Information Security Engineer jobs at Sanford Health - 294 jobs

**Careers With Purpose** **Sanford Health is one of the largest and fastest-growing not-for-profit health systems in the United States. We're proud to offer many development and advancement opportunities to our nearly 50,000 members of the Sanford Family who are dedicated to the work of health and healing across our broad footprint.** **Facility:** Bismarck Business Center **Location:** Bismarck, ND **Address:** 3451 N 14th St, Bismarck, ND 58503, USA **Shift:** 8 Hours - Day Shifts **Job Schedule:** Full time **Weekly Hours:** 40.00 **Salary Range:** $43.00 - $71.00 **Pay Info:** Pay starts at $43 and increases according to years of applicable experience. **Department Details** Lead day-to-day vulnerability operations (scan scheduling, authenticated coverage, agent health) and engineer improvements across tooling workflows. Develop and mature the Vulnerability Management program: define SLAs, priorities, exception guardrails, and reporting; design playbooks for zero-day/KEV response. Drive remediation campaigns with asset owners; convert findings into work items with clear scope, owners, and due dates; track to closure. Partner with Technology Solutions teams to reduce exposure footprint (consult on configuration baselines, conditional access, system hardening). Produce executive metrics and service reporting (exposure trends, SLA compliance, coverage, time-to-remediate). Project management exposure preferred (owning cross-team initiatives, roadmaps, and deliverables). **Job Summary** Responsible for the technical and operational delivery of enterprise cybersecurity; focusing on the development and implementation of processes and tools that support Vulnerability Management threat prevention, threat hunting, vulnerability assessments, and incident response. Also responsible for minimizing identified threats and risks to the organization through collaboration with other Information Security and Sanford technological groups. Perform and coordinate, with other team members, real-time and forensic log and EDR monitoring and analysis to provide network, data, and asset security for Sanford Health. Complete, configure, and tune vulnerability assessments and report results to application and asset owners. Provide consulting services to owners relating to response activities. Perform, lead, and coordinate on Incident Response activities including the collection, preservation, and interpretation of digital evidence. Build, administer, and support the IS Vulnerability Management tools, processes, and services. Identify and complete improvements and metrics to Vulnerability Management processes and services. Manage the IS Vulnerability Management ticket queue. Prioritize and complete tickets according to impact to Sanford Health business functions. Provide security consulting services to other Sanford Health groups. Mentor other Vulnerability Management team members on tools, processes, and Sanford Health areas. Coordinate and participate in activities with other IT Security groups by providing aid and consulting when needed. Works under limited guidance due to previous experience/breadth of knowledge of processes and organizational knowledge. Acts independently to determine methods and procedures on new assignments. Regularly presented with new assignments and projects that require the application of independent judgement/interpretation of policies/practices. Checks own work and the work of other team members. **Qualifications** Bachelor's degree required, in lieu of education, leadership may consider an Associates degree plus 3 years of applicable experience in computer science, cyber security or an information technology related field. Minimum of 4 years' experience working in Cyber Security required. Advanced security training is desired. Strong working knowledge of the information security standards and procedures including HIPAA and PCI. Security Certifications are desired. **Benefits** Sanford Health offers an attractive benefits package for qualifying full-time and part-time employees. Depending on eligibility, a variety of benefits include health insurance, dental insurance, vision insurance, life insurance, a 401(k) retirement plan, work/life balance benefits, and a generous time off package to maintain a healthy home-work balance. For more information about Total Rewards, visit *********************************** . Sanford is an EEO/AA Employer M/F/Disability/Vet. If you are an individual with a disability and would like to request an accommodation for help with your online application, please call ************** or send an email to ************************ . Sanford Health has a Drug Free Workplace Policy. An accepted offer will require a drug screen and pre-employment background screening as a condition of employment. **Req Number:** R-0232476 **Job Function:** Information Technology **Featured:** No

We are seeking a Senior Security Analyst to join our team at Independent Living Systems (ILS). ILS, along with its affiliated health plans known as Florida Community Care and Florida Complete Care, is committed to promoting a higher quality of life and maximizing independence for all vulnerable populations. About the Role: The Senior Security Analyst plays a critical role in safeguarding the organization's information systems and digital assets by proactively identifying, analyzing, and mitigating security threats. This position is responsible for leading advanced security investigations, managing incident response activities, and ensuring compliance with industry standards and regulatory requirements. The role requires collaboration with cross-functional teams to design and implement robust security controls and to continuously improve the organization's security posture. The Senior Security Analyst will also mentor junior team members and contribute to the development of security policies and procedures. Ultimately, this role ensures the confidentiality, integrity, and availability of sensitive data while supporting business objectives through effective risk management. Minimum Qualifications: Bachelor's degree in Computer Science, Information Security, or a related field. 5+ years of experience in information security or cybersecurity roles. Strong knowledge of security frameworks such as NIST, ISO 27001, or CIS Controls. Experience with security monitoring tools such as SIEM, IDS/IPS, and endpoint protection platforms. Proven ability to conduct incident response and forensic investigations. Relevant experience may substitute for the educational requirement on a year-for-year basis. Preferred Qualifications: Master's degree in computer science, Information Security, or a related field. Professional certifications such as CISSP, CISM, GIAC, CISA, CRISC Knowledge of regulatory requirements such as GDPR, HIPAA, or PCI-DSS. Framework & compliance expertise in SOC 2 / SSAE 18, evidence collection, testing, control mapping Audit / GRC tooling, Evidence workflows, issue tracking, remediation validation Responsibilities: Monitor security alerts and analyze potential threats using advanced security tools and techniques. Lead incident response efforts, including investigation, containment, eradication, and recovery from security breaches. Conduct vulnerability assessments and penetration testing to identify and remediate security weaknesses. Develop and maintain security documentation, including policies, procedures, and incident reports. Collaborate with IT, compliance, and business units to implement security best practices and ensure regulatory compliance. Provide mentorship and guidance to junior security analysts and other team members. Stay current with emerging security threats, technologies, and industry trends to proactively enhance security measures.

The IT Cloud Engineer - Security provides the vision, strategy, functionality, and technology solutions for creating and maintaining security system and solutions for both public and private cloud infrastructure-based solutions. This position collaborates with the Information Technology teams to lead the organization toward the deployment of technologies which focus on the trust, risk, and security management of the company environment. These may include PaaS, SaaS, hosted, and on-premises solutions - allowing for flexible, secure, on-demand cloud-like functionality and services while endeavoring to provide resiliency and achieve cost reduction, while maintaining a highly secure and flexible environment. Essential Accountabilities: Level I • Enforces and integrates security solutions, tools, and appropriate controls to align to security policies, standards, and procedures. • Stays current with leading security technologies, standards, and best practices as well as cyber threat landscape and evolving mitigation approaches and techniques. • Acts as a high-level escalation tier for operational support in assigned technical areas. • Conducts proof-of-concept testing in a lab environment. • Creates, updates, and maintains supporting documentation for technology standards. • Designs and deploys security solutions to support and ensure alignment with business requirements. • Works with technology vendors and technical subject matter expert (SME) to produce corporate standards with regards to assigned technology areas. • Collaborates and/or leads engineering solutions, integrating multiple systems and/or technologies. • Consistently demonstrates high standards of integrity by supporting the Lifetime Healthcare Companies' mission and values, adhering to the Corporate Code of Conduct, and leading to the Lifetime Way values and beliefs. • Maintains high regard for member privacy in accordance with the corporate privacy policies and procedures. • Regular and reliable attendance is expected and required. Performs other functions as assigned by management. Level II (In addition to Level I responsibilities): • Acts as a primary engineer for assigned technology areas maintaining highly performant and optimized infrastructure environment. • Researches technologies and perform analysis that significantly contributes to budget and expenditures for assigned technology areas. • Collaborates and participates in the development and execution enterprise strategy in the assigned technology area. • Assists in the RFI/RFP process. Level III (In addition to Level II responsibilities): • Research and recommended solution designs. Establishes business justifications for purchases made within assigned technology areas. • Significant contributor to automation workflows and focuses on automation for job-related tasks. • Performs system analysis and capacity planning of security assets. • Assists with mentoring of Level I and II Engineers. Level IV (In addition to level III responsibilities): • Acts as trusted advisor to the management team. • Emphasizes technology cost optimization when designing new solutions. • Leads business critical projects efforts for IT infrastructure. • Leads internal strategic efforts, collaborates, and mentors peers. Minimum Qualifications: NOTE: We include multiple levels of classification differentiated by demonstrated knowledge, skills, and the ability to manage increasingly independent and/or complex assignments, broader responsibility, additional decision making, and in some cases, becoming a resource to others. In addition to using this differentiated approach to place new hires, it also provides guideposts for employee development and promotional opportunities. Level I: • Four (4) years of related experience. • Associates degree in Computer Science, Information Technology, or related field In lieu of degree, three (3) years of related work experience required. Bachelor's degree preferred. • Intermediate knowledge of security, compliance, and audit policies/procedures. • Basic experience with research, design, and implementation in assigned technologies. • Basic infrastructure operations and infrastructure project delivery experience essential. • Basic scripting and automation experience. • Advanced communication skills. • Intermediate understanding of cloud computing infrastructure and concepts. • Intermediate knowledge of securing cloud and/or on-prem (i.e.: ability to secure disparate systems). • Intermediate ability to engineer and integrate new security designs with an emphasis on solutions that align with overall security strategy. • Demonstrates intermediate knowledge of a minimum of two (2) concepts and/or tools listed below: o Encryption o PKI o Network and application security, and related firewalls (Palo Alto Networks, Imperva, Azure, AWS, etc.) o Identity management (AD, Entra ID, conditional access, MFA, SSO, etc.) o Virus detection and end point security (Defender preferred) o Vulnerability scanner and pen testing tools (e.g., Rapid 7, Nessus, Nexpose, Metasploit, Appscan, Burp suite, Ida Pro etc.) o IDS/IPS and related tools. o Comprehensive Cloud security platform (Palo Alto Prisma) o Security logging and monitoring (SIEM e.g., ArcSight, Splunk, SolarWinds LEM, Azure Sentinel, AWS Guard Duty, etc.) o Common web application security vulnerabilities (e.g., OWASP) o Application security o Security architecture principals/concepts (i.e., Zero Trust) Level II (in addition to Level I qualifications): • Intermediate knowledge of security, compliance, and audit policies/procedures. • Intermediate knowledge of a minimum of three (3) concepts and/or tools listed above. • Intermediate Security operations and infrastructure project delivery experience. • Demonstrates intermediate technical documentation ability. • Intermediate experience with IT computing resource management and optimization. • Displays advanced business maturity and demonstrated confidentiality. • Intermediate knowledge of Disaster Recovery. Level III (in addition to Level II qualifications): • Advanced knowledge of a minimum of four (4) concepts and/or tools listed above. • Strategic vision in alignment with business objectives. • Intermediate scripting and automation experience preferred. Level IV (in addition to Level III qualifications): • Advanced knowledge of a minimum of five (5) concepts and/or tools listed above. • Demonstrated advanced competency in team leadership/technical leadership, facilitation, and project leadership. • Advanced understanding of Disaster Recovery procedures related to IT infrastructure. • Advanced knowledge of security, compliance, and audit policies/procedures. • Advanced scripting and automation experience. Physical Requirements: • Ability to travel across the Health Plan service region for meetings and/or trainings as needed. • Ability to work in a home office for continuous periods of time for business continuity. • Ability to provide on-call rotation support. ************ One Mission. One Vision. One I.D.E.A. One you. Together we can create a better I.D.E.A. for our communities. At the Lifetime Healthcare Companies, we're on a mission to make our communities healthier, and we can't do it without you. We know diversity helps fuel our mission and that's why we approach our work from an I.D.E.A. mindset (Inclusion, Diversity, Equity, and Access). By activating our employees' experiences, skills, and perspectives, we take action toward greater health equity. We aspire to reflect the communities we live in and serve, and strongly encourage people of color, LGBTQ+ people, people with disabilities, veterans, and other underrepresented groups to apply. OUR COMPANY CULTURE: Employees are united by our Lifetime Way Values & Behaviors that include compassion, pride, excellence, innovation and having fun! We aim to be an employer of choice by valuing workforce diversity, innovative thinking, employee development, and by offering competitive compensation and benefits. In support of the Americans with Disabilities Act, this job description lists only those responsibilities and qualifications deemed essential to the position. Equal Opportunity Employer Compensation Range(s): E9 - Minimum: 110,093 Midpoint: 154,130 Max: 198,168 The salary range indicated in this posting represents the minimum and maximum of the salary range for this position. Actual salary will vary depending on factors including, but not limited to, budget available, prior experience, knowledge, skill and education as they relate to the position's minimum qualifications, in addition to internal equity. The posted salary range reflects just one component of our total rewards package. Other components of the total rewards package may include participation in group health and/or dental insurance, retirement plan, wellness program, paid time away from work, and paid holidays. Please note: The opportunity for remote work may be possible for all jobs posted by the Univera Healthcare Talent Acquisition team. This decision is made on a case-by-case basis. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.

