Career Center

As a part of the Tenet and Catholic Health Initiatives family, Conifer Health brings 30 years of healthcare industry expertise to clients in more than 135 local regions nationwide. We help our clients strengthen their financial and clinical performance, serve their communities and succeed at the business of healthcare. Conifer Health helps organizations transition from volume to value-based care, enhance the consumer and patient healthcare experience and improve quality, cost and access to healthcare. Are you ready to be part of our solutions? Welcome to the company that gives you the resources and incentives to redefine healthcare services, with a competitive benefits package and leadership to take your career to the next step!

JOB SUMMARY

The Senior Analyst, Information Security (Senior Security Analyst) is responsible for the management and operations supporting security analysis and operations including actions related to Identity Access Management (IAM), vulnerability management, governance, compliance, vendor and client support, workflow supporting multiple clients. The Senior Analyst will be responsible for documenting and implement security activities and workflows with various client systems and security products. They will assist in security incident response, to include documenting evidence, performing assessments, conducting data analysis, and assisting in the identification of root cause analysis. They will serve as the primary point of contact for the internal stakeholders that request IAM activities (Adds, Change, Terminations) for Conifer�s Team Members into client and payer systems. Supported systems may include applications from Epic, Cerner, Meditech, and other widely used electronic health record vendors.

They may also serve as the senior Conifer system administrator for internal security tools, multiple client�s systems, and payer portals. In the client-facing roles, they must follow multiple clients� procedures to manage access to all authorized Conifer Team Members, develop metrics of users� access and conduct audits of access to resolve issues or to detect improper activities.

The Senior Security Analyst will respond to incident escalations from internal stakeholders, troubleshoot issues with processes, and lead the process to continuously improve the security activities. The Senior Security Analyst will also serve as the primary trainer to transfer knowledge about the security process to all Conifer managers who have employees working in client and payer systems.

ESSENTIAL DUTIES AND RESPONSIBILITIES

Include the following. Others may be assigned.

• Responsible for myriad security processes, including vendor management, identity access management, security governance and compliance activities
• Responsible for working with external auditors, clients, and vendors to document evidence of compliance with multiple security standards and regulations.
• Responsible for establishing and managing Conifer Team Members user accounts within multiple client systems.
• Serve as the subject matter expert for governance process, including drafting and reviewing security related policies and procedures.
• Technical and operational subject matter expert for implementing organizational security policies and procedures.
• Serve as the primary point of contact for external clientsâ�� security and IAM teams to develop and establish security procedures to meet both partiesâ�� security requirements.
• Research, draft, and review security policies, procedures, and system user guides.
• Serve as the operational â��face to the customerâ�� for responding to client questions regarding security activities, performing audit and analysis following any suspected security violations, and participate in the incident reporting and response process.
• Serve as a system administrator for Coniferâ��s security tools, software, and/or services. Responsible for configuring system to support Coniferâ��s unique requirements.
• Support external and internal audit requirements (HIPAA, NIST CSF, ISO 27001, SOC 2, etc.) through the collection of evidence, participation in operational discussions, and demonstration of compliance with published policies, standards, procedures, and security frameworks.

SUPERVISORY RESPONSIBILITIES

This position carries out supervisory responsibilities in accordance with guidelines, policies and procedures and applicable laws. Supervisory responsibilities include interviewing, hiring, and training employees; planning, assigning, and directing work; appraising performance; rewarding and disciplining employees; addressing complaints and resolving problems.

No. Direct Reports (incl. titles) None

No. Indirect Reports (incl. titles) Security Team Members: (both Conifer and contractors)

Conifer requires its candidates, as applicable and as permitted by law, to obtain and provide confirmation of all required vaccinations and screenings prior to the start of employment. This may include, but is not limited to, the COVID-19 vaccination, influenza vaccination, and/or any future required vaccines and screenings.

KNOWLEDGE, SKILLS, ABILITIES

To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the knowledge, skill and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

Knowledge:

• Laws, regulations, policies, and ethics relating to cybersecurity and privacy.
• Specific operational impacts of cybersecurity lapses.
• Measures or indicators of system performance and availability.
• Performance tuning tools and techniques.
• Server and client operating systems.
• Systems administration concepts.
• Virtual Private Network (VPN) security.
• Virtualization technologies.
• Organizational information technology (IT) user security policies (e.g., account creation, password rules, access control).
• User access management techniques.
• Personally Identifiable Information (PII) data security standards.
• Personal Health Information (PHI) data security standards.
• Principles and methods for integrating system components.

Skills:

• Interfacing with customers.
• Configuring and optimizing software.
• Diagnosing connectivity problems.
• Troubleshooting failed system components (i.e., servers)
• Configuring and utilizing software-based computer protection tools (e.g., software firewalls, antivirus software, anti-spyware).
• Operating system administration. (e.g., account maintenance, data backups, maintain system performance, install and configure new hardware/software).

Abilities:

• Accurately define incidents, problems, and events in the trouble ticketing system.
• Apply an organization's goals and objectives to develop and maintain architecture.
• Accurately define incidents, problems, and events in the trouble ticketing system.
• Develop, update, and/or maintain standard operating procedures (SOPs).
• Apply an organization's goals and objectives to develop and maintain architecture.
• Function effectively in a dynamic, fast-paced environment.
• Monitor measures or indicators of system performance and availability.
• Collaborate effectively with others.
• Apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
• Establish and maintain automated security control assessments
• Ability to monitor measures or indicators of system performance and availability.
• Ability to collaborate effectively with others.
• Ability to function effectively in a dynamic, fast-paced environment.

EDUCATION / EXPERIENCE

Include minimum education, technical training, and/or experience required to perform the job.

REQUIRED:

• Bachelorâ��s degree in information technology, business operations, or management
• 3 yearsâ�� minimum experience in healthcare management
• Applicable work experience may be substituted for Bachelorâ��s degree

HIGHLY DESIRED

• Bachelorâ��s Degree in information systems, cybersecurity, management, or business
• Security Certifications, e.g., CISA, CISM, GSEC, CHSP, or CISSP

PHYSICAL DEMANDS

The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

• N/A

WORK ENVIRONMENT

The work environment characteristics described here are representative of those an employee encounters while performing the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

• Office Work Environment / but Remote Office is a potential
• Must be able to respond to infrequent serious security incidents at any time

OTHER

• Up to 10% travel required, 15% if working remote

Employment practices will not be influenced or affected by an applicant�s or employee�s race, color, religion, sex (including pregnancy), national origin, age, disability, genetic information, sexual orientation, gender identity or expression, veteran status or any other legally protected status. Tenet will make reasonable accommodations for qualified individuals with disabilities unless doing so would result in an undue hardship.