- Aaron Licht
- Abby Pillar
- Abdirahman Sufi
- Amy Montebello
- Austin Mack
- Becky Anderson
- Ben Newcomer
- Berit Hefti
- Brady Jandl
- Brian Duncanson
- Bryan Wheeler
- Carisa Hendrickson
- Carly Holmstrom
- Carlye Kiesow
- Danielle Gradert
- Derek Hatzenbuhler
- Emily Seebold
- Emily Uthe
- Gabrielle Brimhall
- Grace Famestad
- Ian Collins
- Jack Hinton
- Jane Buum
- Jaxon Wetzel
- Jean Kelley
- Jenna Vancura
- Jessie Klein
- Kaitlyn Donovan
- Kasie Tweet
- Kassie Mahnke
- Katelyn Erce
- Kayla Schuh
- Laura Flegel
- Lily Diedrichsen
- Lisa Schafer
- Morgan Engelkes
- Natasha Alexis
- Shaylee Meyer
- Taylor Schnettler
- Terryn Johnson
- Will Hinzman
- Zoe Bruflat
Job Information
Sanford Health Senior Information Security Risk Specialist in Bismarck, North Dakota
Careers With Purpose
Sanford Health is one of the largest and fastest-growing not-for-profit health systems in the United States. We're proud to offer many development and advancement opportunities to our nearly 50,000 members of the Sanford Family who are dedicated to the work of health and healing across our broad footprint.
Facility: Bismarck Business Center
Location: Bismarck, ND
Address: 3451 N 14th St, Bismarck, ND 58503, USA
Shift: Day
Job Schedule: Full time
Weekly Hours: 40.00
Salary Range: $32.50 - $52.00
Job Summary
Responsible for performing day-to-day function for Sanford’s IT Risk Management. Will work closely with both IT and other stakeholders to ensure that Sanford has appropriate security policies, standards, and procedures which align with industry standard control frameworks including HIPAA and NIST. Perform risk assessments, manage security policies/standards, perform vendor security assessments, develop security metrics, manage security exceptions, and assist with security program governance. Perform vendor security assessments including both for compliance with Sanford's policies as well as technical implementation. Develop and manage security policies and standards aligning to industry best practices and Sanford's business needs. Monitor and report on compliance with security policies, as well as the enforcement of policies within the IT department. Assess technical applications and infrastructure ensuring it meets Sanford's technical security requirements. Assist with the development and management of key risk indicators and operational metrics to monitor the effectiveness of current controls. Review requests for security exceptions and work with the business to dimension the level of risk and what compensating controls are possible to reduce the risk. Direct periodic risk and threat assessments to provide a realistic overview of current and future risks and threats. Assist and coordinate periodic internal and external audits.
In-depth knowledge and understanding of information risk concepts and principles as a means of relating business needs to security controls, an excellent understanding of information security concepts, protocols, industry best practices and strategies. Familiarity with common industry standard security frameworks and health care industry compliance and regulatory requirements. Strong technical background with the ability to assess the technical implementation of various platforms to ensure the security of the platform. Experience performing one or more of the following: technical security assessments, audits, vendor risk assessments, policy management.
Ability to understand complex technical concepts while simultaneously interacting with non-technical users. Must interact with Sanford personnel, build strong relationships across business units and organizations, and understand business imperatives. Strong understanding of the business impact of security tools, technologies, policies, and practices.
Qualifications
Bachelor’s degree required, in lieu of education, leadership may consider an Associate’s Degree plus 3 years of applicable experience in computer science or related field.
Minimum of 4 years working experience in Information Security, Cybersecurity, Third Party Risk Management, Vendor Management, Risk Management, or related field. Initial Information Security training and experience in security risk management is desired. Introductory knowledge of Information Security frameworks and controls, including but not limited to HIPAA, NIST, ISO, and SOC2.
CISSP, CRISC, CISA, CISM, or other technical certification(s) desired.
Benefits
Sanford Health offers an attractive benefits package for qualifying full-time and part-time employees. Depending on eligibility, a variety of benefits include health insurance, dental insurance, vision insurance, life insurance, a 401(k) retirement plan, work/life balance benefits, and a generous time off package to maintain a healthy home-work balance. For more information about Total Rewards, visit https://sanfordcareers.com/benefits .
Sanford is an EEO/AA Employer M/F/Disability/Vet. If you are an individual with a disability and would like to request an accommodation for help with your online application, please call 1-877-673-0854 or send an email to talent@sanfordhealth.org .
Sanford Health has a Drug Free Workplace Policy. An accepted offer will require a drug screen and pre-employment background screening as a condition of employment.
Req Number: R-0225847
Job Function: Information Technology
Featured: No