At Caris, we understand that cancer is an ugly word-a word no one wants to hear, but one that connects us all. That's why we're not just transforming cancer care-we're changing lives. We introduced precision medicine to the world and built an industry around the idea that every patient deserves answers as unique as their DNA. Backed by cutting-edge molecular science and AI, we ask ourselves every day: “What would I do if this patient were my mom?” That question drives everything we do. But our mission doesn't stop with cancer. We're pushing the frontiers of medicine and leading a revolution in healthcare-driven by innovation, compassion, and purpose. Join us in our mission to improve the human condition across multiple diseases. If you're passionate about meaningful work and want to be part of something bigger than yourself, Caris is where your impact begins. Position Summary The Information Security Engineer will be responsible for implementing, managing, and overseeing our organization's information security systems to safeguard our data, infrastructure, and assets from security threats. You will collaborate with cross-functional teams to ensure the security and integrity of our systems, networks, and applications. Job Responsibilities Work with InfoSec team on running regular scans using Rapid7 to identify vulnerabilities and assist with the implementation of recommended patches and remediations. Maintain an up-to-date understanding of emerging threats, vulnerabilities, and best practices. Participate in cybersecurity incident response activities and help manage the aftermath of security breaches or attacks. Utilize different tool for network traffic analysis to detect anomalies and potential threats. Assist in malware and virus detection, containment, eradication, and cleanup processes. Collaborate with business units to identify and prioritize critical assets and systems. Respond to social engineering attacks and contribute to the development of strategies to mitigate future risks. Assist teams with day-to-day InfoSec incoming tickets and resolving issues in a timely manner Develop and enforce security policies, standards, and procedures across the organization. Work with the Cloud (AWS/Azure) teams monitor different environments using different tools to ensure all systems operate securely and efficiently. Support the deployment and management of microservices architectures, including AWS EKS. Stay informed about the latest in generative AI technologies and their implications for cybersecurity. Required Qualifications High School Diploma. 3-4 years of experience in a cybersecurity role. Relevant certifications such as CISSP, CISM, CEH, or GIAC are highly desirable. Strong familiarity with Rapid7, Sentinal1, iBoss, QRadar, DLP, AWS Security tools, and Azure security components. Understanding of microservices architecture and container orchestration, preferably with AWS EKS. Knowledge of generative AI and its applications in enhancing cybersecurity defenses is a plus. Excellent problem-solving skills and the ability to work under pressure. Strong communication skills and the ability to work effectively in a team environment. Analytical skills to review complex reports for anomalies. Experience troubleshooting complex resource provisioning or security issues. Proficiency with general computer software. Conditions of Employment: Individuals must successfully complete pre-employment process, which includes criminal background check, drug screening, and reference verification. Preferred Qualifications Bachelor's Degree in an IT related discipline or additional equivalent experience. CISSP or equivalent certification is recommended. Strong attention to detail. Strong verbal and written communication skills. Experience with Python programming for security automation and scripting tasks. Communication - Proficient verbal and written communication skills. Willingness to share and receive information and ideas from all levels of the organization in order to achieve the desired results. Teamwork - Commitment to the successful achievement of team and organizational goals through a desire to participate with and help other members of the team. Customer Service Focus - Demonstrate a focus on listening to and understanding client/customer needs, and then exceeding service and quality expectations for a positive client/customer experience. Physical Demands Will work at a computer most of the time as well as need to keep inventory and ordering records requiring the use of copiers, fax machines, and scanners. Training All job specific, safety, and compliance training are assigned based on the job functions associated with this employee. Other Job may require after-hours response to emergency issues. Periodically scheduled on-call may require after-hours response for technical emergencies not explicitly related to assigned job responsibilities. Conditions of Employment: Individual must successfully complete pre-employment process, which includes criminal background check, drug screening, credit check ( applicable for certain positions) and reference verification. This reflects management's assignment of essential functions. Nothing in this job description restricts management's right to assign or reassign duties and responsibilities to this job at any time. Caris Life Sciences is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, religion, color, national origin, gender, gender identity, sexual orientation, age, status as a protected veteran, among other things, or status as a qualified individual with disability.

