Business Analyst, Hospital Information Security

About The Position

Requirements

• Bachelor’s degree in information technology, cybersecurity, healthcare, business analysis, or a related field, or an equivalent combination of education and experience from which comparable knowledge, skills, and abilities can be acquired.
• Two (2) years of experience in healthcare, information technology, information security, business analysis, or policy development.
• Experience developing technical and non-technical documentation.
• Experience engaging with healthcare stakeholders, including clinical, administrative, and technical teams, to document data usage, access, and protection requirements.
• Certified in Cybersecurity (CC) or Governance, Risk, and Compliance Certification (CGRC) certification by the International Information System Security Certification Consortium (ISC2), or Security, Compliance, and Identity Fundamentals certification by Microsoft, or equivalent certification within twelve (12) months as a condition of continued employment in this job classification.

Nice To Haves

• Experience with Governance, Risk, and Compliance (GRC) platform.
• Experience with drafting or managing security documentation for cloud and SaaS solutions.
• Familiarity with project lifecycle and system development lifecycle documentation processes.
• Additional license/certification requirements as determined by the hiring department.

Responsibilities

• Ensures complete and accurate technical and non-technical documentation is drafted, created, or collected for Information Security efforts related to risk assessments, project reviews, and new technology implementations.
• Facilitates and documents meetings with business owners and technical owners to capture use cases, data types, access patterns, and security concerns.
• Develops and maintains information security documentation, including system security plans, risk analysis, policy proposals, and corrective action plans.
• Reviews and interprets hospital and university security policies, Health Information Portability and Accountability Act (HIPAA) regulations, and industry standards to inform documentation and compliance efforts.
• Collaborates with the Hospital Information Security Analysts to ensure technical risk and compliance assessments are accurately captured and reflected in documentation.
• Proposes changes to policies and procedures to the Information Security Officer based on identified gaps, evolving regulations, and organizational needs.
• Supports audit and compliance efforts by collecting and organizing documentation needed for internal and external review.
• Tracks security documentation requirements through the risk lifecycle and ensures timely updates or renewals.
• Maintains awareness of regulatory and policy changes that may impact documentation requirements.
• Participates in process improvement initiatives related to information security governance, project intake, and compliance workflows.
• May complete unit/department-specific duties as outlined in department documents.

Benefits

• Health, vision and dental insurance coverage starting day one
• Generous paid leave and paid time off, including nine holidays
• Multiple retirement options, including 100% matching up to 8% and full vesting in three years
• Tuition assistance for employees (75%) and immediate family members (50%)
• Discounts on cell phone plans, rental cars, gyms, hotels and more