Discover Vanderbilt University Medical Center: Located in Nashville, Tennessee, and operating at a global crossroads of teaching, discovery, and patient care, VUMC is a community of diverse individuals who come to work each day with the simple aim of changing the world. It is a place where your expertise will be valued, your knowledge expanded, and your abilities challenged. Vanderbilt Health recognizes that diversity is essential for excellence and innovation. We are committed to an inclusive environment where everyone has the chance to thrive and where your diversity of culture, thinking, learning, and leading is sought and celebrated. It is a place where employees know they are part of something that is bigger than themselves, take exceptional pride in their work and never settle for what was good enough yesterday. Vanderbilt’s mission is to advance health and wellness through preeminent programs in patient care, education, and research.

Organization:

VEC Policy & Compliance

Job Summary:

The Senior Cybersecurity Analyst assists in the creation, coordination and execution of policy & privacy/security compliance programs across VUMC. The Senior Cybersecurity Analyst assists leadership in supporting these compliance programs that are expected to experience significant change, expansion or evolution over time.

(Note: This role is available for remote work from most parts of the US and with this role we are targeting a salary range of $110k - $140k.)

.

KEY RESPONSIBILITIES:

• Assist in conducting cybersecurity compliance reviews and tracking compliance gaps to remediation.

• Assist in development/review of cybersecurity policies and procedures.

• Consult with workforce members on regulatory and policy requirements.

• Act as cybersecurity compliance representative on cross-functional work teams.

• Assist with project/organizational risk assessments.

• Develop, implement and monitor security compliance work plans for the organization.

• Develop/improve processes for evaluating/documenting security compliance.

• Assist in responding to third party audits (payers, research partners, vendors, etc.).

• Assist in responding to internal audits (assist in managing and completing Management Action Plans (MAPs)).

• Assist in developing cybersecurity training initiatives.

• Prepare regular reports for executive review.

• Maintain an in-depth knowledge of privacy/security-related regulatory frameworks such as HIPAA, GDPR and provide timely information regarding important regulatory changes to operational leaders.

PREFERRED QUALIFICATIONS:

• Bachelor’s degree in related field or equivalent experience.

• Experience writing/editing policies and procedures.

• Experience managing compliance documentation, including but not limited to committee charters, confidentiality agreements and annual attestations.

• Excellent organizational, analytical, and time management skills.

• Effective interpersonal, writing, and communications skills required.

• Experience with US and international privacy / security-related regulatory frameworks (HIPAA/HITECH, GDPR, etc…).

• Ability to work independently with minimal supervision.

• Experienced with business process development / improvement.

• Ability to manage multiple competing priorities within the context of a complex, multi-faceted organization.

• At least 3 years experience in cybersecurity.

• Information Security Related Professional Qualification (e.g., CISSP, CISA, Security+, CEH, GSEC, etc.)

TECHNICAL CAPABILITIES:

PROGRAM MANAGEMENT ( INTERMEDIATE ): Planning, organizing, and managing resources to bring about the successful completion of specific program goals and objectives.

RISK AND COMPLIANCE ASSESSMENTS (INTERMEDIATE): Ensuring compliance with established foreign and domestic laws and regulations and VUMC institutional policies and procedures and recommending any necessary changes. This activity will include the independent review and examination of IT systems, architectures, data flows, etc., and the documentation and reporting of such assessments in support of VUMC programs.

PEER LEADERSHIP ( INTERMEDIATE ): The ability to show leadership and influence people of equal rank in an effort to accomplish team goals.

QUALITY MANAGEMENT ( INTERMEDIATE ): Developing a systematic process of checking to see whether a process or service is meeting specific requirements.

NETWORKING ( INTERMEDIATE ): Build relationships through industry contacts, professional organizations and individuals.

PROCESS IMPROVEMENT ( INTERMEDIATE ): Identifies, analyzes and improves upon existing business processes for optimization and to meet standards of quality.

About the Department:

Vanderbilt Health - VUMC Enterprise Cybersecurity (VEC)

VEC provides information security service solutions for securing all administrative, clinical and research operations for all of Vanderbilt Health, the largest non-government employer in Middle Tennessee.