We anticipate the application window for this opening will close on - 23 Jan 2026 At Medtronic you can begin a life-long career of exploration and innovation, while helping champion healthcare access and equity for all. You'll lead with purpose, breaking down barriers to innovation in a more connected, compassionate world. A Day in the Life At Medtronic, we bring bold ideas forward with speed and decisiveness to put patients first in everything we do. In-person exchanges are invaluable to our work. We're working onsite 4 days a week as part of our commitment to fostering a culture of professional growth and cross-functional collaboration as we work together to engineer the extraordinary. In your role, you may work from the following Medtronic sites: * Mounds View, Minnesota • Boston, Massachusetts * Fridley, Minnesota (OHQ) • Lafayette, Colorado * Irvine, California (UCI) • Jacksonville, Florida * Rice Creek, Minnesota The Medtronic Global Cyber and Information Security Office (GCISO) is seeking a highly skilled and experienced Senior Cybersecurity Information Assurance Analyst to join our cybersecurity team. In this role, you will be responsible for leading the identification, assessment, and mitigation of cybersecurity risks across the organization. As a senior member of the team, you will provide expertise in risk management, compliance, and security strategy, while also playing a key role in driving initiatives to ensure the protection of sensitive data, particularly in a highly regulated healthcare environment. You will collaborate with cross-functional teams to evaluate and enhance our cybersecurity posture, ensuring adherence to relevant regulations such as HIPAA, GDPR, and other industry standards. We believe that when people from different cultures, genders, and points of view come together, innovation is the result -and everyone wins. Medtronic walks the walk, creating an inclusive culture where you can thrive. Our unwavering commitment to inclusion, diversity, and equity (ID&E) means zero barriers to opportunity within Medtronic and a culture where all employees belong, are respected, and feel valued for who they are and the life experiences they contribute. We know equity starts beyond our workplace, and we must play a role in addressing systemic inequities in our communications to achieve long-term sustainable impact. Anchored in our Mission, we continue to drive ID&E forward both to enhance the well-being of Medtronic employees and to accelerate innovation that brings our lifesaving technologies to more people in more places around the world. Bring your talents to an industry leader in medical technology and healthcare solutions - we're a market leader and growing every day. You can be proud to be a part of technologies that are rooted in our long history of mission-driven innovation. You will be empowered to shape your own career. We encourage and support your growth with the training, mentorship, and guidance you need to own your future success. Together, we can transform healthcare. Join us for a career in IT that changes lives. Medtronic is committed to fostering a diverse and inclusive culture. Check out the accomplishments of our Women in IT group! ******************************** At Medtronic, we bring bold ideas forward with speed and decisiveness to put patients first in everything we do. In-person exchanges are invaluable to our work. We're working a minimum of 4 days a week onsite as part of our commitment to fostering a culture of professional growth and cross-functional collaboration as we work together to engineer the extraordinary. Responsibilities may include the following and other duties may be assigned. * Defines requirements for business continuity, operations security, cryptography, forensics, regulatory compliance, internal counter-espionage (insider threat detection and mitigation), physical security analysis (including facilities analysis, and security management) to best protect company assets. * Assesses and mitigates system security threats and risks throughout the program life cycle. * Validates system security requirements definition and analysis. * Implements and validates security designs in hardware, software, data, and procedures. * Verifies security requirements; performs system certification and accreditation planning and testing and liaison activities. * Understanding of Identity, Lifecycle and Governance capabilities, intersection with other cyber security domains, products and industry practices. * Identify and assess cybersecurity risks through business analysis and propose solutions to mitigate those risks, contributing to overall business continuity and security resilience. * Demonstrated expertise in GRC frameworks and processes, including system selection, system administration, and supporting core GRC functions. Lead the design and implementation of process flows, ensuring alignment with business objectives. * Collaborate with teams across various departments, including IT, legal, compliance, and product security, to identify, assess, and mitigate cybersecurity risks across a broad range of products and services, ensuring security is integrated throughout the entire product lifecycle and operational processes. * Maintain up-to-date knowledge of cybersecurity regulations and standards specific to the medical device industry (FDA, HIPAA, IEC 62443, NIST, NIS 2, etc.). * Drive improvements in the GRC platform by automating workflows, integrating new tools, and optimizing risk management processes to increase operational efficiency and reduce manual effort. Minimum Requirements 4+ years of experience with a with a high school diploma or equivalent. NICE TO HAVE (Preferred Qualifications) * Previous Medtronic experience * 7+ years of experience in cybersecurity GRC (Governance, Risk, & Compliance), or external/internal audit, preferably within the medical device or healthcare industry. * Strong understanding of cybersecurity frameworks, regulatory requirements, risk management, and industry best practices (e.g., HIPAA, NIST, ISO 27001, GDPR, etc.). SKILLS & COMPETENCIES * Excellent communication and interpersonal skills, with the ability to interact effectively with both technical and non-technical stakeholders. * Ability to think critically and strategically about risk management and how technology, process improvements, and automation can help the organization proactively address cybersecurity risks. * Excellent presentation skills with the ability to communicate complex risk management concepts clearly to executive-level audiences, translating technical details into actionable insights for senior leadership. RISK MANAGEMENT EXPERIENCE * Minimum 5 years of experience executing key risk management activities, including conducting risk assessments using various quantitative and qualitative methodologies, such as the FAIR model (Factor Analysis of Information Risk), ensuring a deep understanding of risk analysis methodologies. * At least 3 years of active participation in the design and implementation of at least 2 comprehensive risk management programs (e.g., risk assessments, regulatory assessments) within a large, complex organization, including hands-on experience with program execution and improvement. * Proven expertise in process design and improvement related to risk management frameworks and methodologies, ensuring effective risk mitigation strategies are incorporated into operational processes. * Experience conducting NIST risk assessments (e.g., NIST CSF, NIST 800-53) and applying their standards and recommendations to improve organizational cybersecurity postures. * Strong knowledge of regulatory changes and trends impacting IT risk assessments, including compliance requirements such as GDPR, HIPAA, and others, ensuring risk management strategies align with the latest regulatory standards. * Knowledge of Operational Technology (OT) risk management is a plus, with the ability to assess risks related to OT environments and integrate them into overall IT risk strategies. * Minimum 3 years of experience evaluating technical design documents for systems or environments to assess associated risks, including reviewing architectural, infrastructure, and application designs for security and operational risk vulnerabilities. TECHNICAL EXPERTISE * Familiarity with GRC tools such as ServiceNow, LogicGate, or OneTrust * Strong understanding of technical infrastructure, including networks, cloud environments, endpoints, and medical device systems. * Experience with system integration and data flow analysis within GRC tools, ideally leveraging APIs and other automation technologies to improve operational efficiencies. CERTIFICATIONS * Certified Information Systems Security Professional (CISSP). * Certified in Risk and Information Systems Control (CRISC). * Certified Information Security Auditor (CISA). Physical Job Requirements The above statements are intended to describe the general nature and level of work being performed by employees assigned to this position, but they are not an exhaustive list of all the required responsibilities and skills of this position. The physical demands described within the Responsibilities section of this job description are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. For Office Roles: While performing the duties of this job, the employee is regularly required to be independently mobile. The employee is also required to interact with a computer, and communicate with peers and co-workers. Contact your manager or local HR to understand the Work Conditions and Physical requirements that may be specific to each role. Benefits & Compensation Medtronic offers a competitive Salary and flexible Benefits Package A commitment to our employees lives at the core of our values. We recognize their contributions. They share in the success they help to create. We offer a wide range of benefits, resources, and competitive compensation plans designed to support you at every career and life stage. Salary ranges for U.S (excl. PR) locations (USD):$104,000.00 - $156,000.00 This position is eligible for a short-term incentive called the Medtronic Incentive Plan (MIP). The base salary range is applicable across the United States, excluding Puerto Rico and specific locations in California. The offered rate complies with federal and local regulations and may vary based on factors such as experience, certification/education, market conditions, and location. Compensation and benefits information pertains solely to candidates hired within the United States (local market compensation and benefits will apply for others). The following benefits and additional compensation are available to those regular employees who work 20+ hours per week: Health, Dental and vision insurance, Health Savings Account, Healthcare Flexible Spending Account, Life insurance, Long-term disability leave, Dependent daycare spending account, Tuition assistance/reimbursement, and Simple Steps (global well-being program). The following benefits and additional compensation are available to all regular employees: Incentive plans, 401(k) plan plus employer contribution and match, Short-term disability, Paid time off, Paid holidays, Employee Stock Purchase Plan, Employee Assistance Program, Non-qualified Retirement Plan Supplement (subject to IRS earning minimums), and Capital Accumulation Plan (available to Vice Presidents and above, or subject to IRS earning minimums). Regular employees are those who are not temporary, such as interns. Temporary employees are eligible for paid sick time, as required under applicable state law, and the Employee Stock Purchase Plan. Please note some of the above benefits may not apply to workers in Puerto Rico. Further details are available at the link below: Medtronic benefits and compensation plans About Medtronic We lead global healthcare technology and boldly attack the most challenging health problems facing humanity by searching out and finding solutions. Our Mission - to alleviate pain, restore health, and extend life - unites a global team of 95,000+ passionate people. We are engineers at heart- putting ambitious ideas to work to generate real solutions for real people. From the R&D lab, to the factory floor, to the conference room, every one of us experiments, creates, builds, improves and solves. We have the talent, diverse perspectives, and guts to engineer the extraordinary. Learn more about our business, mission, and our commitment to diversity here. It is the policy of Medtronic to provide equal employment opportunity (EEO) to all persons regardless of age, color, national origin, citizenship status, physical or mental disability, race, religion, creed, gender, sex, sexual orientation, gender identity and/or expression, genetic information, marital status, status with regard to public assistance, veteran status, or any other characteristic protected by federal, state or local law. In addition, Medtronic will provide reasonable accommodations for qualified individuals with disabilities. If you are applying to perform work for Medtronic, Inc. ("Medtronic") in any position which will involve performing at least two (2) hours of work on average each week within the unincorporated areas of Los Angeles County, you can find here a list of all material job duties of the specific job position which Medtronic reasonably believes that criminal history may have a direct, adverse and negative relationship potentially resulting in the withdrawal of a conditional offer of employment. Medtronic will consider for employment qualified job applicants with arrest or conviction records in accordance with the Los Angeles County Fair Chance Ordinance for Employers and the California Fair Chance Act.

