Information Security Risk Analyst II
Apply Job ID R-12731 Date posted 09/17/2025If you are looking to make an impact on a meaningful scale, come join us as we embrace the Power of One!
We strive to be an employer of choice and establish a reputation for being a talent rich organization where Associates can grow their career caring for others. For over a century, we’ve served the health care needs of the people of Memphis and the Mid-South.
Working at MLH means carrying the mission forward of caring for our community and impacting the lives of patients in every way through compassion, a deliberate focus on service expectations and a consistent thriving for excellence.
A Brief Overview
Responsible for examining and analyzing the information system operations to identify opportunities for risk reduction. Ensure the appropriate level of information security is utilized based on industry standards, best practices, HIPAA, HITECH, and other regulations by developing repeatable processes to identify, evaluate, and measure IT security risk. Evaluate risk and perform due diligence and periodic security reviews on IT vendors. Partner with other stakeholders to develop and maintain disaster recovery procedures and periodically test those procedures for effectiveness. Help develop and maintain security policies. Partner with Audit, Compliance, and Legal to manage security risk and compliance. Asset in the development, maintenance, and presentation of security awareness training and testing. Models appropriate behavior as exemplified in MLH Mission, Vision and Values.
What you will do
- Ensure the appropriate level of information security is utilized based on industry standards, best practices, HIPAA, HITECH, and other regulations by developing repeatable processes to identify, evaluate, and measure IT security risk.
- Develops and reviews security policies, procedures, and standards.
- Perform IT security risk assessments of both new and existing in-house and vendor-based systems. Recommend, design, and construct risk/security metrics, policies and standards.
- Manage the remediation of audit and security review findings and recommendations.
Education/Formal Training Requirements
- Associate's Degree Information Technology
- Preferred: Bachelor's Degree Business Administration/Management
- Preferred: Bachelor's Degree Computer sciences
- Preferred: Bachelor's Degree Healthcare Administration
Work Experience Requirements
- Must have at least two (2) years of experience in Information Security, working with risk management, audit, and compliance
- Substitution: Five (5) years of applicable Information Security experience, working with risk management, audit, and compliance in lieu of education requirements
Licenses and Certifications Requirements
Credentialed in one or more of the following:
- Certified in Risk and Information Systems Control (CRISC)
- Certified Information Systems Auditor (CISA)
- Certified Information Systems Security Professional - International Information System Security Certification Consortium
- CPFA
Knowledge, Skills and Abilities
- Ability to assess security incidents or risks, gathers needed information, and finds appropriate solutions.
- Ability to analyze current processes and use judgement to recommend new and innovative processes.
- Knowledge of best practices, HIPAA, HITECH, and other regulations
- Ability to manage projects and implementations with little supervision.
- Advanced computer, network, and system knowledge and skills with a thorough understanding of security controls.
- Ability to use basic office productivity tools and manage time.
- Ability to communicate effectively, present in front of small groups and document processes.
Supervision Provided by this Position
- There are no supervisory responsibilities assigned to this position. May take a lead role in projects and provide guidance to other associates.
Physical Demands
- Subject to call back at all times.
- Required to sit for extended periods.
- Subject to standard office working conditions with intermittent exposure to noisy computer equipment.
- Ability to withstand occasionally stressful working conditions due to tight project schedules and hardware or software problems.
- Ability to understand complex verbal and written communications, and respond verbally or in writing as appropriate. Typical mediums of communication include face-to-face dialog, telephone, memos, and electronic mail.
- Ability to read and understand technical manuals and other documentation to determine correct action, safety precautions, and other conditions of proper hardware and software operation.
- Ability to work varying hours due to the accessibility of individuals or equipment involved in different projects, the need to minimize system downtime or user interruption, or to recover from hardware or software failures.
- The physical requirements of this position are: ability to occasionally lift and/or move equipment up to 25 pounds without assistance. Must occasionally lift and/or move equipment up to 40 pounds with assistance.
- Ability to occasionally crouch, kneel, bend and/or crawl to access, inspect, connect, position or perform other operations on equipment. Some locations, such as user or equipment locations, may present very close quarters.
- Subject to regular periods of repetitive hand motion in the operation of computer terminals and other equipment.
- Must be able to travel to any area of the MH organization, both local and remote as needed. Must provide own transportation.
Our Associates are passionate about what they do, the service they provide and the patients they serve. We value family, team and a Power of One culture that requires commitment to the highest standards of care and unity.
Boasting one of the South's largest medical centers, Memphis blends a friendly community, a thriving and growing downtown, and a low cost of living. We see each day as a new opportunity to make a difference in the lives of the people in our community.