Fairview Health Services
Principal Cybersecurity Analyst- Business Continuity Management
Fairview Health Services, Minneapolis, Minnesota, United States, 55400
Job Overview
The Principal Cybersecurity Analyst for Business Continuity Management will lead a team of analysts dedicated to supporting operational departments in the creation, implementation, and maintenance of business continuity plans and related initiatives. This role requires a strategic thinker with deep expertise in disaster preparedness and emergency management, particularly within large healthcare organizations. The analyst will collaborate closely with Enterprise Resiliency leadership and departmental stakeholders to advance the organization’s business continuity capabilities within defined timelines. They will also be responsible for optimizing processes, enhancing reporting frameworks, and evolving the business continuity management system to increase organizational value and drive widespread adoption. The ideal candidate will bring substantial experience in business continuity and emergency management, with a proven track record of building resilient programs that protect organizations during and after disruptive events. Strong leadership, along with exceptional written and verbal communication skills, is essential for success in this role.
Responsibilities
Provide technical leadership to write/review/enhance security policies, standards, methods and procedures.
Lead teams to test and govern Cybersecurity controls and their enforcement. Make recommendations and lead response teams to deploy necessary controls and address identified gaps.
Lead tactical and strategic teams to define, collect, analyze and prioritize security requirements based on evolving technical and security needs, indicators of compromise, anomalous behavior, and external threat indicators.
Build and enhance security threat models for specific applications and technology areas considering risk, policy, compliance needs.
Participate in industry forums and relevant technical briefings to understand advancements in Cybersecurity and Risk Management areas, compliance, governance and business continuity management capabilities.
Apply understanding of various domains of security including authentication, authorization, network security, data, system devices and operating systems, coding principles, development methodologies, web/mobile applications, use of public and private networks, devices and applications hosted in public/private/hybrid cloud environments.
Analyze risk and prioritization of vulnerability remediation using MITRE ATT&CK within the greater context of assets and the control stack.
Lead collaboration with vendors, health and business partners to ensure security remediation milestones are met.
Lead technical and risk management groups to identify and remediate gaps including tool/technology deficiencies or develop compensating control measures.
Lead Red/Blue/Purple teams as needed to test security controls and help improve security posture.
Assist in design, implement, maintain and support current and future complex information security technologies, processes and procedures. Lead the design and development of security controls that ensure the safety of information assets and protect from unauthorized access or intentional destruction.
Lead complex projects related to security regulatory compliance and the implementation and maintenance of all cybersecurity programs, processes and technologies. Ensure the implementation of appropriate security configurations or re-configurations and work with appropriate teams to execute them as required.
Foster a culture of improvement, efficiency gains and innovative thinking. Coach and mentor team members, adapt to change, and fulfill other duties as assigned.
Additional Job Responsibilities
Program Strategy & Evolution: Lead efforts to support, maintain, and continuously improve the enterprise resiliency program and its core strategies.
Team Leadership & Mentorship: Provide guidance and oversight to junior analysts, fostering skill development and effective contributions to the resiliency program.
Cross-Department Collaboration: Partner with department leaders to promote understanding of enterprise resiliency principles and their implementation.
Lifecycle Coordination: Organize and facilitate resiliency lifecycle activities, preparing departments for successful Business Continuity (BC) Plan creation.
Cybersecurity & Emergency Integration: Collaborate with cybersecurity and emergency management teams to align BC plans within the broader resiliency framework.
Performance Measurement: Support the creation of relevant metrics and KPIs to track the effectiveness and progress of resiliency initiatives.
Continuous Improvement: Analyze operational feedback and industry trends to propose enhancements that elevate the resilience strategy.
Industry Monitoring & Compliance: Stay informed on best practices, emerging threats, and regulatory shifts to ensure program adaptability and compliance.
Workflow Optimization: Participate in regular team meetings to identify process inefficiencies and contribute to workflow improvements.
On-Site Support: Travel to operational sites to assist leaders with hands-on plan development and implementation guidance.
Required Qualifications Education
Bachelor’s degree in Technology, Liberal Arts, Engineering or related disciplines or combination of relevant experience/education.
Experience
10+ years of cumulative experience in engineering, development and/or support of IT Systems.