We anticipate the application window for this opening will close on - 23 Jan 2026 At Medtronic you can begin a life-long career of exploration and innovation, while helping champion healthcare access and equity for all. You'll lead with purpose, breaking down barriers to innovation in a more connected, compassionate world. A Day in the Life At Medtronic, we bring bold ideas forward with speed and decisiveness to put patients first in everything we do. In-person exchanges are invaluable to our work. We're working onsite 4 days a week as part of our commitment to fostering a culture of professional growth and cross-functional collaboration as we work together to engineer the extraordinary. In your role, you may work from the following Medtronic sites: * Mounds View, Minnesota • Boston, Massachusetts * Fridley, Minnesota (OHQ) • Lafayette, Colorado * Irvine, California (UCI) • Jacksonville, Florida * Rice Creek, Minnesota The Medtronic Global Cyber and Information Security Office (GCISO) is seeking a highly skilled and experienced Senior Cybersecurity Information Assurance Analyst to join our cybersecurity team. In this role, you will be responsible for leading the identification, assessment, and mitigation of cybersecurity risks across the organization. As a senior member of the team, you will provide expertise in risk management, compliance, and security strategy, while also playing a key role in driving initiatives to ensure the protection of sensitive data, particularly in a highly regulated healthcare environment. You will collaborate with cross-functional teams to evaluate and enhance our cybersecurity posture, ensuring adherence to relevant regulations such as HIPAA, GDPR, and other industry standards. We believe that when people from different cultures, genders, and points of view come together, innovation is the result -and everyone wins. Medtronic walks the walk, creating an inclusive culture where you can thrive. Our unwavering commitment to inclusion, diversity, and equity (ID&E) means zero barriers to opportunity within Medtronic and a culture where all employees belong, are respected, and feel valued for who they are and the life experiences they contribute. We know equity starts beyond our workplace, and we must play a role in addressing systemic inequities in our communications to achieve long-term sustainable impact. Anchored in our Mission, we continue to drive ID&E forward both to enhance the well-being of Medtronic employees and to accelerate innovation that brings our lifesaving technologies to more people in more places around the world. Bring your talents to an industry leader in medical technology and healthcare solutions - we're a market leader and growing every day. You can be proud to be a part of technologies that are rooted in our long history of mission-driven innovation. You will be empowered to shape your own career. We encourage and support your growth with the training, mentorship, and guidance you need to own your future success. Together, we can transform healthcare. Join us for a career in IT that changes lives. Medtronic is committed to fostering a diverse and inclusive culture. Check out the accomplishments of our Women in IT group! ******************************** At Medtronic, we bring bold ideas forward with speed and decisiveness to put patients first in everything we do. In-person exchanges are invaluable to our work. We're working a minimum of 4 days a week onsite as part of our commitment to fostering a culture of professional growth and cross-functional collaboration as we work together to engineer the extraordinary. Responsibilities may include the following and other duties may be assigned. * Defines requirements for business continuity, operations security, cryptography, forensics, regulatory compliance, internal counter-espionage (insider threat detection and mitigation), physical security analysis (including facilities analysis, and security management) to best protect company assets. * Assesses and mitigates system security threats and risks throughout the program life cycle. * Validates system security requirements definition and analysis. * Implements and validates security designs in hardware, software, data, and procedures. * Verifies security requirements; performs system certification and accreditation planning and testing and liaison activities. * Understanding of Identity, Lifecycle and Governance capabilities, intersection with other cyber security domains, products and industry practices. * Identify and assess cybersecurity risks through business analysis and propose solutions to mitigate those risks, contributing to overall business continuity and security resilience. * Demonstrated expertise in GRC frameworks and processes, including system selection, system administration, and supporting core GRC functions. Lead the design and implementation of process flows, ensuring alignment with business objectives. * Collaborate with teams across various departments, including IT, legal, compliance, and product security, to identify, assess, and mitigate cybersecurity risks across a broad range of products and services, ensuring security is integrated throughout the entire product lifecycle and operational processes. * Maintain up-to-date knowledge of cybersecurity regulations and standards specific to the medical device industry (FDA, HIPAA, IEC 62443, NIST, NIS 2, etc.). * Drive improvements in the GRC platform by automating workflows, integrating new tools, and optimizing risk management processes to increase operational efficiency and reduce manual effort. Minimum Requirements 4+ years of experience with a with a high school diploma or equivalent. NICE TO HAVE (Preferred Qualifications) * Previous Medtronic experience * 7+ years of experience in cybersecurity GRC (Governance, Risk, & Compliance), or external/internal audit, preferably within the medical device or healthcare industry. * Strong understanding of cybersecurity frameworks, regulatory requirements, risk management, and industry best practices (e.g., HIPAA, NIST, ISO 27001, GDPR, etc.). SKILLS & COMPETENCIES * Excellent communication and interpersonal skills, with the ability to interact effectively with both technical and non-technical stakeholders. * Ability to think critically and strategically about risk management and how technology, process improvements, and automation can help the organization proactively address cybersecurity risks. * Excellent presentation skills with the ability to communicate complex risk management concepts clearly to executive-level audiences, translating technical details into actionable insights for senior leadership. RISK MANAGEMENT EXPERIENCE * Minimum 5 years of experience executing key risk management activities, including conducting risk assessments using various quantitative and qualitative methodologies, such as the FAIR model (Factor Analysis of Information Risk), ensuring a deep understanding of risk analysis methodologies. * At least 3 years of active participation in the design and implementation of at least 2 comprehensive risk management programs (e.g., risk assessments, regulatory assessments) within a large, complex organization, including hands-on experience with program execution and improvement. * Proven expertise in process design and improvement related to risk management frameworks and methodologies, ensuring effective risk mitigation strategies are incorporated into operational processes. * Experience conducting NIST risk assessments (e.g., NIST CSF, NIST 800-53) and applying their standards and recommendations to improve organizational cybersecurity postures. * Strong knowledge of regulatory changes and trends impacting IT risk assessments, including compliance requirements such as GDPR, HIPAA, and others, ensuring risk management strategies align with the latest regulatory standards. * Knowledge of Operational Technology (OT) risk management is a plus, with the ability to assess risks related to OT environments and integrate them into overall IT risk strategies. * Minimum 3 years of experience evaluating technical design documents for systems or environments to assess associated risks, including reviewing architectural, infrastructure, and application designs for security and operational risk vulnerabilities. TECHNICAL EXPERTISE * Familiarity with GRC tools such as ServiceNow, LogicGate, or OneTrust * Strong understanding of technical infrastructure, including networks, cloud environments, endpoints, and medical device systems. * Experience with system integration and data flow analysis within GRC tools, ideally leveraging APIs and other automation technologies to improve operational efficiencies. CERTIFICATIONS * Certified Information Systems Security Professional (CISSP). * Certified in Risk and Information Systems Control (CRISC). * Certified Information Security Auditor (CISA). Physical Job Requirements The above statements are intended to describe the general nature and level of work being performed by employees assigned to this position, but they are not an exhaustive list of all the required responsibilities and skills of this position. The physical demands described within the Responsibilities section of this job description are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. For Office Roles: While performing the duties of this job, the employee is regularly required to be independently mobile. The employee is also required to interact with a computer, and communicate with peers and co-workers. Contact your manager or local HR to understand the Work Conditions and Physical requirements that may be specific to each role. Benefits & Compensation Medtronic offers a competitive Salary and flexible Benefits Package A commitment to our employees lives at the core of our values. We recognize their contributions. They share in the success they help to create. We offer a wide range of benefits, resources, and competitive compensation plans designed to support you at every career and life stage. Salary ranges for U.S (excl. PR) locations (USD):$104,000.00 - $156,000.00 This position is eligible for a short-term incentive called the Medtronic Incentive Plan (MIP). The base salary range is applicable across the United States, excluding Puerto Rico and specific locations in California. The offered rate complies with federal and local regulations and may vary based on factors such as experience, certification/education, market conditions, and location. Compensation and benefits information pertains solely to candidates hired within the United States (local market compensation and benefits will apply for others). The following benefits and additional compensation are available to those regular employees who work 20+ hours per week: Health, Dental and vision insurance, Health Savings Account, Healthcare Flexible Spending Account, Life insurance, Long-term disability leave, Dependent daycare spending account, Tuition assistance/reimbursement, and Simple Steps (global well-being program). The following benefits and additional compensation are available to all regular employees: Incentive plans, 401(k) plan plus employer contribution and match, Short-term disability, Paid time off, Paid holidays, Employee Stock Purchase Plan, Employee Assistance Program, Non-qualified Retirement Plan Supplement (subject to IRS earning minimums), and Capital Accumulation Plan (available to Vice Presidents and above, or subject to IRS earning minimums). Regular employees are those who are not temporary, such as interns. Temporary employees are eligible for paid sick time, as required under applicable state law, and the Employee Stock Purchase Plan. Please note some of the above benefits may not apply to workers in Puerto Rico. Further details are available at the link below: Medtronic benefits and compensation plans About Medtronic We lead global healthcare technology and boldly attack the most challenging health problems facing humanity by searching out and finding solutions. Our Mission - to alleviate pain, restore health, and extend life - unites a global team of 95,000+ passionate people. We are engineers at heart- putting ambitious ideas to work to generate real solutions for real people. From the R&D lab, to the factory floor, to the conference room, every one of us experiments, creates, builds, improves and solves. We have the talent, diverse perspectives, and guts to engineer the extraordinary. Learn more about our business, mission, and our commitment to diversity here. It is the policy of Medtronic to provide equal employment opportunity (EEO) to all persons regardless of age, color, national origin, citizenship status, physical or mental disability, race, religion, creed, gender, sex, sexual orientation, gender identity and/or expression, genetic information, marital status, status with regard to public assistance, veteran status, or any other characteristic protected by federal, state or local law. In addition, Medtronic will provide reasonable accommodations for qualified individuals with disabilities. If you are applying to perform work for Medtronic, Inc. ("Medtronic") in any position which will involve performing at least two (2) hours of work on average each week within the unincorporated areas of Los Angeles County, you can find here a list of all material job duties of the specific job position which Medtronic reasonably believes that criminal history may have a direct, adverse and negative relationship potentially resulting in the withdrawal of a conditional offer of employment. Medtronic will consider for employment qualified job applicants with arrest or conviction records in accordance with the Los Angeles County Fair Chance Ordinance for Employers and the California Fair Chance Act.

