Technology Risk Analyst
VillageMD collaborates with primary care physicians to maximize success in a changing health care environment. VillageMD is a leading provider of healthcare for organizations moving toward a primary care-led, high-value clinical model. The VillageMD solution provides the tools, technology, operations, and staffing support needed for physicians to drive the highest quality clinical results across a population. VillageMD works with physician groups, independent practice associations, and health systems to improve quality, deliver a first-rate patient experience, and lower costs in the communities they serve.
Technology Risk at VillageMD supports IT Risk Management activities across the organization. Our technology risk program involves reviewing and assessing risks to its assets, designing appropriate process controls, selecting technology to support control implementation, and monitoring the implementation and effectiveness of technical and administrative controls within the organization.
What are examples of work that Technology Risk Analysts have done at VillageMD?
- Designed and implemented technology and process controls to maintain acceptable risk thresholds.
- Advised software architects, database administrators, and developers on appropriate practices to comply with VillageMD controls, policies, and procedures.
- Performed audits of processes and system configurations to verify compliance with VillageMD controls.
- Completed business impact assessments for technology assets and supporting processes.
- Supported business analyst functions within the markets by providing technology risk consultation and assessment.
What will make you successful here?
- A real passion for problem solving and learning new technology
- Vision to balance speed and maintainability in solution design
- Strong analytical and technical skills
- The ability to handle multiple, concurrent projects in a fast-paced environment
- Excellent ability to craft and implement requirements, keep projects on track, and engage partners
- Understanding of technical writing to support drafting technical policies and procedures
- Challenging the status quo to improve our processes and tools
- Communicate complex technical details in meaningful business context
- A low ego and humility; an ability to gain trust by doing what you say you will do
- A very strong customer focus with a passion for success and excitement for adding value through technology
- Exceptional interpersonal and written and verbal communication skills
- Demonstrated experience working closely with customers to build relationships
What you might do in your first year:
- Research and keep up to date on technology trends, specifically cybersecurity products and changing trends to healthcare technology that would impact VillageMD’s risk posture.
- Maintain awareness of emerging threats and advising the organization on any required response.
- Manage audit findings and remediation activities in support of HITRUST CSF
- Monitor vendor agreements and perform due diligence as needed based upon risk posture.
- Support incident assessment, tracking, and follow-up.
- Support development and maintenance of workforce information security awareness program.
- Participate in the IT risk assessment process and development of the audit plan for assigned entities.
The following experience is relevant to us:
- Experience performing IT risk assessments within a large, geographically distributed company
- Prior involvement with designing and testing controls to manage risk
- Knowledge of cloud-based solutions and architectures
- Device configuration reviews including network components and server operating systems
- Log analysis for the purposes of information security control testing and monitoring
- Familiarity with an industry common framework for control implementation such as NIST CSF or ISO 2001/2
- Implementing or reviewing systems for compliance against security certifications such as PCI or HITRUST
- Experience in a consulting environment providing IT risk management capabilities, vulnerability testing, and audit services is preferred but not required
- Healthcare experience is preferred but not required
- Demonstrated experience developing, or overseeing the development of, IT Principles, Policies, Standards, and Guidelines
- Familiarity with the use and management of GRC tools
- Current or prior PCI QSA or HITRUST Practitioner designation is preferred but not required
- Knowledge of laws, regulations, and standards relevant to the healthcare industry
At VillageMD, we see diversity and inclusion as a source of strength in transforming healthcare. We believe building trust and innovation are best achieved through diverse perspectives. To us, acceptance and respect are rooted in an understanding that people do not experience things in the same way, including our healthcare system. Individuals seeking employment at VillageMD are considered without regard to race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.