More jobs:
Privacy & Information Security Risk Management Analyst II
Job in
Sacramento, Sacramento County, California, 94204, USA
Listed on 2026-06-07
Listing for:
Sutter Health
Full Time
position Listed on 2026-06-07
Job specializations:
-
IT/Tech
Cybersecurity, Information Security
Job Description & How to Apply Below
Organization:
SHSO-Sutter Health System Office-Valley
Position Overview:
Uses the Sutter Health governance, risk management, and compliance (GRC) platform to conduct and validate technical security reviews and security assessments in alignment with the Sutter Health information security controls framework, state and federal regulations, and industry security best practices, culminating in the production of security risk assessment reports. Functions as a technical advisor to security leadership, Information Services (IS) departments, and Sutter Health business units on security-related issues and risks and provides support by leading resolution on complex security issues and initiatives.
Provides security training to IS staff members through new hire orientation, just-in-time training, and regular department training. Develops and/or reviews technical information security policies, procedures, standards, and guidelines to support Sutter Health business initiatives in alignment with regulatory requirements, security best practices, and evolving technologies. Conducts technical security-related research and analysis and translates the results into meaningful input to the Information Security program.
Job Description:
Please Note:
While this position is listed as hybrid, regular in-office attendance is required. Candidates should be prepared to commute to the office on a consistent basis to support team collaboration and business needs.
EDUCATION:
Equivalent experience will be accepted in lieu of the required degree or diploma.
* Bachelor's in Business, Computer Science, Engineering, Information Security, Management, Mathematics, Science, Technology or related field
CERTIFICATION & LICENSURE:
* CISSP or CRISC certification preferred, or one of the certifications will be required within one year of hire
TYPICAL
EXPERIENCE:
* 2 years recent relevant experience.
PREFERRED EXPERIENCE:
* Third‑party/vendor security risk assessments
* Conducting formal risk assessments
* GRC or third-party risk management platforms (e.g., Service Now VRM or equivalent)
* Continuous security monitoring tools (e.g., Bit Sight or similar).
* Experience assessing security risks affecting protected health information (PHI)
SKILLS AND KNOWLEDGE:
* Proficient technical skills in planning, administration, and management of information systems, operational and technical security controls, and security risk analysis and management with thorough knowledge of information systems security concepts, current information security trends, practices including security processes, methods, and procedures.
* Working knowledge of software, hardware, databases, networks, firewalls, encryption, and other systems security devices, including a good understanding of Transmission Control Protocol/Internet Protocol (TCP/IP), Domain Name System (DNS), Dynamic Host Configuration Protocol (DHCP), Active Directory, network topologies, and intrusion detection systems.
* General knowledge regarding National Institute of Standards and Technology (NIST), Health Insurance Portability and Accountability Act/Health Information Technology for Economic and Clinical Health Act (HIPAA/HITECH), Federal Information Procession Standards (FIPS), and other related industry security standards, regulations, and best practices.
* Advanced understanding of federal and state security and privacy-related regulatory requirements.
* Good business acumen and advanced analytic skills, including the ability to analyze data and information, reach practical conclusions, recommend corrective actions, resolve conflicts, and institute effective changes.
* Effective organizational and project management skills required, including the demonstrated ability to prioritize tasks, manage multiple projects simultaneously, and complete deliverables.
* Attention to detail with time management and organization skills, including attention to detail, clear documentation, diagnostic capabilities and problem-solving skills.
* Communication (written/verbal), interpersonal, and presentation skills to explain complex technical or sensitive information clearly and…
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
Search for further Jobs Here:
×