Sr. Analyst, Information Protection and Governance in Brentwood, TN at Health Support Center

Date Posted: 9/14/2018

Job Snapshot

Job Description

Health Support Center


The Senior Analyst, Information Protection and Governance is responsible for communicating potential cyber and Information Management risks, conducting risk analysis, and ensuring appropriate action plans are in place to man-age and monitor risk.


To perform this job, an individual must perform each essential function satisfactorily with or without a reasonable accommodation. 

Conduct Information Protection and Governance assessments at new LifePoint Health merger and acquisition facilities as part of the Information Security Due Diligence framework.

Identify metrics and measure the Company’s vulnerability / risk management programs.

Lead efforts in the remediation of annual security assessments. Maintain detailed next steps, recommendations, and remediation objectives.

Assess the Company’s information security and governance risk posture and assist with implementation of future security and governance strategies

Assist with Information Security and Governance processes, toolkits and outcomes for interrelated information technology security incidents, recoveries, potential intrusions, and system abuses.

Evaluate Health Insurance Portability and Accountability Act (HIPAA) information security risk assessments, vendor security assessments, and Health Support Center (HSC) security control assessments.

Provide knowledge and support for other Information Protection and Governance projects or issues as they arise.

Partner with team members during discussions with data stewards and other stakeholders by providing guidance around Information Protection and Governance concepts and implementation, including records management, retention, and disposition.

Collaborate with Facility Information Security Officers on hospital risk exposure and improvement plans.

Conduct third party vendor / contractor application assessments ensuring that LifePoint’s security standards are in place while identifying, documenting, and managing associated risks.

Assist with legal e-mail e-discovery support.

Regular and reliable attendance.


Perform other duties as assigned.

Additional Information:

Position serves both internal co-workers and external customers, clients, patients, contractors, and vendors.

Access to and/or works with sensitive and/or confidential information.

Exhibit an understanding of healthcare regulatory and compliance (e.g., HIPAA).  Skilled in the application of poli-cies and procedures. Knowledge of Business Office Standards and Recommended Practices.

Job Requirements


The requirements listed below are representative of the knowledge, skills and/or abilities required.

Education: Bachelor’s degree in Computer Information Systems, Business Administration or equivalent education or professional experience and/or qualifications.

Experience: Minimum five years of related experience.  Strong familiarity with governance and controls frame-works, such as PCI, SOX, COBIT, ITIL, NIST CSF, HITRUST CSF.

Certifications: HCISPP, CISSP, CRISC, CISA and/or COBIT certifications preferred.

Licenses: N/A

Skills and Abilities:

Statistical Mathematical Skills -- Ability to work with mathematical and algebraic concepts such as probability, sta-tistical inference, and forecasting. Ability to apply and analyze concepts such as fractions, percentages, ratios, and proportions to practical situations.

Moderate Computer Skills – Frequent use of electronic mail, word processing, data entry, spreadsheets, graphics, etc. Ability to create, maintain and incorporate simple functions into documents, spreadsheets, databases, and presentations to support business objectives.

Moderate Communication – Regularly uses moderately complex oral and written skills. May train others in func-tional areas, interact with others and make presentations to department or middle management.

Routine Business Problems – Problems encountered are routine, somewhat repetitive and generally solved by following clear directions and procedures.

Job Specific Impact -- Decisions generally affect own job or assigned functional area.

Moderate Independent Judgement -- Results are defined; sets personal goals and determines how to achieve re-sults with few or no guidelines to follow; supervisor/manager provides broad guidance and overall direction.

Moderate Planning/Organization -- Handle multiple tasks simultaneously with moderate complexity.

LifePoint Health is committed to being a place where employees want to work and takes seriously our responsibility to comply with all regulatory and legal guidelines throughout the recruitment and hiring process. The recruiting process with LifePoint Health will always include emails to job candidates from an address ending in “”, as well as at least one phone interview and/or in-person interview prior to hiring.

Equal opportunity and affirmative action employers and are looking for diversity in candidates for employment: Minority/Female/Disabled/Protected Veteran