BJC Careers

IT Security Risk Register Analyst

Saint Louis, MO
Information Services


Job Description

Job ID: 1176996
Employment Status: Full-Time
Regular/Temporary: Regular

Your Career. Made Better.

BJC HealthCare is one of the largest nonprofit health care organizations in the United States, delivering services to residents primarily in the greater St. Louis, southern Illinois and mid-Missouri regions. BJC serves patients and their families in urban, suburban and rural communities through its 15 hospitals and multiple community health locations. Services include inpatient and outpatient care, primary care, community health and wellness, workplace health, home health, community mental health, rehabilitation, long-term care and hospice.

IS Security Services serves as an independent, objective catalyst for implementing effective and efficient controls to protect BJC HealthCare (BJC) information resources through collaboration with customers. We provide value to our customers and the organization by: Ensuring compliance with internal policies and external regulations; evaluating information system and application controls; educating BJC employees and other strategic partners on information systems security practices and concepts; acting as a resource on security controls for new and existing information systems and applications; recovering mission critical applications and data vital to the organization and strategic partners; investigating practices not in compliance with established BJC Information Services security policies and standards.


Join Us!


Role Purpose

Performs duties associated to the Risk Register for BJC. Using an understanding of cybersecurity and security risks and controls as it relates to business solutions, provides support for clinical and other functional areas within BJC. Utilizes qualitative and quantitative techniques to enable prioritization, resolution and reporting of risks on BJC assets.


Responsibilities

  • Manage the IT Security Risk Register, track remediation and obtain status of mitigation activities/plans. Responsible for accurate and timely addition and maintenance of status updates for all Risk Register items.
  • Manage and prioritize risks and assist with the follow up and resolution of risk register findings in accordance with BJC leadership and organization business goals. This includes risks or findings associated, but not limited to Security Operations Center (SOC) security incidents and Threat and Vulnerability Management (TVM) threat and vulnerability scans, organizational risk assessments, legal and compliance issues, internal and external audits, business continuity, disaster recovery and/or any type of risks including or impacting IT security.
  • Responsible for Risk Acceptance forms including documentation of risks and business justification as well as obtaining approvals and tracking risk acceptance completion and reporting.
  • Participates in GRC Tool implementation and performance of risk analyses using the Factor Analysis of Information Risk framework, as assigned.
  • Direct efforts towards meeting business expectations, success factors (e.g., KPIs) and performance characteristics for products and services (e.g., IT minimum security requirements maintaining system and applications).

  • Minimum Requirements

     

    Degree

  • Associate's Degree
  •  

    Experience

  • 2-5 years

  •  

    Preferred Requirements and Additional Job Information

     

    Degree

  • Bachelor's Degree
  •  

    Experience

  • 5-10 years
  •  

    Supervisor Experience

  • No Experience
  •  

    Licenses & Certifications

  • CEH
  • CIA
  • CISA
  • CISA or CRISC
  • Cert. Info Security Officer
  • CISSP
  • Healthcare Information Sec

  • Benefits Statement

    Note: not all benefits apply to all openings

    -  Comprehensive medical, dental, life insurance, and disability plan options
    -  Pension Plan*/403(b) Plan
    -  401(k) plan
    -  Tuition Assistance
    -  Health Care and Dependent Care Reimbursement Accounts
    -  On-Site Fitness Center (depending on location)
    -  Paid Time Off Program for vacation, holiday and sick time

    *Pension does not apply to Memorial Hospital, Memorial Hospital East, Memorial Medical Group, Alton Memorial or Parkland Health Center


    Legal Statement

    The above information on this description has been designed to indicate the general nature and level of work performed by employees in this position. It is not designed to contain or be interpreted as an exhaustive list of all responsibilities, duties and qualifications required of employees assigned to this job.

     

    Equal Opportunity Employer