InfoSec Risk Analyst

The InfoSec Risk Analyst provides operational and administrative support for the information security program at WellSky. This position creates, implements, and monitors policies, procedures and controls as required by WellSky, its clients, and federal and state governments.  The analyst will respond to security assessments from sales prospects and support WellSky’s internal and external audit requirements under its SOC2, Type 2 certification. The Information Security Analyst may also conduct incident response investigations to ensure appropriate reporting and corrective actions are taken. The position will conduct workforce training, raise awareness of security threats and best practices, and monitor the environment for threats. 

Key Activities:

Design Controls, Policies and Procedures 

• Ensure that appropriate security measures are included in application design 
• Evaluate and recommend technical solutions for risk mitigation or controls 
• Design appropriate policies and procedures as identified by risk assessment activities or awareness of emerging threats 
• Monitor existing policies for compliance 
• Participate in disaster recovery planning and business continuity planning 
• Evaluate risk profile of WellSky’s SaaS and on-premise software products 

Monitor the Risk Environment and Support Client Risk Assessments 

• Drive or participate in risk assessment activities 
• Assess risk of third parties with whom we do business 
• Respond to the security questionnaires and security risk assessments of WellSky’s clients and sales prospects 
• Review Business Associate Agreements (BAA) and other contract documents as needed 
• Monitor information system activities for suspicious events such as logins, administrative rights usage, abandoned sessions or their vulnerabilities 
• Perform vulnerability testing, risk analysis and security assessments utilizing security scanning tools, standards and best practices 
• Keep current on best practices in risk mitigation 
• Conduct third party risk assessments

Training and Awareness 

• Conduct formal workforce training as required by law or regulation 
• Conduct awareness activities to reinforce best practices 
• Design and administer Phishing simulation campaigns 
• Conduct incident response investigations. Document and report findings and make recommendations for corrective action.  
• Interact with regulatory agencies, auditors or other compliance entities to support investigations 
• Create management reports summarizing accomplishments in security controls as well as suspicious activities 
• Strong written and oral communication skills
• Works with organizational objectives in mind and a team player

 Required Competencies: 

Create and review change management cases

Install, configure and maintain various computer platforms

Expert knowledge of datacenters and datacenter technologies and commonly used concepts, practices and procedures in Information Technology with excellent analytical skills

Lead others in designing, configuring, deploying and maintaining enterprise class and best of breed infrastructure networks, SAN’s, servers, systems and solutions

Required Qualifications:

• BS in Computer Science or a related technical field with 3 to 5 years’ experience in Information Technology Security or related functions (IT Audit, IT Risk Management); or an equivalent combination of education and experience. 
• CISSP, CISA, CISM or other relevant certification

Preferred Experience:

• An understanding of healthcare from an operational and functional perspective preferred 
• Technical experience with security related technologies such as Active Directory, encryption, anti-virus, or Experience with regulated data and government regulations (HIPPA, PCI-DSS) firewalls 
• Knowledge of internal controls and Information Technology risk assessment and mitigation procedures 
• Skilled at advocating and championing technical and non-technical solutions 
• Strong analytical skills and capable of translating complex business problems into conceptual solutions that fit the business need 
• Excellent interpersonal and communication skills 
• Excellent critical thinking and analytical skills 
• Customer service orientation 
• Experience with at least one external audit standard (e.g. SOC2 Type 2, HITRUST, ISO 27001) 

About WellSky

WellSky is a technology company leading the movement for intelligent, coordinated care worldwide. Our next-generation software, analytics, and services power better outcomes and lower costs for stakeholders across the health and community care continuum. In today’s value-based care environment, WellSky helps providers, payers, health systems, and community organizations solve tough challenges, improve collaboration for growth, harness the power of data analytics, and achieve better outcomes by further connecting clinical and social care. WellSky serves more than 20,000 client sites around the world — including the largest hospital systems, blood banks, cell therapy labs, blood centers, home health and hospice franchises, post-acute providers, government agencies, and human services organizations. Informed by more than 40 years of providing software and expertise, WellSky anticipates clients’ needs and innovates relentlessly to ultimately help more people thrive.

We're looking for talented individuals who want to use their skills to build a strong, technology-driven company. We offer competitive salaries, great benefits, including generous paid time off programming, and a casual and fun environment that encourages quality, creativity, and excellence. Enjoy all we have to offer. We invite you to join us. Apply today!

WellSky provides equal employment opportunities to all people without regard to race, color, national origin, ancestry, citizenship, age, religion, gender, sex, sexual orientation, gender identity, gender expression, marital status, pregnancy, physical or mental disability, protected medical condition, genetic information, military service, veteran status, or any other status or characteristic protected by law. WellSky is proud to be a drug-free workplace.

Applicants for U.S.-based positions with WellSky must be legally authorized to work in the United States. Verification of employment eligibility will be required at the time of hire. All U.S.-based employees must be fully vaccinated against COVID-19 unless a medical or religious exemption is approved.