Vanderbilt Health is always growing, with our current environment of 7 hospitals, nearly 40K staff, over 40K workstations, over 160K network connections, and numerous data centers and cloud environments, securing our health system is truly a challenge!

To meet the challenge, VEC is led by 2 Vice Presidents and is structured with many dedicated teams, including: Active Vulnerability Assessment, Business Information Security Office, Business Resilience Services, Identity and Directory Services, Policy and Compliance, Security and Architecture Assurance, Security Engineer Services, Security Operations Center, and Threat Detection and Response.

VEC also employs state-of-the-art technology and partners with the many IT and operational teams across the enterprise to ensure a partnered, cohesive, and comprehensive approach to information security.

At our growing health system, we support each other and encourage excellence among all who are part of our workforce. High-achieving employees stay at Vanderbilt Health for professional growth, appreciation of benefits, and a sense of community and purpose.

Our professional administrative functions include critical supporting roles in information technology and informatics, finance, administration, legal and community affairs, human resources, communications and marketing, development, facilities, and many more.

At our growing health system, we support each other and encourage excellence among all who are part of our workforce. High-achieving employees stay at Vanderbilt Health for professional growth, appreciation of benefits, and a sense of community and purpose.

Core Accountabilities:

Organizational Impact: Independently delivers on objectives with understanding of how they impact the results of own area/team and other related teams. Problem Solving/ Complexity of work: Utilizes multiple sources of data to analyze and resolve complex problems; may take a new perspective on existing solution. Breadth of Knowledge: Has advanced knowledge within a professional area and basic knowledge across related areas. Team Interaction: Acts as a "go-to" resource for colleagues with less experience; may lead small project teams.

Core Capabilities :

Supporting Colleagues: - Develops Self and Others: Invests time, energy, and enthusiasm in developing self/others to help improve performance e and gain knowledge in new areas. - Builds and Maintains Relationships: Maintains regular contact with key colleagues and stakeholders using formal and informal opportunities to expand and strengthen relationships. - Communicates Effectively: Recognizes group interactions and modifies one's own communication style to suit different situations and audiences. Delivering Excellent Services: - Serves Others with Compassion: Seeks to understand current and future needs of relevant stakeholders and customizes services to better address them. - Solves Complex Problems: Approaches problems from different angles; Identifies new possibilities to interpret opportunities and develop concrete solutions. - Offers Meaningful Advice and Support: Provides ongoing support and coaching in a constructive manner to increase employees' effectiveness. Ensuring High Quality: - Performs Excellent Work: Engages regularly in formal and informal dialogue about quality; directly addresses quality issues promptly. - Ensures Continuous Improvement: Applies various learning experiences by looking beyond symptoms to uncover underlying causes of problems and identifies ways to resolve them. - Fulfills Safety and Regulatory Requirements: Understands all aspects of providing a safe environment and performs routine safety checks to prevent safety hazards from occurring. Managing Resources Effectively: - Demonstrates Accountability: Demonstrates a sense of ownership, focusing on and driving critical issues to closure. - Stewards Organizational Resources: Applies understanding of the departmental work to effectively manage resources for a department/area. - Makes Data Driven Decisions: Demonstrates strong understanding of the information or data to identify and elevate opportunities. Fostering Innovation: - Generates New Ideas: Proactively identifies new ideas/opportunities from multiple sources or methods to improve processes beyond conventional approaches. - Applies Technology: Demonstrates an enthusiasm for learning new technologies, tools, and procedures to address short-term challenges. - Adapts to Change: Views difficult situations and/or problems as opportunities for improvement; actively embraces change instead of emphasizing negative elements.

Position Qualifications:

Responsibilities:

Certifications:

Work Experience:

Relevant Work Experience

Experience Level:

5 years

Education:

Bachelor's

Vanderbilt Health recognizes that diversity is essential for excellence and innovation. We are committed to an inclusive environment where everyone has the chance to thrive and to the principles of equal opportunity and affirmative action. EOE/AA/Women/Minority/Vets/Disabled