IT Security Consultant - IAM

Job Number
205385
Banner Health (Corporate)
Shift
Day
Department
Banner Health (Corporate) - IT Security
Position Type
FT: Full-Time
Street Address
2901 N Central Ave.
City & State
US-AZ-Phoenix
Posting Category
Information Technology - Non-Clinical
New Grad
No

---

Banner is looking for IAM IT Security Consultants to join their team at the Banner Corporate Center Phoenix Plaza, located on Thomas and Central in Phoenix, AZ.  These are full time, full benefitted roles with Banner Health, not contracts. 

 

Identity and Access Management (IAM) is one of six foundational pillars that makes up Banner’s Information Security Department. The IAM pillar is directly responsible for deploying capabilities to enable the right individuals to access the right resources at the right time for the right reasons. This position was established to engage in various aspects of the IAM function.

  1. Execute the Enterprise IAM strategy and reference architecture, including standards and frameworks aligned to the overall business strategy.
  2. Assist in the process of reviewing and selecting IAM tools and vendor solutions.
  3. Execute alignment of the IAM program with over-arching business needs by driving meaningful collaboration with program stakeholders
  4. Collaborate with business/process owners to learn about their IAM needs and effectively communicate the benefits of IAM in security, technology administration efficiency, compliance, and business agility while still achieving project plan goals and milestones.
  5. Document and track logical and physical access control rules and rights for each group of users in the form of standard user access profiles based on need-to-know, need-to-share, least privilege and other relevant requirements.
  6. Periodically review and recertify identities across the enterprise to ensure they are still valid and that users continue to have minimum access necessary to perform their specific job function.

Preferred Qualifications:

  • Demonstrated experience integrating identity management, access management, and access governance software into Enterprise infrastructure and applications
  • Strong understanding of modern IAM concepts, including but not limited to user provisioning; entitlement review and certification; multi-factor authentication; enterprise directory architecture and design; Role-Based Access Control; Attribute-Based Access Control; single sign on; identity federation; privileged access management
  • Strong technical understanding of IAM and service lifecycles
  • Significant knowledge across a broad range of IAM technologies
  • Experience with authoring, implementing and maintaining IAM policies and standards
  • Experience strategizing with cross-functional business partners on information security solutions
  • Extensive knowledge in governance frameworks including: ISO 27001, NIST CSF, COBIT, ITIL, PCI DSS

Professional IT Accreditations: CISSP, CISA, CISM, CRISC, EAP, etc.

---

About Banner Health Corporate
Within Banner Health Corporate, you will have the opportunity to apply your unique experience and expertise in support of a nationally-recognized healthcare leader. We offer stimulating and rewarding careers in a wide array of disciplines. Whether your background is in Human Resources, Finance, Information Technology, Legal, Managed Care Programs or Public Relations, you'll find many options for contributing to our award-winning patient care.

 

Truven-2013
Stage7-2013

About Banner Health
Banner Health is one of the largest, nonprofit health care systems in the country and the leading nonprofit provider of hospital services in all the communities we serve. Throughout our network of hospitals, primary care health centers, research centers, labs, physician practices and more, our skilled and compassionate professionals use the latest technology to change the way care is provided. The many locations, career opportunities, and benefits offered at Banner Health help to make the Banner Journey unique and fulfilling for every employee.

---

Job Summary

This position formulates and defines information security scope and objectives based on both user needs and a good understanding of applicable industry and regulatory requirements. Designs and implements complex network or application security architectures. Conducts security reviews and oversees any subsequent remediation projects generated from the review. Guides and advises less experienced peers. Competent to work at the highest practical understanding of most phases of information security analysis and design as it applies to current and future system requirements.

 

Essential Functions

  • Leads or participates in security reviews, evaluations, and risk assessments, developing and implementing appropriate recommendations.

 

  • Leads or performs analysis of companys information security architecture, including hardware and software components, with the objective of standardizing security throughout our infrastructure. Responsible for designing various security architectures in accordance with accepted industry standards and subsequent implementation oversight.

 

  • Participates in the ongoing evaluation and development of security policies and procedures. Leads the revision of policies and procedures, as needed.

 

  • Responsible for providing technical expertise and support for security software, including operational aspects of the software. Responsible for mentoring junior members of the team and may supervise the work of the department in the absence of immediate supervisor.

 

  • Responsible for providing guidance, direction, and oversight for companys compliance with all federal, state, and local mandated information security laws, rules, and guidelines. Remain current with the latest industry technical information.

 

  • Serves as primary leader of information security projects, including the development of project scope requirements, budgeting, and project planning.

 

  • Coordinates the handling of security incidents, recoveries, breaches, intrusions, and system abuses.

 

 

Minimum Qualifications

Must possess strong knowledge of business, information security and/or computer science as normally obtained through the completion of a bachelor's degree.

Certification in one of the following areas within one year of entering the positionSystems Security Certified Practitioner (SSCP), HealthCare Information Security & Privacy Practitioner, (HCISPP), Payment Card Industry Internal Security Assessor (PCI-ISA), CompTIA Security+, Certified Information Systems Security Professional (CISSP), or Certified Information Systems Auditor (CISA).

Must also possess 6 years experience in a healthcare environment or an equivalent combination of relevant education, technical, business and healthcare experience.

Requires independent judgment, critical decision making, excellent analytical skills, with excellent verbal and written communications. Ability to think quickly under difficult or complex conditions and clearly communicate to appropriate staff; ability to balance project workloads with customer support and on-call demands. Must demonstrate general knowledge of information technology and information security principles and practices. Needs experience in small scale project planning and reporting either individually or in a team. Requires communication and presentation skills to engage technical and non-technical audiences. Requires ability to communicate, and interact across facilities and at various levels. Incumbent will have skills to mentor less experienced team members. As is typical in this industry, variable shifts and hours and carrying/responding to a pager may be required.

Preferred Qualifications

Additional related education and/or experience preferred.