Security Analyst

OneOncology is positioning community oncologists to drive the future of cancer care through a patient-centric, physician-driven, and technology-powered model to help improve the lives of everyone living with cancer. Our team is bringing together leaders to the market place to help drive OneOncology's mission and vision.

Why join us? This is an exciting time to join OneOncology. Our values-driven culture reflects our startup enthusiasm supported by industry leaders in oncology, technology, and finance. We are looking for talented and highly-motivated individuals who demonstrate a natural desire to improve and build new processes that support the meaningful work of community oncologists and the patients they serve.

Job Description:

The

Security Analyst

will report to OneOncology's

Director, Infrastructure & Security.

This position will play a critical role in enhancing the security posture of our oncology physician practices while ensuring strict compliance with HITRUST standards for our corporate office. You will be responsible for implementing and maintaining robust security measures, analyzing vulnerabilities, and responding to security incidents. Your expertise will contribute to safeguarding sensitive healthcare data and maintaining the confidentiality, integrity, and availability of our systems and information.

This is a hybrid role in Nashville, TN.

Responsibilities

Collaborate with cross-functional teams to identify and address security risks and vulnerabilities across our partnered practices.

Develop and implement security policies, procedures, and guidelines tailored to the unique needs of the healthcare environment.

Conduct regular security assessments, audits, and penetration testing to identify weaknesses and recommend improvements.

Stay updated with the latest security trends, threats, and technologies to proactively enhance our security posture.

Ensure compliance with HITRUST standards, HIPAA regulations, and other relevant healthcare security requirements.

Conduct ongoing risk assessments and security audits to maintain and demonstrate compliance.

Assist in the preparation of documentation, reports, and evidence required for compliance audits.

Develop and maintain an incident response plan to effectively handle security breaches, incidents, and breaches of sensitive data.

Investigate security incidents, perform root cause analysis, and recommend corrective actions to prevent recurrence.

Collaborate with IT teams to implement security patches, updates, and configurations to mitigate vulnerabilities.

Monitor security alerts, logs, and reports to detect and respond to security threats and breaches.

Analyze security data to identify patterns, trends, and potential risks, and take proactive measures to mitigate them.

Evaluate the security practices of third-party vendors and partners to ensure their compliance with our security standards.

Collaborate with procurement and legal teams to assess and manage vendor risks effectively.

Implement and manage security tools such as firewalls, intrusion detection/prevention systems, and endpoint protection solutions.

Gather and analyze threat intelligence to anticipate and mitigate potential security threats.

Regularly review and update the security architecture to ensure it aligns with the latest security standards and best practices.

Implement and manage Data Loss Prevention (DLP) solutions to prevent unauthorized access and data breaches.

Develop and maintain security metrics to measure the effectiveness of security programs and present findings to senior management.

Collaborate with business continuity teams to ensure security measures are integrated into business continuity and disaster recovery plans.

Manage Identity and Access Management (IAM) processes to ensure that only authorized individuals have access to sensitive information.

Develop and lead ongoing security awareness programs to educate employees about emerging threats and security best practices.

Ensure the security of cloud-based systems and data by implementing appropriate security controls and monitoring mechanisms.

Stay informed about changes in relevant regulations and ensure that the organization's security policies and practices are updated accordingly.

Other duties as assigned to help drive our mission of improving the lives of everyone living with cancer.

Key Competencies

Success in leading and managing large, complex projects with multiple phases.

Excellent interpersonal, written (grammar, spelling, format), and verbal communication skills

Excellent organizational skills and attention to detail

Reliable, fast learner, self-motivated

Ability to effectively handle shifting priorities and adapt to changing demands in a dynamic

environment

Ability to develop alternative solutions to problems; comparing and analyzing data and

measuring results.

Qualifications

Bachelor's degree in Information Security, Computer Science, or a related field. Relevant certifications (e.g., CISSP, CISM, CompTIA Security+) are preferred.

Proven experience in information security and compliance, preferably in a healthcare or regulated environment.

In-depth knowledge of HITRUST, HIPAA, and other relevant healthcare security standards and regulations.

Strong understanding of security technologies, tools, and methodologies, including intrusion detection systems, firewalls, encryption, and vulnerability assessment.

Excellent analytical, problem-solving, and communication skills.

Ability to work independently and as part of a team, effectively managing multiple tasks and priorities.

Strong interpersonal skills to collaborate with stakeholders across various departments and levels of the organization.

Experience with security incident response and management protocols

#LI-AN1