Information Security Risk Analyst
Austin, Texas, United States
Posted 1 month ago
WellSky is seeking an Information Security Risk Analyst to join our team. We are on a mission to elevate healthcare through superior analytics, processes, and engineering. Be a part of transforming the healthcare industry! Our users are Patients, Doctors, Nurses, Social Workers, Chaplains, Administrators, and many others on the front lines of healthcare. WellSky engineers touch the lives of real people navigating life and death issues with the support of our solutions. We seek to build purpose-driven teams where comradery and compassion are coupled with a dogged pursuit of excellence. Bring passion, creativity and dedication to your job and there's no telling what you could accomplish.
The Information Security Analyst provides operational and administrative support for the information security program at WellSky. This position creates, implements, and monitors policies, procedures and controls as required by WellSky, its clients, and federal and state governments. The analyst will respond to security assessments from sales prospects and support WellSky’s internal and external audit requirements under its SOC2, Type 2 certification. The Information Security Analyst may also conduct incident response investigations to ensure appropriate reporting and corrective actions are taken. The position will conduct workforce training, raise awareness of security threats and best practices, and monitor the environment for threats.
A day in the life!
You will be responsible for the following:
Design Controls, Policies and Procedures
- Ensure that appropriate security measures are included in application design
- Evaluate and recommend technical solutions for risk mitigation or controls
- Design appropriate policies and procedures as identified by risk assessment activities or awareness of emerging threats
- Monitor existing policies for compliance
- Participate in disaster recovery planning and business continuity planning
- Evaluate risk profile of WellSky’s SaaS and on-premise software products
Monitor the Risk Environment and Support Client Risk Assessments
- Drive or participate in risk assessment activities
- Assess risk of third parties with whom we do business
- Respond to the security questionnaires and security risk assessments of WellSky’s clients and sales prospects
- Review Business Associate Agreements (BAA) and other contract documents as needed
- Monitor information system activities for suspicious events such as logins, administrative rights usage, abandoned sessions or their vulnerabilities
- Perform vulnerability testing, risk analysis and security assessments utilizing security scanning tools, standards and best practices
- Keep current on best practices in risk mitigation
- Serve as system administrator for information security tools
Training and Awareness
- Conduct formal workforce training as required by law or regulation
- Conduct awareness activities to reinforce best practices
- Design and administer Phishing simulation campaigns
- Conduct incident response investigations. Document and report findings and make recommendations for corrective action.
- Interact with regulatory agencies, auditors or other compliance entities to support investigations
- Create management reports summarizing accomplishments in security controls as well as suspicious activities
Do you have what it takes?
- BS in Computer Science or a related technical field with 3 to 5 years’ experience in Information Technology Security or related functions (IT Audit, IT Risk Management); or an equivalent combination of education and experience.
- Technical experience with security related technologies such as Active Directory, encryption, anti-virus, or Experience with regulated data and government regulations (HIPPA, PCI-DSS) firewalls
- Knowledge of internal controls and Information Technology risk assessment and mitigation procedures
- Skilled at advocating and championing technical and non-technical solutions
- Strong analytical skills and capable of translating complex business problems into conceptual solutions that fit the business need
- Excellent interpersonal and communication skills
- Excellent critical thinking and analytical skills
- Customer service orientation
- Experience with at least one external audit standard (e.g. SOC2 Type 2, HITRUST, ISO 27001)
Do you stand above the rest?
- CISSP or equivalent certification preferred
- An understanding of healthcare from an operational and functional perspective preferred
- Experience creating training materials and facilitating training events and communications
Who We Are:
- We have an open environment where highly motivated, ambitious engineers can help drive innovation.
- We include a diverse group of collaborative & super intelligent teammates to work with and learn from.
- We constantly strive to solve large scale challenges with a variety of technologies.
- We strongly support a work/life balance.
- We believe in giving recognition for doing what you enjoy.
Connect with Ideas That Truly Matter!
WellSky is a technology company advancing human wellness worldwide. Our software and professional services address the continuum of health and social care — helping businesses, organizations, and communities solve tough challenges, improve collaboration for growth, and achieve better outcomes through predictive insights that only WellSky solutions can provide. A portfolio company of TPG Capital, WellSky serves more than 10,000 customer sites around the world — including the largest hospital systems, blood banks and labs, home health and hospice franchises, government agencies, and human services organizations. Informed by more than 30 years of providing software and expertise, WellSky anticipates providers’ needs and innovates relentlessly to help people thrive. Our purpose is to empower care heroes with technology for good, so that together, we can realize care’s potential and maintain a healthy, flourishing world. For more information, visit www.WellSky.com.
WellSky provides equal employment opportunities to all people without regard to race, color, religion, sex, national origin, ancestry, marital status, veteran status, age, disability, sexual orientation or gender identity or expression or any other legally protected category.
Applicants for U.S. based positions with WellSky must be legally authorized to work in the United States. Verification of employment eligibility will be required at the time of hire. Visa sponsorship is not available for this position.