We anticipate the application window for this opening will close on - 23 Jan 2026 At Medtronic you can begin a life-long career of exploration and innovation, while helping champion healthcare access and equity for all. You'll lead with purpose, breaking down barriers to innovation in a more connected, compassionate world. **A Day in the Life** At Medtronic, we bring bold ideas forward with speed and decisiveness to put patients first in everything we do. In-person exchanges are invaluable to our work. We're working onsite 4 days a week as part of our commitment to fostering a culture of professional growth and cross-functional collaboration as we work together to engineer the extraordinary. In your role, you may work from the following Medtronic sites: - Mounds View, Minnesota - Boston, Massachusetts - Fridley, Minnesota (OHQ) - Lafayette, Colorado - Irvine, California (UCI) - Jacksonville, Florida - Rice Creek, Minnesota The Medtronic Global Cyber and Information Security Office (GCISO) is seeking a highly skilled and experienced Senior Cybersecurity Information Assurance Analyst to join our cybersecurity team. In this role, you will be responsible for leading the identification, assessment, and mitigation of cybersecurity risks across the organization. As a senior member of the team, you will provide expertise in risk management, compliance, and security strategy, while also playing a key role in driving initiatives to ensure the protection of sensitive data, particularly in a highly regulated healthcare environment. You will collaborate with cross-functional teams to evaluate and enhance our cybersecurity posture, ensuring adherence to relevant regulations such as HIPAA, GDPR, and other industry standards. We believe that when people from different cultures, genders, and points of view come together, innovation is the result -and everyone wins. Medtronic walks the walk, creating an inclusive culture where you can thrive. Our unwavering commitment to inclusion, diversity, and equity (ID&E) means zero barriers to opportunity within Medtronic and a culture where all employees belong, are respected, and feel valued for who they are and the life experiences they contribute. We know equity starts beyond our workplace, and we must play a role in addressing systemic inequities in our communications to achieve long-term sustainable impact. Anchored in our Mission, we continue to drive ID&E forward both to enhance the well-being of Medtronic employees and to accelerate innovation that brings our lifesaving technologies to more people in more places around the world. Bring your talents to an industry leader in medical technology and healthcare solutions - we're a market leader and growing every day. You can be proud to be a part of technologies that are rooted in our long history of mission-driven innovation. You will be empowered to shape your own career. We encourage and support your growth with the training, mentorship, and guidance you need to own your future success. Together, we can transform healthcare. Join us for a career in IT that changes lives. Medtronic is committed to fostering a diverse and inclusive culture. Check out the accomplishments of our Women in IT group! ******************************** At Medtronic, we bring bold ideas forward with speed and decisiveness to put patients first in everything we do. In-person exchanges are invaluable to our work. We're working a minimum of 4 days a week onsite as part of our commitment to fostering a culture of professional growth and cross-functional collaboration as we work together to engineer the extraordinary. Responsibilities may include the following and other duties may be assigned. + Defines requirements for business continuity, operations security, cryptography, forensics, regulatory compliance, internal counter-espionage (insider threat detection and mitigation), physical security analysis (including facilities analysis, and security management) to best protect company assets. + Assesses and mitigates system security threats and risks throughout the program life cycle. + Validates system security requirements definition and analysis. + Implements and validates security designs in hardware, software, data, and procedures. + Verifies security requirements; performs system certification and accreditation planning and testing and liaison activities. + Understanding of Identity, Lifecycle and Governance capabilities, intersection with other cyber security domains, products and industry practices. + Identify and assess cybersecurity risks through business analysis and propose solutions to mitigate those risks, contributing to overall business continuity and security resilience. + Demonstrated expertise in GRC frameworks and processes, including system selection, system administration, and supporting core GRC functions. Lead the design and implementation of process flows, ensuring alignment with business objectives. + Collaborate with teams across various departments, including IT, legal, compliance, and product security, to identify, assess, and mitigate cybersecurity risks across a broad range of products and services, ensuring security is integrated throughout the entire product lifecycle and operational processes. + Maintain up-to-date knowledge of cybersecurity regulations and standards specific to the medical device industry (FDA, HIPAA, IEC 62443, NIST, NIS 2, etc.). + Drive improvements in the GRC platform by automating workflows, integrating new tools, and optimizing risk management processes to increase operational efficiency and reduce manual effort. **Minimum Requirements** **4+ years of experience with a with a high school diploma or equivalent.** **NICE TO HAVE** (Preferred Qualifications) + Previous Medtronic experience + 7+ years of experience in cybersecurity GRC (Governance, Risk, & Compliance), or external/internal audit, preferably within the medical device or healthcare industry. + Strong understanding of cybersecurity frameworks, regulatory requirements, risk management, and industry best practices (e.g., HIPAA, NIST, ISO 27001, GDPR, etc.). SKILLS & COMPETENCIES + Excellent communication and interpersonal skills, with the ability to interact effectively with both technical and non-technical stakeholders. + Ability to think critically and strategically about risk management and how technology, process improvements, and automation can help the organization proactively address cybersecurity risks. + Excellent presentation skills with the ability to communicate complex risk management concepts clearly to executive-level audiences, translating technical details into actionable insights for senior leadership. RISK MANAGEMENT EXPERIENCE + Minimum 5 years of experience executing key risk management activities, including conducting risk assessments using various quantitative and qualitative methodologies, such as the FAIR model (Factor Analysis of Information Risk), ensuring a deep understanding of risk analysis methodologies. + At least 3 years of active participation in the design and implementation of at least 2 comprehensive risk management programs (e.g., risk assessments, regulatory assessments) within a large, complex organization, including hands-on experience with program execution and improvement. + Proven expertise in process design and improvement related to risk management frameworks and methodologies, ensuring effective risk mitigation strategies are incorporated into operational processes. + Experience conducting NIST risk assessments (e.g., NIST CSF, NIST 800-53) and applying their standards and recommendations to improve organizational cybersecurity postures. + Strong knowledge of regulatory changes and trends impacting IT risk assessments, including compliance requirements such as GDPR, HIPAA, and others, ensuring risk management strategies align with the latest regulatory standards. + Knowledge of Operational Technology (OT) risk management is a plus, with the ability to assess risks related to OT environments and integrate them into overall IT risk strategies. + Minimum 3 years of experience evaluating technical design documents for systems or environments to assess associated risks, including reviewing architectural, infrastructure, and application designs for security and operational risk vulnerabilities. TECHNICAL EXPERTISE + Familiarity with GRC tools such as ServiceNow, LogicGate, or OneTrust + Strong understanding of technical infrastructure, including networks, cloud environments, endpoints, and medical device systems. + Experience with system integration and data flow analysis within GRC tools, ideally leveraging APIs and other automation technologies to improve operational efficiencies. CERTIFICATIONS + Certified Information Systems Security Professional (CISSP). + Certified in Risk and Information Systems Control (CRISC). + Certified Information Security Auditor (CISA). **Physical Job Requirements** The above statements are intended to describe the general nature and level of work being performed by employees assigned to this position, but they are not an exhaustive list of all the required responsibilities and skills of this position. The physical demands described within the Responsibilities section of this job description are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. For Office Roles: While performing the duties of this job, the employee is regularly required to be independently mobile. The employee is also required to interact with a computer, and communicate with peers and co-workers. Contact your manager or local HR to understand the Work Conditions and Physical requirements that may be specific to each role. **Benefits & Compensation** **Medtronic offers a competitive Salary and flexible Benefits Package** A commitment to our employees lives at the core of our values. We recognize their contributions. They share in the success they help to create. We offer a wide range of benefits, resources, and competitive compensation plans designed to support you at every career and life stage. Salary ranges for U.S (excl. PR) locations (USD):$104,000.00 - $156,000.00 This position is eligible for a short-term incentive called the Medtronic Incentive Plan (MIP). The base salary range is applicable across the United States, excluding Puerto Rico and specific locations in California. The offered rate complies with federal and local regulations and may vary based on factors such as experience, certification/education, market conditions, and location. Compensation and benefits information pertains solely to candidates hired within the United States (local market compensation and benefits will apply for others). The following benefits and additional compensation are available to those regular employees who work 20+ hours per week: Health, Dental and vision insurance, Health Savings Account, Healthcare Flexible Spending Account, Life insurance, Long-term disability leave, Dependent daycare spending account, Tuition assistance/reimbursement, and Simple Steps (global well-being program). The following benefits and additional compensation are available to all regular employees: Incentive plans, 401(k) plan plus employer contribution and match, Short-term disability, Paid time off, Paid holidays, Employee Stock Purchase Plan, Employee Assistance Program, Non-qualified Retirement Plan Supplement (subject to IRS earning minimums), and Capital Accumulation Plan (available to Vice Presidents and above, or subject to IRS earning minimums). Regular employees are those who are not temporary, such as interns. Temporary employees are eligible for paid sick time, as required under applicable state law, and the Employee Stock Purchase Plan. Please note some of the above benefits may not apply to workers in Puerto Rico. Further details are available at the link below: Medtronic benefits and compensation plans (************************************************************************************************************** **About Medtronic** We lead global healthcare technology and boldly attack the most challenging health problems facing humanity by searching out and finding solutions. Our Mission - to alleviate pain, restore health, and extend life - unites a global team of 95,000+ passionate people. We are engineers at heart- putting ambitious ideas to work to generate real solutions for real people. From the R&D lab, to the factory floor, to the conference room, every one of us experiments, creates, builds, improves and solves. We have the talent, diverse perspectives, and guts to engineer the extraordinary. Learn more about our business, mission, and our commitment to diversity here (************************* . It is the policy of Medtronic to provide equal employment opportunity (EEO) to all persons regardless of age, color, national origin, citizenship status, physical or mental disability, race, religion, creed, gender, sex, sexual orientation, gender identity and/or expression, genetic information, marital status, status with regard to public assistance, veteran status, or any other characteristic protected by federal, state or local law. In addition, Medtronic will provide reasonable accommodations for qualified individuals with disabilities. If you are applying to perform work for Medtronic, Inc. ("Medtronic") in any position which will involve performing at least two (2) hours of work on average each week within the unincorporated areas of Los Angeles County, you can find here (*************************************************************************************************************************************** a list of all material job duties of the specific job position which Medtronic reasonably believes that criminal history may have a direct, adverse and negative relationship potentially resulting in the withdrawal of a conditional offer of employment. Medtronic will consider for employment qualified job applicants with arrest or conviction records in accordance with the Los Angeles County Fair Chance Ordinance for Employers and the California Fair Chance Act. We lead global healthcare technology and boldly attack the most challenging health problems facing humanity by searching out and finding solutions. Our Mission - to alleviate pain, restore health, and extend life - unites a global team of 95,000+ passionate people. We are engineers at heart- putting ambitious ideas to work to generate real solutions for real people. From the R&D lab, to the factory floor, to the conference room, every one of us experiments, creates, builds, improves and solves. We have the talent, diverse perspectives, and guts to engineer the extraordinary. **We change lives** . Each team member, each day, helps to improve and redefine how the world treats the most pressing health conditions, from heart disease to diabetes. Our industry leadership comes from the passion and ingenuity of our people. That's who we are. Working alongside one another, we use science, medicine, and a profound understanding of the human body to build extraordinary technologies that can transform lives. **We build extraordinary solutions as one team** . With one Medtronic Mindset defining how we work. Speed and decisiveness run through our DNA. Diverse perspectives inspire our bold answers to any challenge that comes our way. And we deliver results the right way, breakthrough after patient breakthrough. **This life-changing career is yours to engineer** . By bringing your ambitious ideas, unique perspective and contributions, you will... + **Build** a better future, amplifying your impact on the causes that matter to you and the world + **Grow** a career reflective of your passion and abilities + **Connect** to a dynamic and inclusive culture that welcomes the challenge of life-long learning These commitments set our team apart from the rest: **Experiences that put people first** . Respect for people is the hallmark of our humanity. It fuels our team to positively impact even a single life. And it means we put our people first at Medtronic as well, creating a culture of belonging and always pushing to get you the career-building resources you need. **Life-transforming technologies** . No matter your role, you contribute to technologies that transform lives. What we build empowers patients to live life on their terms. **Better outcomes for our world** . Here, it's about more than the bottom line. Our Mission to improve human welfare drives us. We advance healthcare, society, and equity with every design, inside and outside our walls. **Insight-driven care** . Fresh viewpoints. Cutting-edge AI, data, and automation. You're shaping the future of healthcare technology and defining the next generation of breakthroughs in care It is the policy of Medtronic to provide equal employment opportunity (EEO) to all persons regardless of age, color, national origin, citizenship status, physical or mental disability, race, religion, creed, gender, sex, sexual orientation, gender identity and/or expression, genetic information, marital status, status with regard to public assistance, veteran status, or any other characteristic protected by federal, state or local law. In addition, Medtronic will provide reasonable accommodations for qualified individuals with disabilities. For sales reps and other patient facing field employees, going into a healthcare setting is considered an essential function of the job and we expect our employees to comply with all credentialing requirements at the hospitals or clinics they support. This employer participates in the federal E-Verify program to confirm the identity and employment authorization of all newly hired employees. For further information about the E-Verify program, please click here (*********************************** . For updates on job applications, please go to the candidate login page and sign in to check your application status. If you need assistance completing your application please email ******************* To request removal of your personal information from our systems please email *****************************

How would you like to work in a place where your contributions and ideas are valued? A place where you can serve with compassion, pursue excellence and honor every voice? At Wellstar, our mission is simple, yet powerful: to enhance the health and well-being of every person we serve. We are proud to have become a shining example of what's possible when the brightest professionals dedicate themselves to making a difference in the healthcare industry, and in people's lives. Work Shift Job Summary: The Security Engineer III is responsible for performing technical analysis, implementation, and support of WellStar's security program. This role will participate in the implementation of security solutions, standards, procedures, and incident response & remediation. The Security Engineer III must be a subject matter expert in network and host-based firewalls, intrusion detection/prevention systems, vulnerability scanning, anti-malware and spam protection, secure data transmission technologies, and network monitoring/protection solutions. Deploy and manage security tools such as endpoint protection, encryption, firewall configurations, log management, intrusion detection, multi-factor authentication Recommend changes to standard processes and operating procedures Analyze information systems utilizing various cybersecurity techniques including packet analysis tools, forensics tools, intrusion prevention systems, firewalls, SIEM solutions, and vulnerability assessment software to aid in the detection and prevention of cyber-attacks Work with SOC to investigate and respond to security incidents Leading information security projects and implementing security technology Act as advisor for information security risks, threats and solutions Assist with security policy reviews, configuration standards, and 3rd-party audits Core Responsibilities and Essential Functions: Conduct compliance assessment and audits * Review logs, system activities, and process artifacts * Perform, using documented processes, validations and audits * Conduct process reviews * Assist in improving processes, as required Incident Response * As required respond to security incidents using appropriate procedures * Participate fully in Security Incident Response Team program * Provide service for incident tickets received from IT Service Desk or other organizations Consulting and Collaboration * Participate, as part of a larger team, to ensure information security requirements are met * Educate business units, as needed, on proper processes and procedures to protect information assets * Work, as needed, within department on quality improvements to all programs Performs other duties as assigned Complies with all WellStar Health System policies, standards of work, and code of conduct. Required Minimum Education: Bachelor's Degree in Information Systems (or related field) Required Minimum License(s) and Certification(s): All certifications are required upon hire unless otherwise stated. CISSP - Cert Info Sys Security Pro-Preferred Additional License(s) and Certification(s): Required Minimum Experience: Minimum 8 years Information Security experience. Required and Minimum 5 years in Information Security (8-10 years without Bachelors) Required Required Minimum Skills: Analytical, Verbal & Written Communication, Time Management, Project Management, Risk Assessment, System, Process Improvement, Strong audit/assessment focus. Join us and discover the support to do more meaningful work-and enjoy a more rewarding life. Connect with the most integrated health system in Georgia, and start a future that gives you more.

