IT Data Loss and Prevention Cybersecurity Analyst

Overview

Inspired by faith. Driven by innovation. Powered by humankindness. CommonSpirit Health is building a healthier future for all through its integrated health services. As one of the nation's largest nonprofit Catholic healthcare organizations, CommonSpirit Health delivers more than 20 million patient encounters annually through more than 2,300 clinics, care sites and 137 hospital-based locations, in addition to its home-based services and virtual care offerings. CommonSpirit has more than 157,000 employees, 45,000 nurses and 25,000 physicians and advanced practice providers across 24 states and contributes more than $4.2 billion annually in charity care, community benefits and unreimbursed government programs. Together with our patients, physicians, partners, and communities, we are creating a more just, equitable, and innovative healthcare delivery system.

Responsibilities

This is a remote position.
Job Summary / Purpose

Will contribute to the organization's mission and vision by assisting leadership and other Data Loss Prevention (DLP)/Unprotected Data Protection (UDP) Analysts with the development and monitoring of the organization-wide GRC Data Governance Program. This individual will monitor, research, and respond to inappropriate data collaborations around the use of confidential information. This position will focus on Data Loss Prevention in key threat vectors such as access and use of confidential information, data in use, and data in motion. including: email, end points, and confidential data storage.

The Data Loss Prevention (DLP)/Unprotected Data Protection (UDP) Analyst performs risk assessments and reviews to identify key corporate information security risks that affect the confidentiality, integrity and availability of electronic protected health information and other company confidential data. This individual conducts independent reviews of privacy and security events using Proofpoint, Sky-High, Trellix EPO, Varonis DatAdvantage, and other applications to identify potential inappropriate and unauthorized access and use of medical and confidential records. The review process for this position includes all relevant detection, prevention, education, and correction activities.

Review of existing systems and technical processes to evaluate whether appropriate information security controls exist.

The Data Loss and Prevention Analyst position will require a good understanding of the CommonSpirit enterprise and market level business, information security, and information protection/security applications at the application, endpoint, server, and network infrastructure level.

This position works closely with Information Security Officers, Regional Security (IE: Regional CyberSecurity Officers, RCO) and Officials, IT Cybersecurity personnel, IT, and network personnel at all levels of the organization. This position requires excellent verbal and written communication skills.

Essential Key Job Responsibilities

• Provides Tier I and Tier II support to the CommonSpirit Data Loss Prevention (DLP) and Data Governance (DG) Program. Monitors and resolves incidents involving confidential information within defined Service Level Agreements. Under guidance of leadership and Senior Analysts, conducts investigations and reports on inappropriate use of CommonSpirit confidential information.
• Monitors and analyzes information from multiple applications/resources to identify Data Loss Prevention (DLP)/Unprotected Data Protection (UDP) risks as related to the protection of confidential information. Prepares actionable recommendations and works with Cybersecurity, and business teams to remediate identified risks to CommonSpirit Heath and ensure compliance with CommonSpirit policies and standards.
• Assists Data Loss Prevention (DLP) Security Sr. Analysts and serves as an escalation point for remediation of DLP security issues, or gaps.
• Prepares reports and metrics on key aspects Data Loss Prevention (DLP)/Unprotected Data Protection (UDP) programs focusing on confidential data including suspicious access, data in use, data in transit, and data at rest. Provides Manager Director, CRP Information Security Oversight with process improvements and program enhancements and, under direction, develops and documents new workflows.
• Under guidance of leadership and Senior Analysts, review and analyze Data Loss Prevention (DLP)/Unprotected Data Protection (UDP) rule sets for performance optimization and false positive mitigation.
• Monitors and analyzes information from multiple applications/resources to identify Data Loss Prevention (DLP)/Unprotected Data Protection (UDP) risks as related to the protection of confidential information. Prepares actionable recommendations and works with Cybersecurity, and business teams to remediate identified risks to CommonSpirit Heath and ensure compliance with CommonSpirit policies and standards.
• Works as an intermediary with Cybersecurity teams in identifying and prioritizing remediation of information security risks and compliance gaps.
• Under guidance of leadership and Senior Analysts, performs assessments of current security technology, authentication systems, and Data Loss Prevention (DLP)/Unprotected Data Protection (UDP) tools and evaluates against HIPAA, Federal and State Information Protection and Privacy regulations, CommonSpirit Cybersecurity policies/standards, and other relevant regulations pertaining to the protection of confidential information.
• Willing to participate in On-Call schedule for Que coverage 24x7 with a one (1) hour response expectation Service Level Agreement (SLA).
• Mentors and grows the talents and abilities of associate analysts within the team.
• Ensures data integrity, accuracy, and reconciliation within reports and dashboards by reviewing, identifying, and resolving gaps and inconsistencies.
• Adheres to data policies and standards while enforcing the approved management of sensitive data in compliance with CSH business rules, legal, and governmental regulations

Qualifications

• Bachelor's degree in computer science with emphasis on information security or in a related technical field; equivalent experience may be considered in lieu of degree.
• Minimum of four (4) years of progressive experience in information services including two (2) years in systems security, including maintenance and use of security products in a distributed enterprise environment experience.
• Minimum of four (4) years' experience in a highly regulated industry: healthcare, finance, clinical research, or Federal (ex. FERC, NERC, DOD, etc.).
• Minimum of two (2) years' experience in highly regulated industry. Minimum of two (2) years' experience with Data Loss Prevention applications such as McAfee DLP (a.k.a Trellix), Symantec DLP (a.k.a. Broadcom), ProofPoint DLP, RSA DLP, or similar applications in an enterprise environment.
• Minimum of one (1) years' experience with Privacy Access Monitoring applications such as FairWarning, P2 Sentinel, Protenus, SecureLink Privacy Monitor (a.k.a. Maize Analytics) or similar applications in an enterprise environment.
• Certification in enterprise privacy/security applications will be considered in lieu of required direct experience: FairWarning Ready Certified Professional, Protenus Certified Professional, Varonis Certified DatAdvantage.

#LI-Remote

#LI-CSH