Veterans Jobs

Job Information

Sutter Health Senior Analyst, Privacy and Information Security Risk Management in Roseville, California

Position Overview:

The Senior Analyst, Privacy and Information Security Risk Management (Senior Analyst) serves as the first point of contact for assigning, scheduling, and conducting security risk reviews for Sutter Health Information Services (IS) systems and solutions, as well as external partners and vendors. The Senior Analyst performs and validates skilled technical security reviews and security assessments for large and complex information systems in alignment with the Sutter Health information security controls framework, state and federal regulations, and industry security best practices, culminating in the production of security risk assessment reports. The Senior Analyst serves as a technical advisor to security leadership, IS departments, and Sutter Health business units on security-related issues and risks, and provides support by leading resolution on complex security issues and initiatives. In addition, the Senior Analyst provides security training to IS staff members through new hire orientation, just-in-time training, and regular department training. The Senior Analyst develops and/or reviews information security policies, procedures, standards, and guidelines to support Sutter Health business initiatives in alignment with regulatory requirements, security best practices, and evolving technologies. Also, the Senior Analyst conducts technical security-related research and analysis and translates the results into meaningful input to the Information Security program. The Senior Analyst possesses detailed knowledge regarding NIST, HIPAA/HITECH, FIPS, and other related industry security standards, regulations, and best practices. The Senior Analyst reports to the manager of the Security Risk Management team.



Bachelor Computer Science, Information Security, Business, Management, STEM, or related field is required. Equivalent combination of education and experience can be substituted.

Certification / Registration / Licensure

Certified Information Systems Security Professional (CISSP) is required

Healthcare Information Security and Privacy Practitioner (HCISPP), Certified in Risk and Information Systems, Control(CRISC) Certified Information Systems Auditor (CISA) is desired.


• Relevant work experience in information systems and information security as typically acquired in seven years

• Three years of healthcare information technology industry experience highly desired

• Extensive experience with security tools in the healthcare industry

• Proven history of executing business impacting projects with defined scope, deliverables, and timelines


• Thorough knowledge of information systems security concepts and current information security trends and practices including security processes and methods

• Expert knowledge in security concepts, practices, and procedures

• Thorough knowledge of software, hardware, databases, networks, firewalls, encryption, and other systems security devices

• Working knowledge of TCP/IP, DNS, DHCP, Active Directory, network topologies, and intrusion detection systems

• Familiarity with various database architectures and related security best practices

• General knowledge of federal and state security and privacy-related regulatory requirements

• Detailed knowledge regarding NIST, HIPAA, FIPS, and other related industry security standards, regulations, and best practices


• Demonstrated strong quantitative, analytical, and conceptual thinking skills

• Strong technical skills in planning, administration, and management of information systems, operational and technical security controls, and security risk analysis and management

• Excellent written and verbal communication skills, with the ability to build effective working relationships with all levels of internal and external constituencies

• Strong organizational, analytical, diagnostic capabilities and problem solving skills

• Demonstrated ability to prioritize work while multi-tasking on assigned work

• Proven ability to effectively leverage vast detailed knowledge and familiarity with security disciplines

• Demonstrated ability to identify key concepts, factors, and risks based on conversations and document them in clear and concise narrative or graphic reports

• Must work well within a time-sensitive environment

• Proven ability to train others on various system security threat mitigations

Organization: Sutter Health System Office

Employee Status: Regular

Benefits: Yes

Position Status: Exempt

Union: No

Job Shift: Day

Shift Hours: 8 Hour Shift

Days of the Week Scheduled: Monday-Friday

Weekend Requirements: Other

Schedule: Full Time

Hrs Per 2wk Pay Period: 80

All qualified applicants will receive consideration for employment without regard to race, color, creed, religion, marital status, sexual orientation, registered domestic partner status, sex, gender, gender identity or expression, ancestry, national origin (including possession of a driver's license issued to individuals who did not present proof of authorized presence in the U.S.), age, medical condition, physical or mental disability, military or protected veteran status, political affiliation, pregnancy or perceived pregnancy, childbirth, breastfeeding or related medical condition, genetic information or any other characteristic made unlawful by local, state, or federal law, ordinance or regulation. External hires must pass a background check/drug screening. Qualified applicants with arrest and/or conviction records will be considered for employment in a manner consistent with Federal, state, and local laws, including but not limited to the San Francisco Fair Chance Ordinance.