Security Analyst -SME Level - 12+ Years of Exp. Required

Job Description

We are seeking an experienced Security Analyst with strong Healthcare/Pharma domain expertise to support security, compliance, and business analysis initiatives related to patient data systems and Electronic Protected Health Information (ePHI). The ideal candidate will possess a strong blend of cybersecurity, compliance, audit, and healthcare operations knowledge.

Mandatory Skills

• Extensive cybersecurity experience in the Pharma domain, especially handling Patient Data / ePHI.
• Strong understanding of HIPAA Security Rule and NIST Security Frameworks.
• Knowledge of healthcare interoperability standards such as HL7 and FHIR.
• Strong critical thinking skills with the ability to balance clinical usability and risk reduction without impacting patient care.
• Excellent communication, documentation, and stakeholder management skills.
• Experience collaborating with product, data, business, and executive leadership teams.
• Strong functional and domain expertise in Healthcare/Pharma environments.

Key Responsibilities

IT Business Analyst Responsibilities

• Collaborate with clinical staff and healthcare administrators to gather and define business and system requirements.
• Support systems managing Electronic Health Records (EHR), billing, and patient workflows.
• Identify operational bottlenecks in patient flow, documentation, or data entry processes and recommend technical improvements.
• Translate technical features into user-friendly training materials and support for doctors, nurses, and administrative teams.

Security Analyst Responsibilities

• Protect Electronic Protected Health Information (ePHI) and ensure HIPAA compliance.
• Conduct Security Risk Assessments (SRA) to identify vulnerabilities across applications, infrastructure, data flows, and third-party integrations.
• Implement and monitor least-privilege access controls and Multi-Factor Authentication (MFA).
• Detect, investigate, and respond to cybersecurity incidents including phishing attacks and data breaches.
• Lead incident recovery activities and maintain compliance documentation for audits and legal requirements.
• Manage vendor security governance and Business Associate Agreements (BAAs) to ensure third-party compliance with healthcare security standards.

Required Certifications

Healthcare & Compliance Certifications (Preferred)

• HCISPP – HealthCare Information Security and Privacy Practitioner
• CPHIMS – Certified Professional in Healthcare Information and Management Systems

Core Security & Audit Certifications (Must Have)

• CISSP – Certified Information Systems Security Professional
• CISA – Certified Information Systems Auditor

Process & Business Analysis Certifications (Must Have)

• CBAP – Certified Business Analysis Professional
• ITIL 4 Foundation

Mandatory Compliance Documentation Experience

• Security Risk Assessment (SRA)
• Experience creating and maintaining HIPAA-compliant security risk assessments identifying ePHI risks and vulnerabilities.
• Business Associate Agreements (BAA)
• Experience managing contracts and security compliance requirements with third-party vendors handling patient data.