Treasury/PCI Security Analyst

Job Number
Banner Health (Corporate)
Banner Health (Corporate) - IT Security
Position Type
FT: Full-Time
Street Address
2901 N Central Ave.
City & State
Posting Category
Information Technology - Non-Clinical


Banner is looking for a Treasury/PCI Security Analyst to join the Treasury Department at the Banner Corporate Center Phoenix Plaza, located on Thomas and Central in Phoenix, AZ. This is a full time, full benefitted role with Banner Health, not a contract. 


The Treasury Department is directly responsible for vetting, monitoring and auditing all payment systems (point of sale, gateways, software and hardware); ensuring those payment systems are consistent with industry and regulatory standards and best practices, while adhering to enterprise policies and internal controls.  Security controls, guidelines and governance are a major component of payment acceptance.  This business role is a combination of Treasury and PCI security control/risk functions.


This position will entail the following:

  • Monitor and analyze PCI compliance requirements, such as payment card acceptance, security controls, point-to-point encryption and device inventory management.
  • Track, analyze, remediate, and report on outstanding PCI security/treasury audit findings.
  • Identify, monitor, resolve, and/or escalate PCI compliance issues.
  • Conduct PCI security assessments in coordination with Information Security department related to electronic payment acceptance and on-going third party assurance activities, including assessing outsourced PCI activities; providing support for joint venture, merger and acquisition; and the divestiture PCI assessments/reviews.
  • Work with oversight committees and privacy, legal, and compliance stakeholders to develop enterprise-level PCI compliance policies that address purpose, scope, and policy directives.
  • Work with leaders and business partners to implement a strategy for addressing PCI compliance requirements.
  • Prepare metrics reports to provide to leadership.


The ideal candidate will have the below qualifications:

  • Knowledge of electronic payment systems (point of sale, gateways, software and hardware) and Payment Card Industry Data Security Standards (PCI DSS).
  • Understanding of enterprise risk management and ability to effectively communicate PCI compliance risk to senior leadership.
  • Understanding of governance and control disciplines within the healthcare industry.
  • Knowledge of regulations, industry standards, and/or contractual obligations, including but not limited to HIPAA, PCI DSS, Sarbanes Oxley, etc.
  • Professional Accreditations: PCIP or PCI ISA (previous or current).


About Banner Health Corporate
Within Banner Health Corporate, you will have the opportunity to apply your unique experience and expertise in support of a nationally-recognized healthcare leader. We offer stimulating and rewarding careers in a wide array of disciplines. Whether your background is in Human Resources, Finance, Information Technology, Legal, Managed Care Programs or Public Relations, you'll find many options for contributing to our award-winning patient care.



About Banner Health
Banner Health is one of the largest, nonprofit health care systems in the country and the leading nonprofit provider of hospital services in all the communities we serve. Throughout our network of hospitals, primary care health centers, research centers, labs, physician practices and more, our skilled and compassionate professionals use the latest technology to make health care easier, so life can be better. The many locations, career opportunities, and benefits offered at Banner Health help to make the Banner Journey unique and fulfilling for every employee.


Job Summary

This position formulates and defines information security scope and objectives based on both user needs and a good understanding of applicable industry and regulatory requirements. The incumbent designs and implements complex network or application security architectures. Conducts security reviews and oversees any subsequent remediation projects generated from the review. Competent to work at the highest practical understanding of most phases of information security analysis and design as it applies to current and future system requirements.

Essential Functions

  • Conducts and participates in security reviews, evaluations, and risk assessments, assisting in the development and implementation of appropriate recommendations.

  • Analyzes the company's information security architecture, including hardware and software components, with the objective of standardizing security throughout companys infrastructure.

  • Evaluates and assists in the development of security policies and procedures.

  • Provides technical expertise and support for security software, including operational aspects of the software.

  • Provides guidance, direction, and oversight for compliance with all federal, state, and local mandated information security laws, rules, and guidelines. Remain current with the latest industry technical information.

  • Participates in, and on occasion leads, information security projects, including the development of project scope requirements, budgeting, and project planning.

  • Participates in coordinating the handling of security incidents, recoveries, breaches, intrusions and system abuses.

  • Minimum Qualifications

    Must possess strong knowledge of business, information security and/or computer science as normally obtained through the completion of a bachelor's degree.

    Certification in one of the following areas within in one year of entering the positionCertified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), Systems Security Certified Practitioner (SSCP), HealthCare Information Security & Privacy Practitioner (HCISSP), Payment Card Industry - Internal Security Assessor(PCI-ISA), CompTIA Security+, HIPAA Security, Information Security Technology Fundamentals, Internet Security or ITAA Information Security Awareness

    Must also possess 4 years experience in a healthcare environment or an equivalent combination of relevant education, technical, business and healthcare experience.

    Must demonstrate general knowledge of information technology and healthcare. Needs experience in small scale project planning and reporting either individually or in a team. Requires communication and presentation skills to engage technical and non-technical audiences. Requires ability to communicate, and interact across facilities and at various levels. As is typical in this industry, variable shifts and hours and carrying/responding to a pager may be required.

    Preferred Qualifications

    Additional related education and/or experience preferred.