Cybersecurity Analyst - Governance - Military veterans preferred

Join our team as a Remote Cybersecurity Analyst - Governance, Risk, & Compliance (GRC) and help safeguard healthcare systems in a fast-paced, high-security environment. You’ll lead efforts to develop and enforce HIPAA-compliant security policies, conduct risk assessments on medical devices, third-party vendors, and IoT technologies, and ensure alignment with the HITRUST CSF. This role blends technical expertise with strategic collaboration, working across IT and business units to evaluate and enhance the security of applications, systems, and infrastructure. If you're passionate about protecting sensitive data and driving compliance in healthcare, thus could be the role for you!

This is a remote position. Candidates must reside in one of these U.S. states: WA, OR, ID, CA, AZ, CO, TX, IL, IN, WI, TN, MA, MD, VA, NC, AL, GA, FL (some restrictions within WA and CA).

Be part of a healthcare organization that believes in making a difference beyond medical care! We've transformed into a leading community health center in the Pacific Northwest with 40+ clinics across Washington State and Oregon. We offer a wide range of services such as medical, dental, pharmacy, orthodontia, nutritional counseling, autism screening, and behavioral health. Our holistic model also extends assistance to shelter, energy, weatherization, HIV and AIDS counseling, home visits, and mobile medical/dental clinics. Explore our short clips, "WE are Yakima" and "YVFWC - And then we grew," for a glimpse into our dedication to our communities, health, and families. Visit www.yvfwc.com to learn more about our organization.

Position Highlights:

• $77,968-$97,309 DOE with the ability to go higher for highly experienced candidates

• 100% employer-paid health insurance including medical, dental, vision, Rx, and 24/7 telemedicine

• Profit sharing & 403(b) retirement plan available

• Generous PTO, 8 paid holidays, and much more!

What You’ll Do:

• Develop, implement, and maintain the organization’s cybersecurity policies and procedures to ensure compliance with HIPAA regulations.
  
• Conduct organizational risk assessments and audits to identify potential vulnerabilities and ensure compliance with industry standards and regulatory requirements.
  
• Conduct technical security risk assessments on a variety of information systems including medical devices, third-party vendors and technologies, servers, applications, and Internet-of-Things (IoT) devices.
  
• Create robust Security Risk Assessment reports: Develop comprehensive reports that include HITRUST controls mapping, identify risks, provide recommendations for mitigation, and assess the likelihood and probability of risks.
  
• Ensure adherence to the HITRUST Common Security Framework (CSF) to ensure robust security practices are applied throughout the organization.
  
• Monitor and analyze security alerts and incidents, providing timely responses and remediation.
  
• Collaborate with various departments to ensure that security controls are integrated into all aspects of the organization’s operations.
  
• Provide guidance and training to employees on cybersecurity best practices and HIPAA compliance.
  
• Advises key stakeholders and security policy owners during policy discussions. Interfaces with clients on all inquiries related to Information and IT Security capabilities.
  
• Prepare and present reports: Develop and deliver comprehensive reports on the organization’s security posture, annual cybersecurity health, audit findings, and compliance status.
  
• Stay up-to-date with the latest cybersecurity threats, trends, and regulatory changes to ensure the organization’s security measures are current and effective.
  
• Assist in the development and implementation of incident response plans and procedures.
  
• Provide assistance and input for the Security Advisory Board (SAB): Collaborate with the SAB to offer insights, recommendations, and support on governance, risk, and compliance matters, ensuring alignment with organizational security objectives.
  
• Provide backup assistance to IS Security operational staff: Support other IS Security team members with operational duties, ensuring continuity and effective management of security tasks and responsibilities.
  
• Participates in IS On-Call Rotation (1 week duration, every 12 weeks approximately)

Qualifications:

• Education: Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or a related field. Alternatively, four years of relevant experience can be substituted for the degree requirement. Experience: Valid experience and education can be considered in lieu of the specified requirements.

• Preferred Education: Advanced degrees such as a Master’s in Information Security, Cybersecurity, or a related discipline are highly desirable. Relevant certifications such as Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified in Risk and Information Systems Control (CRISC), or similar credentials.

• Experience: Three (3) years’ experience in information technology. Experience with risk assessment and management, security audits, and incident response preferred. At least 3 years of experience in cybersecurity, with a focus on governance, risk, and compliance preferred. Strong understanding of cybersecurity frameworks and standards (e.g., HITRUST, NIST, ISO 27001) is preferred.

• Professional Licenses/Certificates/Registration: Relevant certifications such as ISACA (CISSP, CISM, CRISC, CISA), or HCISPP are highly preferred.

• Knowledge/Skills/Abilities: In-depth knowledge of HIPAA regulations and requirements. Strong understanding of cybersecurity frameworks and standards (e.g., HITRUST, NIST, ISO 27001). Excellent analytical, problem-solving, and communication skills. Demonstrated expertise in developing and managing internal risks and controls. Experience conducting security risk assessments: Proven ability to perform comprehensive security risk assessments in information technology, identifying vulnerabilities, evaluating risks, and recommending mitigation strategies. Experience with Governance, Risk, and Compliance (GRC / eGRC) tools. Experience with policy management: Skilled in creating, managing, and maintaining a large number of organizational policies, procedures, and guidelines to ensure compliance and support effective governance. Strong English and writing skills: Ability to create clear, concise, and comprehensive reports, ensuring accurate documentation of risk assessments, audit findings, and compliance status. Proficiency in project management and strong organization skills are required, as managing multiple projects and business efforts will be consistently expected. Proven ability to build and maintain relationships and trust across multiple business teams while establishing yourself as a problem solver and trusted advisor. Excellent communication skills, including the ability to simplify complex topics, tell a story and communicate to all levels of management effectively.

Our Mission Statement

“Together we transform our communities through compassionate, individualized care, eliminating barriers to health and well-being.”

Our mission celebrates inclusivity. We are committed to equal-opportunity employment.