IT Risk and Security

Our IT Risk & Security Administrators monitor, analyze, and maintain systems and procedures to safeguard internal information systems, networks, databases, and web-based security. Ensures appropriate treatment of risk, compliance, and assurance from internal and external perspectives.

On the Identity and Access team, the R&S Admin manages access to internal health data systems in compliance with HIPAA policy. This role requires the ability to quickly come up to speed on hundreds of health systems with unique permissions in order to assign appropriate access for internal users. In addition to day-to-day access management, the Admin assists in the user security design and implementation of new systems within our environment, updating of existing system permission using Sailpoint IIQ for access automation, and evaluating risk during each activity.

This position has flexibility to work hybrid location (onsite Meridian Idaho and work-from-home).

Required Education: must meet one of the following

• Bachelor's Degree in Computer Science, Electrical Engineering, or related technical field of study or equivalent work experience (Two years' relevant work experience is equivalent to one year college)
• International Degree equivalency
• Applicable certification(s) as defined by the leader + 2 years additional experience
• Associate's Degree in Computer Science, Electrical Engineering, or related technical field + 2 years additional experience

Required Experience: 2-4/+ years' information security or related experience, to include:

• Strong Windows system administration background with experience in cybersecurity and specifically access management
• Knowledge of specific health (data) systems is highly beneficial and preferred

Your day may look like:

• Documents procedures, practices, and policies to include preparing documents for compliance audits.
• Analyzes and identifies internal risk and security controls to identify existing security weaknesses, external and internal cyber threats.
• Recommends and implements changes to enhance systems security for effective mitigation and remediation efforts and prevent unauthorized access.
• Reports, investigates, and resolves security incidents. Performs root cause analysis, debugging, support, and post-mortem analysis for security incidents and service interruptions.
• Manages risks related to the use of information technology, information security, privacy, regulatory compliance, and governance.
• Ensures compliance with regulations and privacy laws.
• Maintains the Company's information security controls and security architecture, ensuring threats to business systems and applications are minimized.
• May manage access controls to applications. Implements technologies to centrally integrate identify systems across the organization.
• May track and monitor risk activities, notifying action owners, and escalating where required.
• Oversees internal or external systems security (i.e. cloud services)
• Performs initial review or first draft of documentation for the validation, assessment, and authorization of processes necessary to assure that existing and new information technology systems meet the organization's cybersecurity and risk requirements
• Participates in cross-functional teams to recommend design and implementation of standards, tools, and methodologies
• Performs other duties and responsibilities as assigned.

#LI-Hybrid

Reasonable accommodations

To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed above are representative of the knowledge, skill and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

We are an Equal Opportunity Employer and do not discriminate against any employee or applicant for employment because of race, color, sex, age, national origin, religion, sexual orientation, gender identity, status as a veteran, and basis of disability or any other federal, state or local protected class.