5+ years of experience in two or more areas of IT Security Risk and Compliance management areas - Risk Management, Disaster Recovery, BCP, Governance, Audit, Security Operations, Policy & Awareness, Security Training & Threat modeling. Experience building and executing business continuity programs.
Experience deploying and/or managing tools, methods and processes associated with enterprise resiliency/business continuity.
Previous experience leading teams.
Understanding and experience implementing disaster recovery planning or emergency management practices.
Excellent understanding of fundamentals of IT systems, frameworks, development methodologies, network, firewalls, communication layers, devices/end points, computing environment.
Deeper understanding of Threats, Vulnerabilities, Risk, Cybersecurity frameworks, policies and Cybersecurity standards.
Understanding of Web Applications, software security, security frameworks.
Ability to thrive in a sense-of-urgency environment and leverage best practices.
Language & Communication Skills
Excellent ability to effectively communicate both verbally and written with all levels within the organization.
Ability to visually represent technical, logical and system interaction concepts and adjust messaging based on the audience, including non-technical groups.
Expertise in use of visual representation tools such as MS Visio Pro, PowerPoint.
Ability to influence through outstanding interpersonal skills, collaboration, and negotiation skills.
Ability to work well within a team environment, as well as independently.
Preferred Qualifications Experience
Bachelor’s degree or higher in Computer Science, Computer Engineering, Digital Forensics, Cybersecurity and/or related technical discipline.
Prior work experience with healthcare organizations.
Experience
Ability to author and edit scripts such as PowerShell, Python and exposure to or knowledge of REST API and JSON batching and workflow automation.
License/Certification/Registration
Industry specific certifications – Security+, CISSP, CISM, CISA, CBCP ABCP CBCI, CEM, or equivalent business continuity certification.
Benefit Overview Fairview offers a generous benefit package including but not limited to medical, dental, vision plans, life insurance, short-term and long-term disability insurance, PTO and Sick and Safe Time, tuition reimbursement, retirement, early access to earned wages, and more. Please follow this link for additional information:
Fairview.org/careers/benefits/noncontract
Compensation Disclaimer The posted pay range is for a 40-hour workweek (1.0 FTE). The actual rate of pay offered within this range may depend on several factors, such as FTE, skills, knowledge, relevant education, experience, and market conditions. Additionally, our organization values pay equity and considers the internal equity of our team when making any offer. Hiring at the maximum of the range is not typical. If your role is eligible for a sign-on bonus, the bonus program that is approved and in place at the time of offer, is what will be honored.
EEO Statement EEO/Vet/Disabled: All qualified applicants will receive consideration without regard to any lawfully protected status
#J-18808-Ljbffr
Responsibilities
Provide technical leadership to write/review/enhance security policies, standards, methods and procedures.
Lead teams to test and govern Cybersecurity controls and their enforcement. Make recommendations and lead response teams to deploy necessary controls and address identified gaps.
Lead tactical and strategic teams to define, collect, analyze and prioritize security requirements based on evolving technical and security needs, indicators of compromise, anomalous behavior, and external threat indicators.
Build and enhance security threat models for specific applications and technology areas considering risk, policy, compliance needs.
Participate in industry forums and relevant technical briefings to understand advancements in Cybersecurity and Risk Management areas, compliance, governance and business continuity management capabilities.
Apply understanding of various domains of security including authentication, authorization, network security, data, system devices and operating systems, coding principles, development methodologies, web/mobile applications, use of public and private networks, devices and applications hosted in public/private/hybrid cloud environments.
Analyze risk and prioritization of vulnerability remediation using MITRE ATT&CK within the greater context of assets and the control stack.
Lead collaboration with vendors, health and business partners to ensure security remediation milestones are met.
Lead technical and risk management groups to identify and remediate gaps including tool/technology deficiencies or develop compensating control measures.
Lead Red/Blue/Purple teams as needed to test security controls and help improve security posture.
Assist in design, implement, maintain and support current and future complex information security technologies, processes and procedures. Lead the design and development of security controls that ensure the safety of information assets and protect from unauthorized access or intentional destruction.
Lead complex projects related to security regulatory compliance and the implementation and maintenance of all cybersecurity programs, processes and technologies. Ensure the implementation of appropriate security configurations or re-configurations and work with appropriate teams to execute them as required.
