IT Policy Administrator

Job Description

Job ID: 1177897
Employment Status: Full-Time
Regular/Temporary: Regular

Your Career. Made Better.

BJC HealthCare is one of the largest nonprofit health care organizations in the United States, delivering services to residents primarily in the greater St. Louis, southern Illinois and mid-Missouri regions. BJC serves patients and their families in urban, suburban and rural communities through its 15 hospitals and multiple community health locations. Services include inpatient and outpatient care, primary care, community health and wellness, workplace health, home health, community mental health, rehabilitation, long-term care and hospice.

IS Security Services serves as an independent, objective catalyst for implementing effective and efficient controls to protect BJC HealthCare (BJC) information resources through collaboration with customers. We provide value to our customers and the organization by: Ensuring compliance with internal policies and external regulations; evaluating information system and application controls; educating BJC employees and other strategic partners on information systems security practices and concepts; acting as a resource on security controls for new and existing information systems and applications; recovering mission critical applications and data vital to the organization and strategic partners; investigating practices not in compliance with established BJC Information Services security policies and standards.

Join Us!

Role Purpose

Develops and maintains IT policies in the healthcare setting.  Demonstrates a comprehensive knowledge of various information security regulations, including HIPAA, HITECH, PCI DSS, Meaningful Use, among others, workings in various governance frameworks. Works independently with minimal supervision, as well as interacts and communicates effectively with a diverse array of workforce members, including executive management, business process owners, vendors, and end users.


  • Manage policy structure, including planning revisions and updates. Ensure that the policy structure incorporates the following objectives: Policies align with strategic clinical and business objectives; policies appropriately address organizational risks; policies address regulatory requirements; policies clearly define scope, responsibilities, service levels, security requirements, and relevant technology standards.
  • Map policies to the NIST Cybersecurity framework, NIST 800-53, and pertinent regulatory provisions (HIPAA, HITECH, PCI DSS) to ensure policies meet control best practice and regulatory requirements.
  • Continuously monitor the threat and regulatory environment and propose policy revisions/ new policies as required. Regularly consult with all IT Security teams to incorporate security and control requirements into the existing policy structure. Regularly consult with BJC Compliance and Legal departments to incorporate required policy provisions into the existing policy structure.
  • Draft policy revisions and new policies. Present proposed policy changes to Senior IT management, executive team members, Electronic Information Security Committee (EISC) and Information Security Operations Committee (ISOC) both in verbal and written form. Administer the policy management solution and support the Governance Risk and Compliance tool to include the following specific tasks: Update and maintenance of existing policies, Provisioning of policy administration access, Periodic validation policy administration access, Policy administration change management processes and monitoring. Assist IT managers, business managers, business partners, and support staff in developing local procedures to effectively implement and execute enterprise-level policies.
  • Consult and advise on policy questions.

  • Minimum Requirements



  • Associate's Degree


  • 5-10 years


    Preferred Requirements and Additional Job Information



  • Bachelor's Degree


  • 10+ years

    Supervisor Experience

  • No Experience

    Licenses & Certifications

  • CIA
  • Cert. Info Security Officer

  • Benefits Statement

    Note: not all benefits apply to all openings

    -  Comprehensive medical, dental, life insurance, and disability plan options
    -  Pension Plan*/403(b) Plan
    -  401(k) plan
    -  Tuition Assistance
    -  Health Care and Dependent Care Reimbursement Accounts
    -  On-Site Fitness Center (depending on location)
    -  Paid Time Off Program for vacation, holiday and sick time

    *Pension does not apply to Memorial Hospital, Memorial Hospital East, Memorial Medical Group, Alton Memorial or Parkland Health Center

    Legal Statement

    The above information on this description has been designed to indicate the general nature and level of work performed by employees in this position. It is not designed to contain or be interpreted as an exhaustive list of all responsibilities, duties and qualifications required of employees assigned to this job.


    Equal Opportunity Employer