Security Analyst

OneOncology is positioning community oncologists to drive the future of cancer care through a patient-centric, physician-driven, and technology-powered model to help improve the lives of everyone living with cancer. Our team is bringing together leaders to the market place to help drive OneOncology's mission and vision.

Why join us? This is an exciting time to join OneOncology. Our values-driven culture reflects our startup enthusiasm supported by industry leaders in oncology, technology, and finance. We are looking for talented and highly-motivated individuals who demonstrate a natural desire to improve and build new processes that support the meaningful work of community oncologists and the patients they serve.

Job Description:

The Security Analyst will report to OneOncology's Sr. Director, IT Security. This position will play a critical role in enhancing the security posture of our oncology physician practices while ensuring strict compliance with HITRUST standards for our corporate office. You will be responsible for implementing and maintaining robust security measures, analyzing vulnerabilities, and responding to security incidents. Your expertise will contribute to safeguarding sensitive healthcare data and maintaining the confidentiality, integrity, and availability of our systems and information.

Responsibilities

• Collaborate with cross-functional teams to identify and address security risks and vulnerabilities across
  our oncology physician practices.

• Develop and implement security policies, procedures, and guidelines tailored to the unique needs of the
  healthcare environment.

• Conduct ongoing risk assessments and security audits to maintain and demonstrate compliance

• Stay updated with the latest security trends, threats, and technologies to proactively enhance our security
  posture.

• Ensure compliance with HITRUST standards, HIPAA regulations, and other relevant healthcare security
  requirements.

• Conduct ongoing risk assessments and security audits to maintain and demonstrate compliance.

• Assist in the preparation of documentation, reports, and evidence required for compliance audits.

• Develop and maintain an incident response plan to effectively handle security breaches, incidents, and
  breaches of sensitive data.

• Investigate security incidents, perform root cause analysis, and recommend corrective actions to prevent
  recurrence.

• Collaborate with IT teams to implement security patches, updates, and configurations to mitigate
  vulnerabilities.

• Provide education and training to staff and stakeholders to promote a culture of security awareness and
  compliance.

• Monitor and analyze security alerts, logs, and reports to detect, proactively mitigate, and respond to
  security threats and breaches.

• Evaluate the security practices of third-party vendors and partners to ensure compliance with our
  security standards.
  Other duties as assigned to help drive our mission of improving the lives of everyone living with cancer.

Key Competencies

• Success in leading and managing large, complex projects with multiple phases.

• Excellent interpersonal, written (grammar, spelling, format), and verbal communication skills

• Excellent organizational skills and attention to detail

• Reliable, fast learner, self-motivated

• Ability to effectively handle shifting priorities and adapt to changing demands in a dynamic

environment

• Ability to develop alternative solutions to problems; comparing and analyzing data and

measuring results.

Qualifications

• Bachelor's degree in Information Security, Computer Science, or a related field. Relevant certifications (e.g., CISSP, CISM, CompTIA Security+) are preferred.

• Proven experience in information security and compliance, preferably in a healthcare or regulated environment.

• In-depth knowledge of HITRUST, HIPAA, and other relevant healthcare security standards and regulations.

• Strong understanding of security technologies, tools, and methodologies, including intrusion detection systems, firewalls, encryption, and vulnerability assessment.

• Excellent analytical, problem-solving, and communication skills.

• Ability to work independently and as part of a team, effectively managing multiple tasks and priorities.

• Strong interpersonal skills to collaborate with stakeholders across various departments and levels of the organization.

• Experience with security incident response and management protocols.