IT Security Analyst - Security Governance

Job Number
Banner Health (Corporate)
Banner Health (Corporate) - IT Security
Position Type
FT: Full-Time
Street Address
2901 N Central Ave.
City & State
Posting Category
Information Technology - Non-Clinical
New Grad


Banner is looking for IT Security Analyst to join the Security Governance team at the Banner Corporate Center Phoenix Plaza, located on Thomas and Central in Phoenix, AZ. These are full time, full benefitted roles with Banner Health, not contracts. 


Security Governance is one of six foundational pillars that makes up Banner’s Information Security Department. The Security Governance pillar is directly responsible for providing assurance that information security activities support business objectives; are consistent with regulatory and industry standards and best practices; adhere to enterprise policies and internal controls; and assign responsibility in an effort to manage enterprise risk.

  1. Work with oversight committees and privacy, legal, and compliance stakeholders to develop enterprise-level information security compliance policies that address purpose, scope, and policy directives.
  2. Monitor and analyze a register of legal, regulatory, industry, and contractual information security compliance requirements
  3. Work with the CISO and other Security Governance leaders to implement a strategy for addressing compliance requirements; provide periodic updates on information security compliance status.
  4. Track, analyze, remediate, and report on outstanding information security audit findings.
  5. Identify, monitor, resolve, and/or escalate information security compliance issues.
  6. Conduct third party information security assessments and on-going third party assurance activities, including assessing outsourced information security activities; provide support for joint venture, merger and acquisition, and divestiture security assessments/reviews.
  7. Prepare metrics reports to provide to the CISO and executive management team.

The ideal candidate will have the below qualifications:

  • Understanding of governance and control disciplines within the healthcare industry
  • Understanding of cyber risk management and ability to effectively communicate cyber risk to senior leadership
  • Knowledge of governance frameworks, including but not limited to: ISO 27001, NIST CSF, COBIT, ITIL, PCI DSS
  • Knowledge of regulations, industry standards, and/or contractual obligations, including but not limited to HIPAA, PCI DSS, Sarbanes Oxley, GLBA, SOC /SSAE16, HYTRUST, etc.
  • Professional IT Accreditations: CISSP, CISA, CISM, CRISC, EAP, etc.



About Banner Health Corporate
Within Banner Health Corporate, you will have the opportunity to apply your unique experience and expertise in support of a nationally-recognized healthcare leader. We offer stimulating and rewarding careers in a wide array of disciplines. Whether your background is in Human Resources, Finance, Information Technology, Legal, Managed Care Programs or Public Relations, you'll find many options for contributing to our award-winning patient care.



About Banner Health
Banner Health is one of the largest, nonprofit health care systems in the country and the leading nonprofit provider of hospital services in all the communities we serve. Throughout our network of hospitals, primary care health centers, research centers, labs, physician practices and more, our skilled and compassionate professionals use the latest technology to change the way care is provided. The many locations, career opportunities, and benefits offered at Banner Health help to make the Banner Journey unique and fulfilling for every employee.


Job Summary

This position formulates and defines information security scope and objectives based on both user needs and a good understanding of applicable industry and regulatory requirements. The incumbent designs and implements complex network or application security architectures. Conducts security reviews and oversees any subsequent remediation projects generated from the review. Competent to work at the highest practical understanding of most phases of information security analysis and design as it applies to current and future system requirements.


Essential Functions

  • Conducts and participates in security reviews, evaluations, and risk assessments, assisting in the development and implementation of appropriate recommendations.


  • Analyzes the company's information security architecture, including hardware and software components, with the objective of standardizing security throughout companys infrastructure.


  • Evaluates and assists in the development of security policies and procedures.


  • Provides technical expertise and support for security software, including operational aspects of the software.


  • Provides guidance, direction, and oversight for compliance with all federal, state, and local mandated information security laws, rules, and guidelines. Remain current with the latest industry technical information.


  • Participates in, and on occasion leads, information security projects, including the development of project scope requirements, budgeting, and project planning.


  • Participates in coordinating the handling of security incidents, recoveries, breaches, intrusions and system abuses.



Minimum Qualifications

Must possess strong knowledge of business, information security and/or computer science as normally obtained through the completion of a bachelor's degree.

Certification in one of the following areas within in one year of entering the positionCertified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), Systems Security Certified Practitioner (SSCP), HealthCare Information Security & Privacy Practitioner (HCISSP), Payment Card Industry - Internal Security Assessor(PCI-ISA), CompTIA Security+, HIPAA Security, Information Security Technology Fundamentals, Internet Security or ITAA Information Security Awareness

Must also possess 4 years experience in a healthcare environment or an equivalent combination of relevant education, technical, business and healthcare experience.

Must demonstrate general knowledge of information technology and healthcare. Needs experience in small scale project planning and reporting either individually or in a team. Requires communication and presentation skills to engage technical and non-technical audiences. Requires ability to communicate, and interact across facilities and at various levels. As is typical in this industry, variable shifts and hours and carrying/responding to a pager may be required.

Preferred Qualifications

Additional related education and/or experience preferred.