Senior Cybersecurity Analyst for Governance and Risk

Details

• Department: Security
• Schedule: Full Time Monday - Friday 8-5pm CT
• Location: Remote
• Salary: $91,107.00 - $126,998.00 per year

Benefits

Paid time off (PTO)

Various health insurance options & wellness plan

Retirement benefits including employer match plan

Long-term & short-term disability

Employee assistance programs (EAP)

Parental leave & adoption assistance

Tuition reimbursement

Ways to give back to your community

Benefit options and eligibility vary by position. Compensation varies based on factors including, but not limited to, experience, skills, education, performance, location and salary range at the time of the offer.

Responsibilities

Job Summary:

We are seeking a highly skilled and experienced Senior Cybersecurity Analyst to join our team, focusing on reviewing the risk posture of applications and software systems. In this role, you will assist with application risk assessments and provide strategic guidance on securing applications across the organization. You will be responsible for ensuring that the security risks associated with both internal and third-party applications are properly identified, assessed, and mitigated in alignment with organizational goals and industry standards.

You will work closely with cross-functional teams, including application developers, IT operations, and security professionals, to identify vulnerabilities, mitigate risks, and implement best practices in securing applications and systems.

The ideal candidate will have experience in both cybersecurity and application management in healthcare, with a deep understanding of security vulnerabilities and remediation strategies.

Key Responsibilities:

• Application Risk Assessments: Perform comprehensive risk assessments for applications, both internal and external-facing. Identify vulnerabilities, threats, and potential impacts to the organization's data and IT infrastructure. Recommend security controls to mitigate identified risks and ensure that applications meet security requirements.

• Third-Party Risk Management: Manage the risk evaluation of third-party applications and services. Work with vendors and external partners to ensure that their applications comply with organizational security requirements. Ensure that third-party risks are effectively managed through contracts, audits, and ongoing monitoring.

• Compliance & Regulatory Alignment: Ensure that applications comply with relevant security regulations and standards (e.g., GDPR, HIPAA, PCI-DSS, SOC 2). Work with compliance teams to ensure that security controls and processes meet the required industry standards and legal requirements. Monitor and analyze changes in regulatory requirements and industry best practices to ensure continuous compliance and effective risk management.

• Collaboration: Collaborate with technical teams to define security controls, review architecture, and ensure security is embedded into application and solution design.

• Continuous Improvement: Stay up-to-date with emerging security threats, application vulnerabilities, and industry trends. Recommend and implement improvements to the GRC framework, processes, and security measures to ensure continuous improvement in application risk management.

Skills & Knowledge:

• Strong understanding of risk management methodologies, frameworks (e.g., NIST, ISO 27001), and compliance practices in a software/application environment.
• Excellent problem-solving and analytical skills with the ability to prioritize and manage multiple tasks.
• Strong understanding of network security, firewalls, and secure application configurations.
• Strong understanding of data encryption, identity and access management (IAM), and multi-factor authentication (MFA) solutions.
• Ability to communicate complex technical concepts to both technical and non-technical stakeholders.
• Strong interpersonal and collaboration skills, with the ability to work cross-functionally and influence teams.
• Detail-oriented with a proactive approach to identifying & resolving security risks.
• Ability to work in a fast-paced environment and manage multiple priorities.
• Demonstration of continuous improvement and the desire to learn new technologies is a requirement for this role.

Job Location and Hours:

• This job location will be primarily remote but this role will require one to be available during all standard working hours ( 8 am to 5 pm CST, Monday through Friday) via camera and team collaboration tools.
• Please note that extended hours may be required on a case by case basis.
• Additionally, applicants must work from the United States.

Qualifications:

Education:

• Bachelor's degree in Cybersecurity, Information Security, Risk Management, Computer Science, or a related field preferred. A Master's degree is a plus.

Experience:

• 7+ years of experience in cybersecurity, with a focus on GRC, risk management, or application security.
• Proven experience conducting risk assessments for applications, including cloud-based, mobile, and web applications.
• Experience with regulatory frameworks such as GDPR, HIPAA, SOC 2, PCI-DSS, and other compliance standards that affect application security.

Certifications:

• Certified Information Systems Security Professional (CISSP), Certified in Risk and Information Systems Control (CRISC), or Certified Information Security Manager (CISM) is required.

Requirements

Education:

• High School diploma equivalency with 2 years of cumulative experience OR Associate's degree/Bachelor's degree OR 4 years of applicable cumulative job specific experience required.

Additional Preferences

#LI-Remote

Why Join Our Team

When you join Ascension, you join a team of over 134,000 individuals across the country committed to a Mission of serving others and providing compassionate, personalized care to all. Our inclusive culture, continuing education programs, career coaches and benefit offerings are just a few of the resources and tools that team members can use to create a rewarding career path. In fact, Ascension spent nearly $46 million in tuition assistance alone to support associate growth and development. If you are looking for a career where you can grow and make a difference in your community, we invite you to join our team today.

