Healthcare Sec Risk Analyst

Apply for Job Job ID371929 LocationTwin Cities Job FamilyInformation Technology Full/Part TimeFull-Time Regular/TemporaryRegular Job Code9703SG Employee ClassAcad Prof and Admin Add to Favorite Jobs Email this Job About the Job Healthcare Security Risk Analyst Hiring Range: $110,000 - $120,000 Please note, this position is not eligible for H-1B or Green Card sponsorship. This position does not offer a STEM OPT training program. The University of Minnesota is committed to fostering local talent through employment opportunities. While this position utilizes a hybrid work modality, prospective applicants must be located either in the state of Minnesota or near the Wisconsin border OR otherwise open to relocation. The Information Security Risk Analyst 3 works to improve the information security posture of the University's Health Care Components (HCC) through information security risk assessments, policy and regulatory consultation, and exception management. The role is responsible for facilitation of the risk management program in the HCC, provides leadership to the risk assessment process and technical and procedural guidance to less experienced peers, and serves as a presenter and contact point for Deans and senior University leaders. Job Responsibilities: Governance, Risk and Compliance (60%) Lead the information security risk management program within the University's Health Care Components by identifying areas most in need of risk assessment, leading risk assessments with other information security risk analysts, and utilizing analysis from information security architects. Design and manage ongoing program improvements to ensure alignment with regulatory standards and best practices Lead and coordinate multiple security risk assessments independently utilizing Information Security control structures such as: ISO 27001 / 27002, NIST 800-171; Health Industry Cybersecurity Practices (HICP): (805d), HITRUST; others; develop risk remediation plans and facilitate risk remediation efforts. Communicate risk assessment results and risk mitigation strategies to senior leaders. Analyzes trends from risks assessments to identify areas most in need of mitigation efforts. Provide consultation on information security regulations and standards, such as HIPAA and NIST, to various audiences; including guidance for department-level risk analysis procedures. Assist with development and maintenance of information security policies, procedures, standards and guidelines based on industry best practices and compliance requirements. Maintain alignment of HCC-specific written policy controls to industry standards (HICP, HITRUST, etc.) Consult and provide quality assurance for information security reviews of vendors and suppliers. Relational/Programmatic Development - 20% Work across the Health Care Components (HCC) with key stakeholders in helping to determine compliance needs Coordinate with HIPAA Security Officer on key HCC needs and planning Utilize a Governance, Risk, and Compliance (GRC) tool to develop and implement continuous monitoring processes, supporting ongoing compliance and driving continuous improvement in the organization's security posture. Security Consultation and Leadership (20%) Provide leadership, training, and guidance for student workers in information security Provide procedural and technical guidance to less experienced risk analysts. Works to project manage and build requirements for our Governance, Risk and Compliance system. Consult with administrative and collegiate units to address policy and process related information security risks identified through the information security gap analysis and exception management efforts. Qualifications Required Qualifications: Bachelor's degree and 4 years of relevant work experience or a master's degree plus at least 2 years of experience. Experience in security risk assessment. Strong analytical and problem solving skills. Relevant work experience in a health care environment Excel ent communication (oral, written, presentation), interpersonal and consultative skills with various stakeholders, including organizational leadership. Preferred Qualifications: Experience in HIPAA security risk assessment, vendor assessment, HIPAA consultation or audit. Relevant work experience in a higher education environment with both research and clinical areas Deep understanding of the HIPAA Security Rule, Privacy Rule and Breach Notification Rule Knowledge of information security standards (e.g., ISO 27001/27002, NIST 800-171, etc.), rules and regulations related to information security and data confidentiality (e.g., FERPA, HIPAA, PCI DSS, etc.) CISSP, CISA, or other HIPAA security & privacy certifications Pay and Benefits Pay Range: $110,000 - $120,000; depending on education/qualifications/experience Time Appointment: 100% Appointment Position Type: P&A Staff Please visit the Office of Human Resources website for more information regarding benefit eligibility. The University offers a comprehensive benefits package that includes: Competitive wages, paid holidays, and generous time off Continuous learning opportunities through professional training and degree-seeking programs supported by the Regents Tuition Benefit Program Low-cost medical, dental, and pharmacy plans Healthcare and dependent care flexible spending accounts University HSA contributions Disability and employer-paid life insurance Employee wellbeing program Excellent retirement plans with employer contribution Public Service Loan Forgiveness (PSLF) opportunity Financial counseling services Employee Assistance Program with eight sessions of counseling at no cost Employee Transit Pass with free or reduced rates in the Twin Cities metro area While our salary ranges provide a framework, it is important to note that most of the time, the initial pay may not reach the maximum of the range. This approach ensures that compensation reflects the value and unique contributions of each candidate while maintaining equity within our organization. As part of our commitment to fair and equitable compensation, please be aware that the salary offered to incoming candidates will be based on their individual credentials and experience. How To Apply Applications must be submitted online. To be considered for this position, please click the Apply button and follow the instructions. You will be given the opportunity to complete an online application for the position and attach a cover letter and resume. Additional documents may be attached after application by accessing your

Created: 2026-01-26