The site navigation utilizes arrow, enter, escape, and space bar key commands. Left and right arrows move across top level links and expand / close menus in sub levels. Up and Down arrows will open main level menus and toggle through sub tier links. Enter and space open menus and escape closes them as well. Tab will move on to the next part of the site rather than go through menu items.
Senior Security Analyst, Governance is responsible for using variety of IT Risk, Compliance, Security management tools and technologies to assess, review, analyze, measure and recommend actionable guidance to IT System and Service Owners to define, enhance security policies, controls, standards to manage and/or mitigate security risks for M Health Fairview. Successful candidate would possess understanding of security principles, frameworks, company policies, risk and compliance needs for M Health Fairview. Operational duties may include collaborating with peer engineers/analysts, analyzing, prioritizing and leading gap mitigation efforts to address key security policy, standards and regulatory compliance gaps. Senior Security Analysts will have deep understanding of potential security threats, vulnerabilities, risks or exposure and exploitability, criticality of service or technology to business and disaster and recovery, resiliency needs, counter measures and methods to address risks. Successful candidate will proactively lead actions to assess, enumerate risk and collaborate with IT and Business teams to come up with remediation steps and help minimize security risk.
Understanding of vulnerability classes (OWASP) and how they can be exploited
Understanding of various domains of security including authentication, authorization, network security, data, system device and Operating Systems, coding principles, development methodologies, web/mobile applications, use of public and private networks, devices and applications hosted in public/private/hybrid cloud environments
Expert in one or more areas of IT Risk assessments, risk management, regulatory compliance needs for PCI/HIPAA/SOX, Security & Risk Policies, IT & Security Governance, Disaster Recovery/Business Continuity Management, Internal Audit, Risk Matrix & IT General Controls
Experience analyzing risk and prioritization of vulnerability remediation using MITRE ATT&CK within the greater context of assets and the control stack
Understanding of security policies, standards, risk enumeration techniques, cybersecurity frameworks
Work with vendors, health and business partners to ensure security remediation milestones are being met
Lead technical and risk management groups to identify and remediate gaps including tool/technology deficiencies
Perform analyses to validate established security requirements and to recommend additional security requirements and safeguards.
Define and document processes and enhance existing processes partnering with business and IT teams.
Serve as security subject matter expert in assisting external and internal audits, risk assessments, business resiliency, policy and standard violation investigations, IT capacity planning, potential security/privacy investigations and remediation of identified gaps.
Assist in define security policies and standards, train/educate/measure security awareness, audit development and build lifecycles.
Lead complex projects related to information security regulatory compliance and the implementation and maintenance of all cybersecurity programs, processes and technologies. Assure the implementation of appropriate security configurations or re-configurations and work with appropriate teams to execute them as required.
Foster a culture of improvement, efficiency gains and innovative thinking. Coach and mentor team members as needed. Adapt and embrace change and demonstrate flexibility in taking up and fulfilling other duties as assigned.
Bachelors degree in Computer Science, Computer Engineering, Technology Information Systems, Engineering or related technical discipline or combination of relevant experience/education.
7+ years of cumulative experience in policy, risk management, audit, compliance, governance, development and/or support of IT or Business Systems
3+ years of experience in two or more areas of managing/supporting Security policy, security standards, risk management, internal/external security audit, threat modeling, security access governance, deployment/support of Cybersecurity tools and technologies
Ability to thrive in a sense-of-urgency environment and leverage best practices
Language & Communication Skills
Ability to effectively communicate both verbally and written with all levels within the organization
Ability to explain technical concepts and adjust messaging based on the audience, including non-technical groups
Ability to influence through outstanding interpersonal skills, collaboration, and negotiation skills
Ability to work well within a team environment, as well as independently
Bachelors degree in Computer Science, Computer Engineering, Technology Information Systems, Engineering or related technical discipline
Ability to author and edit scripts such as PowerShell, Python and exposure to or knowledge of REST API and JSON batching and workflow automation
Industry specificcertifications Security+, CASP, CEH, Pentest+ or equivalents, Technical certifications such as SANS GIAC, OCSP are a plus
Together with the University of Minnesota and University of Minnesota Physicians we have created M Health Fairview. M Health Fairview is the newly expanded collaboration among the University of Minnesota, University of Minnesota Physicians, and Fairview Health Services. The healthcare system combines the best of academic and community medicine — expanding access to world-class, breakthrough care through our 10 hospitals and 60 clinics.
Fairview Health Services (fairview.org) is an award-winning, nonprofit health system providing exceptional care across the full spectrum of health care services. Fairview is one of the most comprehensive and geographically accessible systems in the state, with 10 hospitals—including an academic medical center and long-term care hospital—serving the greater Twin Cities metro area.
Its broad continuum also includes 60 primary care clinics, specialty clinics, senior living communities, retail and specialty pharmacies, pharmacy benefit management services, rehabilitation centers, counseling and home health care services, medical transportation, an integrated provider network and health insurer PreferredOne. In partnership ...with the University of Minnesota, Fairview’s 32,000 employees and 2,400 affiliated providers embrace innovation to drive a healthier future through healing, discovery and education.