Senior Information Security Analyst

The GW Medical Faculty Associates (MFA) was incorporated in July 2000 as a not-for-profit, physician-led practice group. The organization functioned as an independent organization in support of The George Washington University School of Medicine and Sciences as a multi-specialty physician practice group. The GW MFA has grown to become the largest independent academic physician practice in the Washington, DC metro region with more than 500 physicians and nearly 200 APP providers. In 2018, the MFA bylaws were revised to allow The George Washington University to serve as the sole corporate member while the MFA retained independent 501c3 status. The purpose of the change was to ensure alignment between the MFA and The George Washington University.

MFA physicians provide comprehensive patient care, offering one practice for the whole person with 52 medical and surgical specialties. As members of the GW School of Medicine and Health Sciences faculty, MFA providers are teachers and mentors for medical students, residents, fellows, and researchers preserving the rich tradition of academics, research, and healing. In addition to maintaining a closely integrated alliance with The George Washington University and The George Washington University Hospital (GWUH) which is separately owned and operated by Universal Health Services (UHS), the GW MFA has active referring relationships with 12 area hospitals.

The GW MFA’s leading healthcare presence in the DC metro region is complemented by a network of community-based practices in DC, Maryland, and Virginia. Given its geographic location in central NW Washington, DC, and proximity to more than 175 resident embassies, the MFA continues to evolve its international clinical outreach.

Position Summary

The Senior Information Security Analyst (Cyber Security Analyst) supports the Medical Faculty Associates ("MFA") including, but not limited to assessing potential and actual risk to MFA data, business, and IT infrastructures that support its clinical, academic, research, and administrative functions. The position ensures collaborative outcomes with external vendors, affiliates, and partners with internal and external stakeholders to improve processes, mitigate risks, and remediate vulnerabilities related to IT governance, risk, and compliance.

Essential Duties and Responsibilities

To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. Other duties may be assigned.

• Conduct detailed security and third-party risk assessments to ensure projects and initiatives align with MFA compliance policies, standards, and procedures as well as HIPAA, HITRUST, HITE CH, and other government and medical agencies' regulations
• Recommend remediation strategies including risk-based prioritization of action items and identification of mitigating controls; as well as evaluating, developing, and recommending new Information Security assessment tools/techniques
• Develop HIPAA-related training and awareness
• Collaborate with key stakeholders to identify, manage, and, where appropriate, accept/ track risk
• Develop and implement security policies, standards and in line with HIPAA to ensure enterprise-wide risk mitigation
• Support and coordinate compliance-focused units and programs
• Contribute to and develop best practices, strategies, methodologies, and documentation/templates
• Experience in hybrid environments involving hybrid on-premises and public/ private cloud as well as numerous vendor-specific solutions
• Participate in 24x7 on call rotation
• The omission of specific duties does not preclude the supervisor from assigning duties that are logically related to the position

Minimum Qualifications

Education

• Bachelor's degree, preferably in Computer Science or a related field, or an equivalent combination of training and experience

Experience

• A minimum of 4 years of experience in IT operations

Physical Requirements

• Walk, stand, and reach outward on a constant basis in an office setting.
• Must be able to occasionally lift, carry, push, or pull over 100 lbs. as part of the role.
• Regularly exposed to healthcare settings that may require personal protective equipment.
• Requires manual dexterity to operate a computer keyboard, calculator, copier machine, and other equipment.