Foster a culture of improvement, efficiency gains and innovative thinking. Coach and mentor team members, adapt to change, and fulfill other duties as assigned.
Additional Job Responsibilities
Program Strategy & Evolution: Lead efforts to support, maintain, and continuously improve the enterprise resiliency program and its core strategies.
Team Leadership & Mentorship: Provide guidance and oversight to junior analysts, fostering skill development and effective contributions to the resiliency program.
Cross-Department Collaboration: Partner with department leaders to promote understanding of enterprise resiliency principles and their implementation.
Lifecycle Coordination: Organize and facilitate resiliency lifecycle activities, preparing departments for successful Business Continuity (BC) Plan creation.
Cybersecurity & Emergency Integration: Collaborate with cybersecurity and emergency management teams to align BC plans within the broader resiliency framework.
Performance Measurement: Support the creation of relevant metrics and KPIs to track the effectiveness and progress of resiliency initiatives.
Continuous Improvement: Analyze operational feedback and industry trends to propose enhancements that elevate the resilience strategy.
Industry Monitoring & Compliance: Stay informed on best practices, emerging threats, and regulatory shifts to ensure program adaptability and compliance.
Workflow Optimization: Participate in regular team meetings to identify process inefficiencies and contribute to workflow improvements.
On-Site Support: Travel to operational sites to assist leaders with hands-on plan development and implementation guidance.
Required Qualifications Education
Bachelor’s degree in Technology, Liberal Arts, Engineering or related disciplines or combination of relevant experience/education.
Experience
10+ years of cumulative experience in engineering, development and/or support of IT Systems.
5+ years of experience in two or more areas of IT Security Risk and Compliance management areas - Risk Management, Disaster Recovery, BCP, Governance, Audit, Security Operations, Policy & Awareness, Security Training & Threat modeling. Experience building and executing business continuity programs.
Experience deploying and/or managing tools, methods and processes associated with enterprise resiliency/business continuity.
Previous experience leading teams.
Understanding and experience implementing disaster recovery planning or emergency management practices.
Excellent understanding of fundamentals of IT systems, frameworks, development methodologies, network, firewalls, communication layers, devices/end points, computing environment.
Deeper understanding of Threats, Vulnerabilities, Risk, Cybersecurity frameworks, policies and Cybersecurity standards.
Understanding of Web Applications, software security, security frameworks.
Ability to thrive in a sense-of-urgency environment and leverage best practices.
Language & Communication Skills
Excellent ability to effectively communicate both verbally and written with all levels within the organization.
Ability to visually represent technical, logical and system interaction concepts and adjust messaging based on the audience, including non-technical groups.
Expertise in use of visual representation tools such as MS Visio Pro, PowerPoint.
Ability to influence through outstanding interpersonal skills, collaboration, and negotiation skills.
Ability to work well within a team environment, as well as independently.
Preferred Qualifications Experience
Bachelor’s degree or higher in Computer Science, Computer Engineering, Digital Forensics, Cybersecurity and/or related technical discipline.
Prior work experience with healthcare organizations.
Experience
Ability to author and edit scripts such as PowerShell, Python and exposure to or knowledge of REST API and JSON batching and workflow automation.
License/Certification/Registration
Industry specific certifications – Security+, CISSP, CISM, CISA, CBCP ABCP CBCI, CEM, or equivalent business continuity certification.
Benefit Overview Fairview offers a generous benefit package including but not limited to medical, dental, vision plans, life insurance, short-term and long-term disability insurance, PTO and Sick and Safe Time, tuition reimbursement, retirement, early access to earned wages, and more. Please follow this link for additional information:
Fairview.org/careers/benefits/noncontract
Compensation Disclaimer The posted pay range is for a 40-hour workweek (1.0 FTE). The actual rate of pay offered within this range may depend on several factors, such as FTE, skills, knowledge, relevant education, experience, and market conditions. Additionally, our organization values pay equity and considers the internal equity of our team when making any offer. Hiring at the maximum of the range is not typical. If your role is eligible for a sign-on bonus, the bonus program that is approved and in place at the time of offer, is what will be honored.
EEO Statement EEO/Vet/Disabled: All qualified applicants will receive consideration without regard to any lawfully protected status
#J-18808-Ljbffr