Passionate about precision medicine and advancing the healthcare industry? Recent advancements in underlying technology have finally made it possible for AI to impact clinical care in a meaningful way. Tempus' proprietary platform connects an entire ecosystem of real-world evidence to deliver real-time, actionable insights to physicians, providing critical information about the right treatments for the right patients, at the right time. Passionate about precision medicine and advancing the healthcare industry? Recent advancements in underlying technology have finally made it possible for AI to impact clinical care in a meaningful way. Tempus' proprietary platform connects an entire ecosystem of real-world evidence to deliver real-time, actionable insights to physicians, providing critical information about the right treatments for the right patients, at the right time. As a Security Operations Analyst, you'll play a critical role in fulfilling the mission of Tempus by helping ensure we provide secure and private precision medicine methodologies for our clients and their patients. Why we're looking for you: * You have practical experience with logging, monitoring, and alerting tools like SIEMs and conducting investigations into what's found. * You're perfectly comfortable working alongside vendors like a MSSP. * You're prepared from your first day to be part of an IR team and fight off any attack. * You're a team player and enjoy collaborating with others working on various IT, cloud, data, and engineering projects. Qualifications: Required: * Minimum of 3+ years of cyber incident response experience * Previous experience working with SIEM tools responding to security events. * Excellent written and oral communication skills * Practical knowledge of Windows, Linux, or Mac systems * Practical knowledge of networking technologies (TCP/IP, OSI layers, etc…) * Practical knowledge of security related technologies and their functions (DLP, IDS, IPS, EDR, IRP, FW, WAF, SIEM, SOAR, etc.) Preferred: * Experience writing queries, creating dashboards, and writing reports in a SIEM tool. * Scripting/Development experience in tools like python or javascript * Experience working with cloud technologies such as AWS and GCP. * Experience with EDR tools #LI-BL1 Illinois Pay Range: $75,000 - $105,000 USD The expected salary range above is applicable if the role is performed from Illinois and may vary for other locations (California, Colorado, New York). Actual salary may vary based on qualifications and experience. Tempus offers a full range of benefits, which may include incentive compensation, restricted stock units, medical and other benefits depending on the position. We are an equal opportunity employer. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.

RESPONSIBILITIES I. JOB SUMMARY/RESPONSIBILITIES: - Supports and maintains The Queen's Health Systems' (QHS) information security program. - Actively promotes awareness and training of QHS Security Policies and related security topics. - Key responsibilities include but is not limited to the following: o Management and support of QHS' information security technical controls, programs and policies. o Support QHS initiatives and projects by providing information security-related consultation and technical assistance. o Leads or assists in the design, planning, and implementation of security measures to ensure safety and security of all information systems assets and to enhance the security posture of the organization. o Serves as a subject matter expert in support of security risk management and the IT Risk Management Program. - Works closely with leadership, including the privacy, risk and compliance functions, to ensure compliance with regulatory requirements. II. TYPICAL PHYSICAL DEMANDS: All essential, designated by frequency. - Continuous: seeing, speaking, repetitive arm/hand motions, sitting, static gripping of an object for prolonged periods. - Frequent: standing, sitting, walking, finger dexterity, hearing. - Occasional: stooping/bending, carrying usual weight of 12 pounds, reaching above shoulder level. - Operates computer equipment and copy machines. III. TYPICAL WORKING CONDITIONS: - Not substantially subjected to adverse environmental conditions. - Work schedule includes providing 24 hours/7 days a week support as required. IV. MINIMUM QUALIFICATIONS: EDUCATION/CERTIFICATION AND LICENSURE: - Bachelor's degree in Information Technology (IT) or related field; or four (4) years experience in information technology and/or information security may be substituted for the educational requirement. - Current certification in at least one (1) of the following highly preferred: o Global Information Assurance Certifications (GIAC) o Certified Ethical Hacker (CEH) o Certified Information Security Manager (CISSP) o Certified Information Security Manager (CISM) B. EXPERIENCE: - In addition to the educational requirement, four (4) years of information security experience, preferably in healthcare, demonstrating in-depth knowledge and ability to independently design and manage complex security controls and processes. - Experience to demonstrate the following IT Security Management experience: o SIEM management and reporting o Incident Response/Management o Threat & Vulnerability Management o Security appliances & tools including IDS, IPS, web/e-mail filtering, DLP, etc. o Expertise with offensive tools such as: Metaspoit, Kali Linux, Cobalt Strike, Mimikatz or a similar tool. o Technical expertise in system security vulnerabilities and remediation techniques, network and web-related protocols (e.g., TCP/IP, UDP, IPSEC, HTTP, etc.). o Demonstrated ability to create complex scripts, develop tools, or automate processes in Python or other relevant command languages. o Highest level of technical expertise in cybersecurity, including deep familiarity with relevant penetration and intrusion techniques and attack vectors. Equal Opportunity Employer/Disability/Vet

Passionate about precision medicine and advancing the healthcare industry? Recent advancements in underlying technology have finally made it possible for AI to impact clinical care in a meaningful way. Tempus' proprietary platform connects an entire ecosystem of real-world evidence to deliver real-time, actionable insights to physicians, providing critical information about the right treatments for the right patients, at the right time. Passionate about precision medicine and advancing the healthcare industry? Recent advancements in underlying technology have finally made it possible for AI to impact clinical care in a meaningful way. Tempus' proprietary platform connects an entire ecosystem of real-world evidence to deliver real-time, actionable insights to physicians, providing critical information about the right treatments for the right patients, at the right time. As a Security Operations Analyst, you'll play a critical role in fulfilling the mission of Tempus by helping ensure we provide secure and private precision medicine methodologies for our clients and their patients. Why we're looking for you: You have practical experience with logging, monitoring, and alerting tools like SIEMs and conducting investigations into what's found. You're perfectly comfortable working alongside vendors like a MSSP. You're prepared from your first day to be part of an IR team and fight off any attack. You're a team player and enjoy collaborating with others working on various IT, cloud, data, and engineering projects. Qualifications: Required: Minimum of 3+ years of cyber incident response experience Previous experience working with SIEM tools responding to security events. Excellent written and oral communication skills Practical knowledge of Windows, Linux, or Mac systems Practical knowledge of networking technologies (TCP/IP, OSI layers, etc…) Practical knowledge of security related technologies and their functions (DLP, IDS, IPS, EDR, IRP, FW, WAF, SIEM, SOAR, etc.) Preferred: Experience writing queries, creating dashboards, and writing reports in a SIEM tool. Scripting/Development experience in tools like python or javascript Experience working with cloud technologies such as AWS and GCP. Experience with EDR tools #LI-BL1 Illinois Pay Range: $75,000 - $105,000 USD The expected salary range above is applicable if the role is performed from Illinois and may vary for other locations (California, Colorado, New York). Actual salary may vary based on qualifications and experience. Tempus offers a full range of benefits, which may include incentive compensation, restricted stock units, medical and other benefits depending on the position. We are an equal opportunity employer. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.

The Cyber Security Analyst I is responsible for the review and implementation of IT Governance and Risk and Compliance (GRC) aspects of the business. This role will work closely with business stakeholders and junior Cyber Analysts during contract negotiations and will conduct Vendor Risk Assessments (VRA) and Application Risk Assessments (ARA) using industry NIST/ISO best practices. This role should have a strong understanding of Security Governance frameworks/standards such as HIPAA, PCI/DSS, NIST and ISO. Additionally, the ability to work with structure policies and procedures along with keeping such documents current is critical. Further, this job requires exceptional customer service skills with the ability to communicate with many internal/external customers at different levels within the organizational hierarchy. The Cyber Security Analyst II is also responsible for supporting the business goals and objectives for the Department, the Information Management Organization, and the organization as a whole. Responsibilities: * Meets expectations of the applicable OneCHRISTUS Competencies: Leader of Self, Leader of Others, or Leader of Leaders. * Reviews contracts; identifies and classifies Information Security Risks. * Performs Vendor Risk Assessments; works with business stakeholders to classify and mitigate identified security risks. * Provides daily support of Business Stakeholders as assigned by the Security Assurance ticketing system and peer reviews of other Cyber Team Members work. * Researches and understands emerging information security threats and vulnerabilities. * Performs other risk assessments, such as HIPAA, PCI/DSS, etc., under the guidance of the Director of Information Security. * Assists with the selection and implementation of tools which enforce or monitor compliance with information security policies, standards and requirements. * Provides after-hours coverage for security event monitoring and incident response. * Maintains and demonstrates the ability to work well on assigned tasks through actions and job performance. Collaborates with and assists IM leaders, directors and staff in the fulfillment of corporate objectives and goals. * Follows approved mechanisms to document and report on all incidents/events. Escalates issues appropriately. Assists in the development of the security plan. Requirements: Education/Skills: * Associate's Degree in related field, or equivalent years of experience, preferred Experience: * 0-1 years of IT, Audit/Compliance, Cyber Security, or security assurance experience preferred Licenses, Registrations, or Certifications: * One or more of the following basic Cyber Security certifications is preferred: * CYSA * Security+ * Network+ In accordance with the CHRISTUS Health License, Certification and Registration Verification Policy, all Associates are required to obtain the required certifications for their respective positions within the designated time frame. Work Schedule: 5 Days - 8 Hours Work Type: Full Time

