Info Security Risk Analyst - MN or WI based

About Children’s Minnesota

Children’s Minnesota is one of the largest pediatric health systems in the United States and the only health system in Minnesota to provide care exclusively to children, from before birth through young adulthood. An independent and not-for-profit system since 1924, Children’s Minnesota is one system serving kids throughout the Upper Midwest at two free-standing hospitals, nine primary care clinics, multiple specialty clinics and seven rehabilitation sites. As The Kids Experts™ in our region, Children’s Minnesota is regularly ranked by U.S. News & World Report as a top children’s hospital. Find us on Facebook @childrensminnesota or on Twitter and Instagram @childrensmn. Please visit childrensMN.org.

Children’s Minnesota is proud to be recognized by Modern Healthcare as one of 2023’s Top Diversity Leaders. The national honor recognizes the top diverse healthcare executives and organizations influencing public policy, care delivery, and promoting diversity, equity and inclusion in their organizations and the industry.

Position Summary

*This is a remote role, and candidates must reside in or be willing to relocate to MN or WI to be considered.*

The Information Security Risk Analyst will be responsible for performing risk and compliance activities to identify and communicate information security and compliance risk by conducting information security risk assessments, gap analysis and contract reviews. With guidance from the Information Security leader, the analyst will utilize various tools and resources to identify threats and vulnerabilities, conduct risk analysis to determine the level of risk to the organization and help define risk mitigation recommendations. This role will ensure that risks and risk remediations are documented, tracked and reported to the appropriate SMEs and stakeholders for accountability. The analyst will also be responsible for continuous improvement for security risk management processes and assist with development of policies, standards and procedures in this area.

• This role is not open to recruitment agencies or external recruiters. Applications submitted through agencies will not be considered.**
  
  

License/Certification/Registration

• CISSP, CRISC, CISA or CISM preferred but not required.
  
  

Education:

• Bachelor's degree in information security, computer science or related industry, or equivalent experience.
  
  

Experience:

• Minimum 3 years of information security experience.
• Demonstrated experience in information risk management lifecycle:
• Experience in identifying potential risk.
• Experience in conducting threat and vulnerability analysis and assessing the risk.
• Experience in defining and recommending security controls (corrective actions) to mitigate identified risks.
• Experience performing security controls gap analysis and assessing controls for effectiveness.
• Experience in tracking, monitoring and reporting on risk.
• Experience in working with information security frameworks such as (ISO, NIST, SCF, HITRUST and COBIT).
• Experience with regulatory requirements including HIPAA and PCI.
• Experience using various information security risk management tools and methodologies including a GRC.
• Experience engaging business owners and technical teams on remediation plans to reduce identified risk.
• Experience creating risk reports and metrics.
• Experience communicating and explaining risks to various audience, including performing presentations.
• Experience in assessing 3rd parties for information security risk.
  
  

Knowledge/Skills/Abilities:

• Ability to think strategically and to develop a multi-year road map to reduce security risk.
• Ability to interpret and apply security frameworks and regulatory requirements.
• Strong interpersonal skills: The ability to develop effective relationships of trust with colleagues and vendors at different levels and to collaborate across functions, businesses and cultures.
• Excellent oral and written communication including the ability to convey concrete, concise advice on complex subjects; to craft and deliver creative, effective communications to broader audiences; and to present complex information at the senior management.
• Ability to draft policy, standards, and procedure documentation.
• Ability to collaborate with peers and management, multi-task, initiate and adapt to change, work well under pressure, problem solve and accept challenging assignments.
• Project management skills is a big plus.
  
  

Physical Demands

Please click here to view the Physical Demands

The posted pay range represents rates for a grouping of multiple jobs within a salary grade. We carefully consider a wide range of factors including but not limited to market indicators for the specific role, the skills, education, training, credentials and experience of the candidate, and organizational needs. Base pay is just one piece of the total rewards program offered by Children’s Minnesota.

All job offers are contingent upon successful completion of an occupational health assessment, drug screen, background investigation, and compliance with the U.S. Government Form I-9, Employment Eligibility Verification.

Children’s Minnesota is proud to be an equal opportunity employer whose staff is representative of its community and considers qualified applicants for open positions without regard to race, color, creed, sex, religion, national origin, sexual orientation, genetic information, gender identity or expression, age, veteran status, disability, pregnancy, citizenship status, or any other characteristic protected under applicable federal, state, or local law.