Job Summary The Senior IT Security Specialist will be a member of the team responsible for performing day-to-day functions for Sanford’s IT Risk Management. The senior security specialist will work closely with both IT and other stakeholders to ensure that Sanford has appropriate security policies, standards, and procedures which align with industry standard control frameworks including HIPAA and NIST. The senior security specialist will perform risk assessments, manage security policies/standards, perform vendor security assessments, develop security metrics, manage security exceptions, and assist with security program governance. Perform vendor security assessments including both for compliance with Sanford’s policies as well as technical implementation Develop and manage security policies and standards aligning to industry best practices and Sanford’s business needs Monitor and report on compliance with security policies, as well as the enforcement of policies within the IT department. Perform technical assessment of applications and infrastructure ensuring it meets Sanford’s technical security requirements Assist with the development and management of key risk indicators and operational metrics to monitor the effectiveness of current controls. Review requests for security exceptions and work with the business to dimension the level of risk and what compensating controls are possible to reduce the risk Direct periodic risk and threat assessments to provide a realistic overview of current and future risks and threats Assist and coordinate periodic internal and external audits Department Details Remote work is not an option at this time. Qualifications
In-depth knowledge and understanding of information risk concepts and principles as a means of relating business needs to security controls, an excellent understanding of information security concepts, protocols, industry best practices and strategies.
Familiarity with common industry standard security frameworks and health care industry compliance and regulatory requirements
Strong technical background with the ability to assess the technical implementation of various platforms to ensure the security of the platform
Experience performing one or more of the following: technical security assessments, audits, vendor risk assessments, policy management, technical security implementations, security operations
The ability to understand complex technical concepts while simultaneously interacting with non-technical users.
The ability to interact with Sanford personnel, build strong relationships across business units and organizations, and understand business imperatives.
A strong understanding of the business impact of security tools, technologies, policies, and practices.
Excellent verbal, written and interpersonal communication skills, including the ability to communicate effectively with the technology solutions organization, project and application development teams, management, and business personnel
Qualifications: Bachelor's degree in information security or other related technology field. Benefits Sanford Health offers an attractive benefits package for qualifying full-time and part-time employees. Depending on eligibility, a variety of benefits include health insurance, dental insurance, vision insurance, life insurance, a 401(k) retirement plan, work/life balance benefits, sick leave and paid time off. To review your benefit eligibility, visit https://sanfordhealth.jobs/benefits . Sanford is an EEO/AA Employer M/F/Disability/Vet. If you are an individual with a disability and would like to request an accommodation for help with your online application, please callor send an email to .