Job Description Let's do great things, together! About Moda Founded in Oregon in 1955, Moda is proud to be a company of real people committed to quality. Today, like then, we're focused on building a better future for healthcare. That starts by offering outstanding coverage to our members, compassionate support to our community and comprehensive benefits to our employees. It keeps going by connecting with neighbors to create healthy spaces and places, together. Moda values diversity and inclusion in our workplace. We aim to demonstrate our commitment to diversity through all our business practices and invite applications from candidates that share our commitment to this diversity. Our diverse experiences and perspectives help us become a stronger organization. Let's be better together. Position Summary The Operations Analyst is a technical role within Moda's Information Security team and will play a vital role in keeping the organization's proprietary and sensitive information secure. This position works interdepartmentally to investigate issues, identify and correct flaws in security systems, solutions, and programs, and recommend measures to improve the company's overall security posture. Acting as a liaison between Security and IT management, the analyst assists IT strategy and architecture design from a security perspective and identifies issues, concerns, or recommendations as the organization grows its technology infrastructure and processes. This is a FT WFH position. Pay Range $70,496.52 - $91,647.55 annually (depending on experience) *This role may be classified as hourly (non-exempt) depending on the applicant's location. Actual pay is based on qualifications. Applicants who do not exceed the minimum qualifications will only be eligible for the low end of the pay range. Please fill out an application on our company page, linked below, to be considered for this position. ************************** GK=27768922&refresh=true Benefits: Medical, Dental, Vision, Pharmacy, Life, & Disability 401K- Matching FSA Employee Assistance Program PTO and Company Paid Holidays Required Skills, Experience & Education: Bachelor's or master's in Computer Science, Information Security, Cybersecurity, or a related field. 5+ years of experience as a security operations analyst or in related fields such as IT audit, enterprise risk management, penetration testing, or red team/incident response. Experience with common security tools such as SIEM platforms, EDR solutions, and cloud platforms (e.g., Microsoft Azure, Amazon AWS). Knowledge of Microsoft Azure configuration and management is highly desirable. 3+ years of experience with regulatory compliance and information security management frameworks (e.g., HIPAA, NIST, IS0 27000, or COBIT). Strong documentation and reporting skills, including the ability to record security events, investigations, and recommendations for technical and non-technical audiences. Excellent collaboration and communication skills with the ability to influence and work effectively across cross-functional teams. Industry recognized cybersecurity certification (e.g., CISSP, CISM, CompTIA Security+) preferred. Primary Functions: Defend against cybersecurity incidents and identify, analyze, communicate, and contain incidents as they occur. Monitor systems and networks for security alerts, notifications, and issues including patching and update process issues and investigate and document any security issues or events that may occur. Own and drive the investigation of security events and other cybersecurity incidents including review, triage, and response to alerts and notifications. Take a lead role in the documentation of security events and incidents and the assessment of the damage they cause. Review threat intelligence and analyze the current threat landscape and apply threat analysis to Moda's infrastructure systems and networks to identify and address vulnerabilities or exploitable attack paths. Build and drive proactive threat hunting programs including detailed threat analysis of exploitable vulnerabilities leading to actionable remediation plans. Work with IT resources and architects to develop and implement cloud security strategies to facilitate migration of key assets into a public cloud hosted environment. Advise on installation and configuration of security controls, systems, and software to protect systems and information infrastructure and recommend enhancements based on compliance requirements and industry best practices. Work with IT and Security leadership to perform tests or support external testing such as network penetration tests, vulnerability testing, and disaster response failover tests to uncover network vulnerabilities. Advise on installation and configuration of security controls, systems, and software to protect systems and information infrastructure and recommend enhancements based on compliance requirements and industry best practices. Take a proactive and operational role in creating the best practices for IT security companywide. Support cybersecurity risk assessment activities. Work with both Security and IT management to ensure security policies and goals are met in infrastructure and development contexts. Stay current on IT security trends and news including evolving standards. Collaborate and communicate effectively with cross functional colleagues at all levels. Other duties as assigned. Working Conditions: Remote office environment with extensive close PC and keyboard use, constant sitting, and frequent phone communication. Must be able to navigate multiple computer screens. A reliable, high-speed, hard-wired internet connection required to support remote or hybrid work. Must be comfortable being on camera for virtual training and meetings. Work in excess of standard workweek, including evenings and occasional weekends, to meet business need. Internally with all departments. Externally with auditors, clients, technology partners, and other various entities. Together, we can be more. We can be better. Moda Health seeks to allow equal employment opportunities for all qualified persons without regard to race, religion, color, age, sex, sexual orientation, national origin, marital status, disability, veteran status or any other status protected by law. This is applicable to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absences, compensation, and training. For more information regarding accommodations, please direct your questions to Kristy Nehler & Danielle Baker via our ***************************** email.

Let's do great things, together! About Moda Founded in Oregon in 1955, Moda is proud to be a company of real people committed to quality. Today, like then, we're focused on building a better future for healthcare. That starts by offering outstanding coverage to our members, compassionate support to our community and comprehensive benefits to our employees. It keeps going by connecting with neighbors to create healthy spaces and places, together. Moda values diversity and inclusion in our workplace. We aim to demonstrate our commitment to diversity through all our business practices and invite applications from candidates that share our commitment to this diversity. Our diverse experiences and perspectives help us become a stronger organization. Let's be better together. Position Summary The Operations Analyst is a technical role within Moda's Information Security team and will play a vital role in keeping the organization's proprietary and sensitive information secure. This position works interdepartmentally to investigate issues, identify and correct flaws in security systems, solutions, and programs, and recommend measures to improve the company's overall security posture. Acting as a liaison between Security and IT management, the analyst assists IT strategy and architecture design from a security perspective and identifies issues, concerns, or recommendations as the organization grows its technology infrastructure and processes. This is a FT WFH position. Pay Range $70,496.52 - $91,647.55 annually (depending on experience) *This role may be classified as hourly (non-exempt) depending on the applicant's location. Actual pay is based on qualifications. Applicants who do not exceed the minimum qualifications will only be eligible for the low end of the pay range. Please fill out an application on our company page, linked below, to be considered for this position. ************************** GK=27768922&refresh=true Benefits: Medical, Dental, Vision, Pharmacy, Life, & Disability 401K- Matching FSA Employee Assistance Program PTO and Company Paid Holidays Required Skills, Experience & Education: Bachelor's or master's in Computer Science, Information Security, Cybersecurity, or a related field. 5+ years of experience as a security operations analyst or in related fields such as IT audit, enterprise risk management, penetration testing, or red team/incident response. Experience with common security tools such as SIEM platforms, EDR solutions, and cloud platforms (e.g., Microsoft Azure, Amazon AWS). Knowledge of Microsoft Azure configuration and management is highly desirable. 3+ years of experience with regulatory compliance and information security management frameworks (e.g., HIPAA, NIST, IS0 27000, or COBIT). Strong documentation and reporting skills, including the ability to record security events, investigations, and recommendations for technical and non-technical audiences. Excellent collaboration and communication skills with the ability to influence and work effectively across cross-functional teams. Industry recognized cybersecurity certification (e.g., CISSP, CISM, CompTIA Security+) preferred. Primary Functions: Defend against cybersecurity incidents and identify, analyze, communicate, and contain incidents as they occur. Monitor systems and networks for security alerts, notifications, and issues including patching and update process issues and investigate and document any security issues or events that may occur. Own and drive the investigation of security events and other cybersecurity incidents including review, triage, and response to alerts and notifications. Take a lead role in the documentation of security events and incidents and the assessment of the damage they cause. Review threat intelligence and analyze the current threat landscape and apply threat analysis to Moda's infrastructure systems and networks to identify and address vulnerabilities or exploitable attack paths. Build and drive proactive threat hunting programs including detailed threat analysis of exploitable vulnerabilities leading to actionable remediation plans. Work with IT resources and architects to develop and implement cloud security strategies to facilitate migration of key assets into a public cloud hosted environment. Advise on installation and configuration of security controls, systems, and software to protect systems and information infrastructure and recommend enhancements based on compliance requirements and industry best practices. Work with IT and Security leadership to perform tests or support external testing such as network penetration tests, vulnerability testing, and disaster response failover tests to uncover network vulnerabilities. Advise on installation and configuration of security controls, systems, and software to protect systems and information infrastructure and recommend enhancements based on compliance requirements and industry best practices. Take a proactive and operational role in creating the best practices for IT security companywide. Support cybersecurity risk assessment activities. Work with both Security and IT management to ensure security policies and goals are met in infrastructure and development contexts. Stay current on IT security trends and news including evolving standards. Collaborate and communicate effectively with cross functional colleagues at all levels. Other duties as assigned. Working Conditions: Remote office environment with extensive close PC and keyboard use, constant sitting, and frequent phone communication. Must be able to navigate multiple computer screens. A reliable, high-speed, hard-wired internet connection required to support remote or hybrid work. Must be comfortable being on camera for virtual training and meetings. Work in excess of standard workweek, including evenings and occasional weekends, to meet business need. Internally with all departments. Externally with auditors, clients, technology partners, and other various entities. Together, we can be more. We can be better. Moda Health seeks to allow equal employment opportunities for all qualified persons without regard to race, religion, color, age, sex, sexual orientation, national origin, marital status, disability, veteran status or any other status protected by law. This is applicable to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absences, compensation, and training. For more information regarding accommodations, please direct your questions to Kristy Nehler & Danielle Baker via our ***************************** email.

