Recognized for Excellence. Chosen for Caring.
Human Resources: 700 Lawn Avenue, Sellersville, PA 18960  |  215-453-4874
Information Systems Security Analyst
Full Time, 8am-5pm
Sellersville, PA 18960

There's a new era of wellness ahead, and we no longer think about treating our bodies only when we're sick but nurturing our bodies when we are well, so we can stay in a perpetual state of good health. Grand View Health is leading the way to this new era with investments in technology, facilities, partnerships and, most importantly, compassionate and exceptional talent. Located in Upper Bucks County, Pennsylvania, Grand View Health is a well-established, independent hospital offering a full range of healthcare services. Our colleagues enjoy the best of both worlds by working for a high-quality, low-cost healthcare provider in a collaborative, community environment. Help us build this new era of wellness.
 

Responsibilities

The Security Analyst will support the mission of the Security Program in applying policies and procedures for securing data and systems. This position provides consulting and regulatory compliance guidance on strategic and technical initiatives and is knowledgeable of information security best practices and regulatory and compliance requirements that impact security for the enterprise. The Security Analyst will work to ensure security programs and technical controls are in compliance with policies, applicable laws and regulations.

The Security Analyst will identify and manage application vulnerabilities including, but not limited to, managing dynamic and static analysis. The analyst will also be involved in the assessment and understanding of data transfer security, as well as security profile assessment of third-party application and data storage providers. The analyst will be first-level security support of enterprise-level applications. The analyst will also identify and quantify IT risk factors for application security and related infrastructure. The analyst will also assist to facilitate administration of the Information Security Program. The analyst is expected to discuss the results and methods of remediation with third-party application providers.

Primary Responsibilities:
  • Responsible for ensuring adherence to applicable federal and state privacy laws and related policies and procedures.
  • Recommends information privacy technologies to ensure adaptation and compliance.
  • Represents the Information Security Program on various committees and workgroups.
  • Conducts investigations and case management.
  • Provides regular and ad hoc training and awareness.
  • Conducts monitoring and auditing activities and coordinates action to respond to identified risks and violations.
  • Conducts role-based education and training employees on security regulations and policies and procedures.
  • Leads the incident response team to investigate and correct violations of standards, confidentiality or information security. Ensures remedial action, corrects current problems and takes all available steps to prevent future problems.
  • Applies investigative techniques and audits to validate breach occurrences.
  • Conducts risk assessments to determine breach notification responsibilities.
  • Consults with patients and family members to obtain sensitive information and communicate investigative results, while ensuring a successful customer experience and service recovery.
  • Manages and documents all incidents utilizing case management solutions to ensure accurate documentation and reporting.
  • Collaborates with other departments, such as legal counsel, human resources, IT and HIM, to maintain organization compliance with federal and state laws regarding privacy, security and protection of information resources.
  • In cooperation with Human Resources, ensures compliance with privacy policies and consistent application of sanctions for failure to comply with privacy policies for all employees, extended workforce and business associates.
  • Provides coverage for privacy office operations, including triage of department voicemail, email and investigation cases.
  • Develops and manages necessary modifications to systemwide annual mandatory privacy and security education.
  • Interacts with third-party application providers to access their secure development practices.
  • Accesses application vulnerabilities of third-party applications and manages their remediation working with the providers.
  • Provides assessment /audit support.
  • Identifies, analyzes, monitors and minimizes areas of risk that pertain to application security.
  • Analyzes business impact and exposure based on emerging security threats, vulnerabilities and risks.
  • Develops and executes a program for secure application development education.
  • Provides assurance that quality and risks are effectively addressed in relation to applications.
  • Coordinates application security assessments of both internal and external application developer/providers.
     

Qualifications

  • 3 or more years of experience in privacy and/or compliance or equivalent experience in quality, audit, human resources, health information management, provider or customer relations or other related work.
  • 3+ years of experience in related field (privacy, cybersecurity, legal, compliance or other related field).
  • Healthcare experience preferred.
  • Working knowledge of privacy laws (i.e., HIPAA, HITECH, state privacy laws etc.) and access and release of information.
  • Proven ability to communicate professionally and effectively in written and oral format, along with the ability to think analytically and solve problems as required.
  • Experience in investigative techniques and ability to investigate complex privacy issues.
  • Excellent verbal and written communication skills.
  • CIPP/HCIPP or similar certification (e.g., CHPC, CHC, CIPP/US, CIPP/E, CIPM, CIPP/C).
  • Application and infrastructure audit experience.
  • Must be detail-oriented and involved in design and implementation of security tools.
  • PCI and HIPAA experience especially in understanding of tools and their integration into the organization to close identified gaps and to be able to implement discipline and solutions for PCI and HIPAA compliance.
  • Working knowledge of NIST standards and HITRUST is required.
Grand View Health is an equal opportunity employer.
Career, Employment, Jobs, Opening, Staff, Department, Unit, Office, Occupation, Compensation, Salary, Benefits, Hospital, Health Care, Clinic, Healthcare, Physician, Medical, Clinical, Computer, IS, IT, Information Technology, Information Systems, Health Information Systems, HIS, System, Network, Programmer, Analyst, Hardware, Software, App, Application, Help Desk, HelpDesk, Desktop, Database, Data, Security, Firewall
Site Map  |  www.GVH.org  |  For GVH Managers  |  © Grand View Health. All rights reserved.