The Childrens Hospital of Philadelphia *Position Title: *Position Type: *Compensation: *Start Date: *Location: Security Analyst II Regular - Full Time N/A N/A Philadelphia, PA *Job Description Job Responsibilities: *Job Requirements The responsibilities of an Information Security Analyst II encompass identical responsibilities as an Information Security Analyst I, but with a greater degree of complexity. An Information Security Analyst II also: 1. Participates in and/or develops departmental policies, standards and procedures, including information security policies, procedures, checklists, and guidelines. 2. Participates in the development of document process workflows to support departmental procedures/processes. 3. Participates in and supports the development and implementation of identified information security solutions, including assisting in the review, test, and integration of security tools. 4. Participates in the development of information security training materials for CHOP end users and validates that CHOP personnel are aware of their responsibilities and accountability as outlined in the security policies. 5. Participates in the development and maintenance of Ms Project, Access or Excel databases to support security initiatives, including data mining and querying techniques. 6. Participates in risk analysis and risk assessment activities to support regulatory requirements related to financial, healthcare industries or related accreditation requirements (e.g., HIPAA Security and Privacy Rules) 7. Documents and supports user provisioning activities for application development and maintenance projects such as translating user roles and profiles. 8. Facilitates analysis of security issues with respect to interfaces, databases, and other related initiatives. 9. Supports the development of Corrective Action Plans (CAPs) for the remediation of control deficiencies around information security, access control and segregation of duties. 10. Performs departmental project management duties such as time accounting and status reporting. Job Summary: 1. Demonstrates knowledge and proficiency in Information Security principles, regulations, standards, risk management methodologies, and project management principles. 2. Demonstrates data gathering techniques and the ability to troubleshoot information security issues and develop solutions. 3. Exhibits knowledge of regulatory requirements for healthcare and financial system controls. 4. Demonstrates proficiency in data mining and querying techniques. 5. Performs analysis to support decision making. 6. Collaborates, communicates effectively with clients and colleagues. 7. Exhibits the ability to articulate security policies, procedures, and guidelines to all levels of management and staff. 8. Works with minimal supervision in support of team initiatives, and assists and educates Information Security Analyst I personnel. ISACA Philadelphia is not responsible for the content or accuracy of this job posting. Template Version 1.1: 02/21/07 Page 1 of 3 * Skills & Qualifications: Required Education and Experience: 1. Bachelor’s degree in Computer Science, Information Systems, or related field required. 2. 3 – 6 years related work experience in information security, risk management or other related field. 3. Demonstrates a knowledge and understanding of user provisioning processes on various platforms, databases, systems, & applications (Active Directory, Oracle) 4. Knowledge of general and IT controls (e.g., access controls, risk management, change management) and related information security policies and procedures. 5. Exhibits proven understanding of healthcare regulatory standards (HIPAA Privacy & Security Rules). 6. Experience in Epic suite of products is a plus. Required Certification: 1. Industry security certification required such as Certified Information Systems Auditor (CISA) or other industry related or security certification. Additional Technical Requirements: 1. Good knowledge of basic database query techniques & data mining to analyze data (e.g., Excel, Express Query, SQL, Quickbase, Business Objects) or other related database functionality. 2. Project management skills & experience with MS productivity tools (Access, Word, PowerPoint, Visio, Project). 3. Knowledge of Microsoft Active Directory, and UNIX environments. 4. Experience implementing application level security in clinical and financial systems (e.g., Epic, Lawson). ERP experience a plus (PeopleSoft, SAP). 5. General understanding of networking and communication techniques including WANs, LANs, Internet, Intranet, protocols, such as TCP/IP and their impact on security. Information Security Requirements: 1. Understand and comply with all enterprise and IS departmental information security policies, procedures and standards. 2. Support the integration of information security in the development, design, and implementation of Hospital Technology Resources that process, transmit, or store CHOP information. 3. Support all compliance activities related to state, federal regulatory requirements, healthcare accreditation standards, and all other applicable regulations that govern the use and disclosure of patient, financial, or other confidential information. Education: Certification(s): Travel: All CHOP employees who work in a patient building or who provide patient care are required to receive an annual influenza vaccine unless they are granted a medical or religious exemption. See above See above N/A *Contact Information Job Reference : *Contact Name: Email Address: 14-33254 N/A N/A ISACA Philadelphia is not responsible for the content or accuracy of this job posting. Template Version 1.1: 02/21/07 Page 2 of 3 Telephone : Fax: Website: Company Informatio n: N/A N/A https://www.chop.edu.apply2jobs.com/ProfExt/index.cfm?fuseaction=mExternal.showJob&RID=33 254&CurrentPage=1 All CHOP employees who work in a patient building or who provide patient care are required to receive an annual influenza vaccine unless they are granted a medical or religious exemption. The Children's Hospital of Philadelphia is committed to providing a safe and healthy environment for its patients, family members, visitors and employees. In an effort to achieve this goal, employment at The Children's Hospital of Philadelphia, other than for positions with regularly scheduled hours in New Jersey, is contingent upon an attestation that the job applicant does not use tobacco products or nicotine in any form and a negative nicotine screen (the latter occurs after a job offer). Special Instructio ns: The Children's Hospital of Philadelphia is an equal opportunity employer. We do not discriminate on the basis of race, color, gender, gender identity, sexual orientation, age, religion, national or ethnic origin, disability or protected veteran status. Please apply for this position at the link provided above. ISACA Philadelphia is not responsible for the content or accuracy of this job posting. Template Version 1.1: 02/21/07 Page 3 of 3