Equal Employment Opportunity Employer

Ascension provides Equal Employment Opportunities (EEO) to all associates and applicants for employment without regard to race, color, religion, sex/gender, sexual orientation, gender identity or expression, pregnancy, childbirth, and related medical conditions, lactation, breastfeeding, national origin, citizenship, age, disability, genetic information, veteran status, marital status, all as defined by applicable law, and any other legally protected status or characteristic in accordance with applicable federal, state and local laws.

For further information, view the EEO Know Your Rights (English) poster or EEO Know Your Rights (Spanish) poster.

As a military friendly organization, Ascension promotes career flexibility and offers many benefits to help support the well-being of our military families, spouses, veterans and reservists. Our associates are empowered to apply their military experience and unique perspective to their civilian career with Ascension.

Pay Non-Discrimination Notice

Please note that Ascension will make an offer of employment only to individuals who have applied for a position using our official application. Be on alert for possible fraudulent offers of employment. Ascension will not solicit money or banking information from applicants.

E-Verify Statement

This employer participates in the Electronic Employment Verification Program. Please click the E-Verify link below for more information.

E-Verify

Responsibilities

Job Summary:

We are seeking a highly skilled and experienced Senior Cybersecurity Analyst to join our team, focusing on reviewing the risk posture of applications and software systems. In this role, you will assist with application risk assessments and provide strategic guidance on securing applications across the organization. You will be responsible for ensuring that the security risks associated with both internal and third-party applications are properly identified, assessed, and mitigated in alignment with organizational goals and industry standards.

You will work closely with cross-functional teams, including application developers, IT operations, and security professionals, to identify vulnerabilities, mitigate risks, and implement best practices in securing applications and systems.

The ideal candidate will have experience in both cybersecurity and application management in healthcare, with a deep understanding of security vulnerabilities and remediation strategies.

Key Responsibilities:

• Application Risk Assessments: Perform comprehensive risk assessments for applications, both internal and external-facing. Identify vulnerabilities, threats, and potential impacts to the organization's data and IT infrastructure. Recommend security controls to mitigate identified risks and ensure that applications meet security requirements.

• Third-Party Risk Management: Manage the risk evaluation of third-party applications and services. Work with vendors and external partners to ensure that their applications comply with organizational security requirements. Ensure that third-party risks are effectively managed through contracts, audits, and ongoing monitoring.

• Compliance & Regulatory Alignment: Ensure that applications comply with relevant security regulations and standards (e.g., GDPR, HIPAA, PCI-DSS, SOC 2). Work with compliance teams to ensure that security controls and processes meet the required industry standards and legal requirements. Monitor and analyze changes in regulatory requirements and industry best practices to ensure continuous compliance and effective risk management.

• Collaboration: Collaborate with technical teams to define security controls, review architecture, and ensure security is embedded into application and solution design.

• Continuous Improvement: Stay up-to-date with emerging security threats, application vulnerabilities, and industry trends. Recommend and implement improvements to the GRC framework, processes, and security measures to ensure continuous improvement in application risk management.

Skills & Knowledge:

• Strong understanding of risk management methodologies, frameworks (e.g., NIST, ISO 27001), and compliance practices in a software/application environment.
• Excellent problem-solving and analytical skills with the ability to prioritize and manage multiple tasks.
• Strong understanding of network security, firewalls, and secure application configurations.
• Strong understanding of data encryption, identity and access management (IAM), and multi-factor authentication (MFA) solutions.
• Ability to communicate complex technical concepts to both technical and non-technical stakeholders.
• Strong interpersonal and collaboration skills, with the ability to work cross-functionally and influence teams.
• Detail-oriented with a proactive approach to identifying & resolving security risks.
• Ability to work in a fast-paced environment and manage multiple priorities.
• Demonstration of continuous improvement and the desire to learn new technologies is a requirement for this role.

Job Location and Hours:

• This job location will be primarily remote but this role will require one to be available during all standard working hours ( 8 am to 5 pm CST, Monday through Friday) via camera and team collaboration tools.
• Please note that extended hours may be required on a case by case basis.
• Additionally, applicants must work from the United States.

Qualifications:

Education:

• Bachelor's degree in Cybersecurity, Information Security, Risk Management, Computer Science, or a related field preferred. A Master's degree is a plus.

Experience:

• 7+ years of experience in cybersecurity, with a focus on GRC, risk management, or application security.
• Proven experience conducting risk assessments for applications, including cloud-based, mobile, and web applications.
• Experience with regulatory frameworks such as GDPR, HIPAA, SOC 2, PCI-DSS, and other compliance standards that affect application security.

Certifications:

• Certified Information Systems Security Professional (CISSP), Certified in Risk and Information Systems Control (CRISC), or Certified Information Security Manager (CISM) is required.

Qualifications

Education:

• High School diploma equivalency with 2 years of cumulative experience OR Associate's degree/Bachelor's degree OR 4 years of applicable cumulative job specific experience required.