitigation strategies to senior leaders.
• Analyzes trends from risks assessments to identify areas most in need of mitigation
  efforts.
• Provide consultation on information security regulations and standards, such as HIPAA
  and NIST, to various audiences; including guidance for department-level risk analysis
  procedures.
• Assist with development and maintenance of information security policies, procedures,
  standards and guidelines based on industry best practices and compliance
  requirements.
  • Maintain alignment of HCC-specific written policy controls to industry standards
    (HICP, HITRUST, etc.)
• Consult and provide quality assurance for information security reviews of vendors and
  suppliers.
  Relational/Programmatic Development - 20%
• Work across the Health Care Components (HCC) with key stakeholders in helping to
  determine compliance needs
• Coordinate with HIPAA Security Officer on key HCC needs and planning
• Utilize a Governance, Risk, and Compliance (GRC) tool to develop and implement
  continuous monitoring processes, supporting ongoing compliance and driving
  continuous improvement in the organization's security posture.
  Security Consultation and Leadership (20%)
• Provide leadership, training, and guidance for student workers in information security
• Provide procedural and technical guidance to less experienced risk analysts.
• Works to project manage and build requirements for our Governance, Risk and
  Compliance system.
• Consult with administrative and collegiate units to address policy and process related
  information security risks identified through the information security gap analysis and
  exception management efforts.
  

Required Qualifications:

• Bachelor's degree and 4 years of relevant work experience or a master's degree plus at least 2 years of experience.
• Experience in security risk assessment.
• Strong analytical and problem solving skills.
• Relevant work experience in a health care environment
• Excellent communication (oral, written, presentation), interpersonal and consultative
  skills with various stakeholders, including organizational leadership.

Preferred Qualifications:

• Experience in HIPAA security risk assessment, vendor assessment, HIPAA consultation
  or audit.
• Relevant work experience in a higher education environment with both research and
  clinical areas
• Deep understanding of the HIPAA Security Rule, Privacy Rule and Breach Notification
  Rule
• Knowledge of information security standards (e.g., ISO 27001/27002, NIST 800-171,
  etc.), rules and regulations related to information security and data confidentiality (e.g.,
  FERPA, HIPAA, PCI DSS, etc.)
• CISSP, CISA, or other HIPAA security & privacy certifications

Pay Range: $110,000 - $120,000; depending on education/qualifications/experience

Time Appointment: 100% Appointment

Position Type: P&A Staff

Please visit the Office of Human Resources website for more information regarding benefit eligibility.

The University offers a comprehensive benefits package that includes:

• Competitive wages, paid holidays, and generous time off
• Continuous learning opportunities through professional training and degree-seeking programs supported by the Regents Tuition Benefit Program
• Low-cost medical, dental, and pharmacy plans
• Healthcare and dependent care flexible spending accounts
• University HSA contributions
• Disability and employer-paid life insurance
• Employee wellbeing program
• Excellent retirement plans with employer contribution
• Public Service Loan Forgiveness (PSLF) opportunity
• Financial counseling services
• Employee Assistance Program with eight sessions of counseling at no cost
• Employee Transit Pass with free or reduced rates in the Twin Cities metro area

While our salary ranges provide a framework, it is important to note that most of the time, the initial pay may not reach the maximum of the range. This approach ensures that compensation reflects the value and unique contributions of each candidate while maintaining equity within our organization. As part of our commitment to fair and equitable compensation, please be aware that the salary offered to incoming candidates will be based on their individual credentials and experience.

Applications must be submitted online. To be considered for this position, please click the Apply button and follow the instructions. You will be given the opportunity to complete an online application for the position and attach a cover letter and resume.

Additional documents may be attached after application by accessing your "My Job Applications" page and uploading documents in the "My Cover Letters and Attachments" section.

To request an accommodation during the application process, please e-mail employ@umn.edu or call (612) 624-8647.

The University recognizes and values the importance of diversity and inclusion in enriching the employment experience of its employees and in supporting the academic mission. The University is committed to attracting and retaining employees with varying identities and backgrounds.

The University of Minnesota provides equal access to and opportunity in its programs, facilities, and employment without regard to race, color, creed, religion, national origin, gender, age, marital status, disability, public assistance status, veteran status, sexual orientation, gender identity, or gender expression. To learn more about diversity at the U: http://diversity.umn.edu

Any offer of employment is contingent upon the successful completion of a background check. Our presumption is that prospective employees are eligible to work here. Criminal convictions do not automatically disqualify finalists from employment.

The University of Minnesota, Twin Cities (UMTC)

The University of Minnesota, Twin Cities (UMTC), is among the largest public research universities in the country, offering undergraduate, graduate, and professional students a multitude of opportunities for study and research. Located at the heart of one of the nation's most vibrant, diverse metropolitan communities, students on the campuses in Minneapolis and St. Paul benefit from extensive partnerships with world-renowned health centers, international corporations, government agencies, and arts, nonprofit, and public service organizations.

At the University of Minnesota, we are proud to be recognized by the Star Tribune as a Top Workplace for 2021, as well as by Forbes as Best Employers for Women and one of America's Best Employers (2015, 2018, 2019, 2023), Best Employer for Diversity (2019, 2020), Best Employer for New Grads (2018, 2019), and Best Employer by State (2019, 2022).