Information Security Analyst - Access Provisioning

Virginia Mason Franciscan Health brings together two award-winning health systems in Washington state  CHI Franciscan and Virginia Mason. As one integrated health system with the most patient access points in western Washington, our team includes 18,000 staff and nearly 5,000 employed physicians and affiliated providers. At Virginia Mason Franciscan Health, you will find the safest and highest quality of care provided by our expert, compassionate medical care team at 11 hospitals and nearly 300 sites throughout the greater Puget Sound region.  While you’re busy impacting the healthcare industry, we’ll take care of you with benefits that include health/dental/vision, FSA, matching retirement plans, paid vacation, adoption assistance, annual bonus eligibility, and more!

This position ensures the confidentiality, integrity, and availability of data access and application design, in compliance with State and Federal laws and organizational policies and standards. Provide technical and analytical support of access and security controls on automated systems. Manages Identity and Access Management Systems and processes to support the Workforce access. Supports access audit and maintenance activities to ensure appropriate use, appropriate access and appropriate termination processes. Demonstrates commitment to the core mission of healthcare and VMMC from an Information Security perspective.

This position is remote, however a candidate based in the Pacific Northwest is preferred to allow for in-person collaboration.

Responsibilities include:

50% - Supports and maintains Identity Management and Access Provisioning systems, processes and procedures. Facilitates access profile definitions working collaboratively with System Administrators and Managers. Create, modify and disable access according to established standards. Provide customer support to Workforce who need assistance accessing systems necessary to perform their work. Supports ongoing validation and verification of access profiles. Provides 24x7 on-call support as defined.
20% - Performs and supports audit activity to detect deviations of established procedures, role mapping, and unauthorized system activity and reports findings. Maintains the associated documentation of findings and resolutions. Work may involve the support and facilitation of exception management and security event monitoring and reporting. Assists with investigation and response to information security incidents. Supports a variety of tools for security logging, monitoring and auditing of security activity.
15% - Reviews and evaluates risk assessment on existing systems, documents findings, and recommends risk mitigation strategies. Works closely with other Information Security and Technical staff in identifying and implementing appropriate information security safeguards. Conduct audits to assure compliance with Risk Assessments and report findings and mitigation plans.
15% - Apply a working understanding of regulatory requirements to develop standards and procedures that guide the work of the team. Maintain knowledge of changes in security technology and industry practices. Develops procedures and practices to ensure the security of information access. Assists in the development of an ongoing security training and awareness program.

• Bachelor's degree or equivalent work experience and 3 or more years’ experience working in an IT capacity, with an additional 2 or more years in information security.
• Working knowledge of Information Security regulatory requirements, such as PCI, HIPAA, HITECH and the Joint Commission required.
• Incumbent must also possess an understanding of/or experience with platforms, technologies and technical components including directories (LDAP/AD), access and authorization technologies. Additionally required is the ability to manage multiple priorities using varied techniques on an ongoing basis; while maintaining an in-depth understanding of the organization's business need(s).
• Excellent customer service skills, including strong written and verbal communication skills required. Excellent analytical and problem solving skills also required.
• This position may require occasional project work on evenings and weekends, as well as on-call customer support.

Preferred:

• Experience with ServiceNow for automating identity and access management workflows and service requests
• Familiarity with IdentityIQ or IdentityNow (SailPoint) for identity governance and administration, including provisioning, deprovisioning, and compliance reporting.
• Proficiency with Okta for implementing and managing identity and access management solutions, including SSO and MFA.
• Hands on experience with Microsoft Azure Active Directory (Azure AD) for cloud-based identity management, SSO, and/or MFA integration.
• Familiarity with Oracle for managing user lifecycles, roles, and access policies.
• Experience with cloud-based databases and security (e.g. Microsoft Azure, Google Cloud Platform).
• Proficiency with user authentication methods, role-based access controls (RBAC), and multi-factor authentication (MFA).
• Experience with Cerner applications for creating and managing user profiles, roles, and access in healthcare environments.
• Familiarity with Citrix environments and secure access solutions for virtualized desktops and applications.
• Experience with Google Workspace for enhanced workflow and productivity.
  
  

We are an equal opportunity/affirmative action employer.