Information Security Compliance Analyst

Ardent Health Services is a leading provider of healthcare in communities across the country. Through its subsidiaries, Ardent owns and operates nearly 200 sites of care and 30 hospitals across six states. Together, our 24,000 employees and 1,200 employed providers touch more than 10,000 lives each day. With six Ardent entities earning recognition on Modern Healthcare's Best Places to Work list in 2022, Ardent and its facilities continue to earn recognition for outstanding workplace cultures where team members feel a sense of belonging and have opportunities to grow their careers. Ardent has also been recognized by Comparably's Best Places to Work Awards, earning honors in the Best CEO, Best Company for Women, Best Leadership Teams and Best Work Life Balance categories among others.

POSITION SUMMARY

As an Information Security Compliance Analyst, you will play a key role in implementing, maintaining, and monitoring our information security compliance program. You will be responsible for ensuring that our organization adheres to industry standards, best practices, and legal requirements to protect patient data and maintain the confidentiality, integrity, and availability of our information systems. This role is critical in ensuring compliance with regulatory requirements, particularly in relation to PCI, HIPAA, and SOX.

• Develop and maintain a comprehensive understanding of PCI, HIPAA, and SOX regulations and their impact on our healthcare organization.
• Collaborate with cross-functional teams, including IT, HR, and Treasury to assess the impact of regulatory requirements and develop strategies for compliance.
• Develop, implement, and maintain policies, procedures, and controls to meet regulatory requirements, including data privacy, incident response, and disaster recovery.
• Monitor and evaluate the effectiveness of existing controls and propose improvements as necessary.
• Collaborate with internal and external auditors to ensure compliance with regulatory requirements and participate in audits as needed.
• Stay up to date with emerging trends, technologies, and best practices in information security and compliance.
• Provide guidance and support to IT teams in implementing security controls and addressing compliance-related issues.
• Prepare and present reports on compliance status, audit findings, and remediation plans to management and stakeholders.

Education and Experience:

• Bachelor's degree in computer science, information systems, or a related field.
• 2 to 5 years of experience in IT audit or information security, with a focus on compliance.
• Professional certifications such as CISSP, CISA, or CISM are highly preferred.

Knowledge, Skills and Abilities:

• Familiarity with PCI, HIPAA, and SOX regulations.
• Familiarity with other relevant frameworks, such as NIST, ISO 27001, or HITRUST, is desirable.
• Strong understanding of security controls.
• Excellent written and verbal communication skills with the ability to effectively communicate complex information to technical and non-technical stakeholders.
• Strong analytical and problem-solving skills with attention to detail.
• Ability to work independently, prioritize tasks, and manage multiple projects simultaneously.
• Knowledge of healthcare industry practices and systems is a plus.