BJC Careers

IT Security Risk Assessor

Saint Louis, MO
Information Services

Job Description

Job ID: 1177039
Employment Status: Full-Time
Regular/Temporary: Regular

Your Career. Made Better.

BJC HealthCare is one of the largest nonprofit health care organizations in the United States, delivering services to residents primarily in the greater St. Louis, southern Illinois and mid-Missouri regions. BJC serves patients and their families in urban, suburban and rural communities through its 15 hospitals and multiple community health locations. Services include inpatient and outpatient care, primary care, community health and wellness, workplace health, home health, community mental health, rehabilitation, long-term care and hospice.

IS Security Services serves as an independent, objective catalyst for implementing effective and efficient controls to protect BJC HealthCare (BJC) information resources through collaboration with customers. We provide value to our customers and the organization by: Ensuring compliance with internal policies and external regulations; evaluating information system and application controls; educating BJC employees and other strategic partners on information systems security practices and concepts; acting as a resource on security controls for new and existing information systems and applications; recovering mission critical applications and data vital to the organization and strategic partners; investigating practices not in compliance with established BJC Information Services security policies and standards.

Join Us!

Role Purpose

Performs security risk assessments for BJC.  Serves as a subject matter expert in cybersecurity and security risks and controls as it relates to business solutions used to support clinical and other functional areas. Responsible for readily identifying mitigation controls for gaps identified to help defend the BJC infrastructure


  • Perform security risk assessments on new or existing business solutions, primarily related to risks surrounding confidentiality, integrity and availability, working within healthcare and service management frameworks and established minimum security requirements. On high or critical applications, identify control gaps and work with business owners to provide actionable risk remediation activities and timelines. Using data, provide creative solutions that align with strategic clinical and business workflows. Ensure compliance of system and application security, in accordance with defined service levels, security practices/guidelines, and relevant technology standards. Perform quarterly follow up activities to report on status and/or mitigation completion and assist with follow p and resolution of internal/external audit and other findings added to the Risk Register, as assigned.
  • Effectively and professionally collaborate with IT staff and vendors with remediation guidance and lead efforts in all other security assessment functions. Perform timely vendor vetting assessments on potential business solutions based on business partner requests, highlighting security posture and control gaps and need mitigating activities. This includes but is not limited to conducting meetings with business process owners and vendors, investigating vendor security posture and performance, reviewing baseline controls and gaps, documenting results, and reporting findings in a formal report.
  • Effectively assist customers in understanding and making strong security control decisions ; translate technical solutions into understandable reports directed to business and clinical partners with varied understanding of IT Security risks and controls.
  • Participate in FRC top implementation, maintenance and performance of risk analyses using the Factor Analysis of Risk framework.

  • Minimum Requirements



  • Associate's Degree


  • 2-5 years


    Preferred Requirements and Additional Job Information



  • Bachelor's Degree


  • 5-10 years

    Supervisor Experience

  • < 2 years

    Licenses & Certifications

  • CEH
  • CIA
  • CISA
  • Cert. Info Security Officer
  • Healthcare Information Sec

  • Benefits Statement

    Note: not all benefits apply to all openings

    -  Comprehensive medical, dental, life insurance, and disability plan options
    -  Pension Plan*/403(b) Plan
    -  401(k) plan
    -  Tuition Assistance
    -  Health Care and Dependent Care Reimbursement Accounts
    -  On-Site Fitness Center (depending on location)
    -  Paid Time Off Program for vacation, holiday and sick time

    *Pension does not apply to Memorial Hospital, Memorial Hospital East, Memorial Medical Group, Alton Memorial or Parkland Health Center

    Legal Statement

    The above information on this description has been designed to indicate the general nature and level of work performed by employees in this position. It is not designed to contain or be interpreted as an exhaustive list of all responsibilities, duties and qualifications required of employees assigned to this job.


    Equal Opportunity Employer