Discover. Achieve. Succeed. #BeHere This job is REMOTE. FTE: 1.000000 Standard Hours: 40.00 Shift: 1st shift flexible 7 am to 5pm Shift Details: Holidays: Weekends: Froedtert ThedaCare Health, Inc., a leading healthcare system located in Eastern Wisconsin, is seeking a Cybersecurity GRC Analyst, Training & Awareness professional to join the Cybersecurity Governance, Risk Management, and Compliance (GRC) team. This role is critical in promoting a robust security culture across the organization by designing, managing, and improving cybersecurity training and awareness programs. The successful candidate will focus on cybersecurity awareness, phishing program operations, cybersecurity training, and GRC concepts while fostering cultural engagement and workforce behavioral change through creative and innovative initiatives. You will partner with cross-functional teams to address cybersecurity risks in clinical and non-clinical environments, ensure regulatory compliance, and contribute to the harmonization of cybersecurity programs across the Froedtert ThedaCare ecosystem. Position Responsibilities: Training and Awareness Program Management: * Develop, implement, enhance, and manage a comprehensive Cybersecurity Training and Awareness framework tailored to healthcare's unique risks and regulatory landscape (e.g., HIPAA, PCI DSS, and Joint Commission requirements). * Design role-based training for diverse audiences, including clinicians, administrative staff, IT teams, and executives. * Continuously refine training materials to incorporate emerging threats, organizational changes, and stakeholder feedback. Phishing Program Operations: * Build, enhance, and execute a dynamic, reality-based phishing simulation program, addressing sector-specific threats such as ransomware and patient data phishing schemes. * Analyze simulation metrics and provide actionable insights to improve employee awareness and reduce risks. * Develop and maintain educational material to support cybersecurity initiatives and training activities. * Deliver targeted follow-up training for individuals or teams with repeated simulation failures. Creative Engagement and Communications: * Develop multimedia content, including videos, infographics, and gamified training, to drive engagement and retention. * Design and execute large-scale security awareness campaigns, ensuring alignment with cultural transformation goals. * Partner with leadership to create impactful security messaging and content tailored to high-risk roles. Regulatory and Compliance Integration: * Ensure training programs align with healthcare-specific regulations and standards, including HIPAA, PCI DSS, and Joint Commission requirements. * Collaborate with Compliance and Legal teams to embed security awareness into broader compliance initiatives. * Provide support for audits and regulatory reviews by showcasing training program effectiveness. Metrics, Reporting, and Continuous Improvement: * Develop and maintain KPIs and dashboards to measure the success of training programs and awareness initiatives. * Conduct quarterly and annual program reviews to identify opportunities for innovation and enhancement. * Prepare reports and presentations for leadership to highlight program impact and align with organizational goals. Collaboration and Change Management: * Partner with IT, Risk Management, and Clinical Operations teams to ensure training initiatives integrate seamlessly across the organization. * Lead security awareness efforts during organizational transitions, such as the Froedtert-ThedaCare merger, ensuring program consistency and harmonization. * Act as a trusted advisor to business units, translating complex cybersecurity topics into actionable guidance. Risk and Compliance Integration: * Assist with routine GRC activities, such as monitoring risk registers, supporting audit preparation, and reviewing policy exception requests. * Collaborate with the Risk Management team to align training efforts with identified risk scenarios, ensuring targeted mitigation strategies. Policy and Procedure Maintenance: * Support the documentation and dissemination of cybersecurity policies, standards, and procedures. * Assist in the lifecycle management of GRC documentation, ensuring alignment with training content and awareness initiatives. EXPERIENCE DESCRIPTION: 1 - 3 years of experience in a related field. 3 or more years of experience in a related field is preferred. At least three years of experience in Cybersecurity training, GRC, or a related role within healthcare or similarly regulated industries preferred Proven track record managing phishing simulation programs and security training platforms (e.g., KnowBe4, LMS). Experience creating and executing large-scale awareness campaigns using multimedia tools EDUCATION DESCRIPTION: BA in Computer Science or related field is required or equivalent acquired through combination of education and experience. Bachelor's degree in Information Security, Computer Science, Communications, or a related field is preferred. Relevant certifications (e.g., CISSP, CISM, CISA, or GIAC) are a plus. SPECIAL SKILLS DESCRIPTION: Technical Expertise: * In-depth knowledge of healthcare regulations and cybersecurity frameworks, including HIPAA, HITECH, NIST CSF, and HITRUST. * Proficiency with phishing simulation platforms (e.g., KnowBe4) and LMS tools. * Familiarity with behavioral analytics and metrics for tracking training effectiveness. Creative and Communication Skills * Exceptional written and verbal communication skills, with the ability to craft messaging for technical and non-technical audiences. * Experience creating multimedia content (e.g., video editing, graphic design) for awareness campaigns. * Public speaking skills and confidence in presenting to diverse audiences. Analytical and Strategic Thinking * Strong problem-solving and critical-thinking skills for addressing complex training needs. * Experience developing data-driven strategies to improve training program impact and employee behavior. Collaboration and Leadership: * Demonstrated ability to collaborate across diverse teams and levels of leadership. * Self-starter with the ability to work independently and drive initiatives in a matrixed organization. * Proven ability to manage multiple projects with competing priorities. Preferred Qualifications * Experience in large healthcare systems or regulated industries. * Familiarity with change management and integration strategies during mergers or acquisitions. * Experience with gamified training methods or VR/AR-based security awareness tools Compensation, Benefits & Perks at Froedtert Health Pay is expected to be between: (expressed as hourly) $37.95 - $64.92. Final compensation is based on experience and will be discussed with you by the recruiter during the interview process. Froedtert Health Offers a variety of perks & benefits to staff, depending on your role you may be eligible for the following: * Paid time off * Growth opportunity- Career Pathways & Career Tuition Assistance, CEU opportunities * Academic Partnership with the Medical College of Wisconsin * Referral bonuses * Retirement plan - 403b * Medical, Dental, Vision, Life Insurance, Short & Long Term Disability, Free Workplace Clinics * Employee Assistance Programs, Adoption Assistance, Healthy Contributions, Care@Work, Moving Assistance, Discounts on gym memberships, travel and other work life benefits available The Froedtert & the Medical College of Wisconsin regional health network is a partnership between Froedtert Health and the Medical College of Wisconsin supporting a shared mission of patient care, innovation, medical research and education. Our health network operates eastern Wisconsin's only academic medical center and adult Level I Trauma center engaged in thousands of clinical trials and studies. The Froedtert & MCW health network, which includes ten hospitals, nearly 2,000 physicians and more than 45 health centers and clinics draw patients from throughout the Midwest and the nation. We are proud to be an Equal Opportunity Employer who values and maintains an environment that attracts, recruits, engages and retains a diverse workforce. We welcome protected veterans to share their priority consideration status with us at ************. We maintain a drug-free workplace and perform pre-employment substance abuse testing. During your application and interview process, if you have a need that requires an accommodation, please contact us at ************. We will attempt to fulfill all reasonable accommodation requests.

At Moffitt Cancer Center, we strive to be the leader in understanding the complexity of cancer and applying these insights to contribute to the prevention and cure of cancer. Our diverse team of over 9,000 are dedicated to serving our patients and creating a workspace where every individual is recognized and appreciated. For this reason, Moffitt has been recognized on the 2023 Forbes list of America's Best Large Employers and America's Best Employers for Women, Computerworld magazine's list of 100 Best Places to Work in Information Technology, DiversityInc Top Hospitals & Health Systems and continually named one of the Tampa Bay Time's Top Workplace. Additionally, Moffitt is proud to have earned the prestigious Magnet designation in recognition of its nursing excellence. Moffitt is a National Cancer Institute-designated Comprehensive Cancer Center based in Florida, and the leading cancer hospital in both Florida and the Southeast. We are a top 10 nationally ranked cancer center by Newsweek and have been nationally ranked by U.S. News & World Report since 1999. Working at Moffitt is both a career and a mission: to contribute to the prevention and cure of cancer. Join our committed team and help shape the future we envision. Summary Security Systems Analyst II Position Highlights: * The Security Systems Analyst II, will maintain the architecture of security controls for applications of systems, such as infrastructure and web application firewalls. * The Security Systems Analyst II reviews alerts and data from network and server infrastructure and documents formal, technical incident reports. * Works with Security Systems Engineer on foundational technology security reviews and assessments. * The Security Systems Analyst II will also administer and maintain an organizational SIEM and log solution in concert with organizational monitoring platforms. * This position leverages experience with PKI and certificates and will also deliver XDR across the organization. Responsibilities: * Performs maintenance and management of security systems and applications, including firewalls, PKI and certificates, network security appliances and host-based security systems * This includes infrastructure and web applications firewalls, including physical and virtual firewalls, including day to day maintenance of firewall rules. Investigates and documents issues or incidents involving the enterprise firewall. * Participates in infrastructure projects to develop, plan and implement specifications for network and distributed system security technologies in support of key information systems * Assists remediation required by audits, and document exceptions as necessary Education and Experience: * High School Diploma/GED * Minimum of 5 years of experience in an IT support environment which could include experience in more than one of the following IT disciplines: * Complex IT Portfolio environment including large scale systems, servers, storage and networking. * High availability application layer and/or stateful inspection based firewalls. * VPN gateways & remote access clients. * Public key Infrastructures including Certificate Authority (CA), Registration Authority (RA) and Certificate Repository. * Securing Internet access, Intranet, and Extranet. * Technology background in systems, networking and/or data storage design, engineering and support. Plus * Experience delivering XDR across the organization. * Experience with PKI and certificates Share:

The use of IT (Information Technology) infrastructure in the company is vital for daily operation. The IS (Information Security) Specialist should Provide secure Information Technology infrastructure service to the company as well as companywide employees and staff. Role Description. Define and implement Macro (Servers, Groups and Shared resource) and Micro (Personal and Single) IT infrastructure. Analyze, Plan, Design, Develop and Implement IT Infrastructure and IT Security solutions to support company IT requirements. Analyze and prevent any Information risk ensuring the companys information integrity. Define, maintain and monitor the execution of IS and IT policies. Execute and monitor company IT/IS Compliance. Essential Duties and Responsibilities -Monitoring and maintaining computer systems and networks -Responding in a timely manner to service issues and requests -Providing technical support across the company -Support equipment repair and replacement service -Testing Benchmarking new technology -Maintain and execute IT Training program for new employs -Monitor IT/IS Infrastructure (including servers and network devices) to ensure data integrity -Reporting of daily system issues. -Analyze and propose system improvements. -Documentation related to IT/IS policies, issues, and procedures. -Participation and active analyst, designer, and developer in IT projects. -Monitoring of IT/IS infrastructure-related expenses. -Other duties as assigned. Requirements Qualifications: Listed below are the minimum and/or desired qualifications of the position including education, work experience, and knowledge & skills that are required to perform satisfactorily in the position: Education and Work Experience: -Vocational or undergraduate degree in information systems and computer science or related field. -One (1) to three (3) years of information systems, computer science and/or IT-related experience. Knowledge and Skills: -PC and Server management -IT Hardware and Software installation -Initiative skills -Problem-solving skills -Understanding of IT infrastructure and application architectures -Great Social and Communication Skills -Great Oral and Written Communication Skills -System process analysis and design capabilities/experience -Server Operating systems (Windows Server, Linux, HP-UX, Unix, Sun Solaris) -Antivirus, NAC, DLP, MDM and other IS Solutions -IS Related definition and policies (ex. ISO 27001) -Networking (Cisco/HP) and network devices (Routers and Switch) -VPN -TCP/IP, UDP, Network standards -LDAP, Active Directory and Exchange -Access Control -Security Cameras -Firewall, Web Filter and other network security appliance solutions -Database systems (SQL Server/MySQL/Oracle) and programming skill (is a plus) -MS Office skills (especially Excel skills) Physical Demands: -Position requires sitting at a desk working on a computer for at least 2/3 of time. -Position requires regular and reliable attendance. -Position requires local travel up to 10% of the time.

The Role We're looking for an Information Security Governance, Risk & Compliance Analyst to join our growing Information Security team. This role will be reporting to the Manager of Information Security Governance, Risk & Compliance. Our security team works to create a strong Information Security function within GTI that enables the business to continue its tremendous growth. The Information Security Governance, Risk & Compliance Analyst is responsible for maintaining continuous compliance with security policies, industry laws, and regulations (HIPAA, SOX, NIST, etc.). The candidate must communicate effectively with business partners and team members to help raise the level of security awareness, security compliance, and security risk. The candidate will perform environment-specific risk assessments factoring in both qualitative and quantitative risks and assist with the deployment of various controls based on those assessments. This role will also involve ongoing monitoring and improvement of security governance, ensuring a proactive approach to risk management. The role is based out of our Chicago, office. While the role is primarily remote, you need to live in the Chicagoland area and commute to the office on an as needed basis. Responsibilities Own the relationship working with IT and business stakeholders to perform ongoing internal and vendor risk assessments, providing reporting to stakeholders, and ensuring appropriate action is taken. Update and track KPIs from the Information Security risk register and work with stakeholders on developing Corrective Action Plans to address risks. Provide guidance to newer staff working with internal IT stakeholders for vulnerability management, ensuring vulnerabilities are remediated in accordance with policy and SLAs. Own the process for working with IT and business stakeholders to perform ongoing compliance reviews in line with security policies, information security regulations (HIPAA, SOX/ITGC), and security frameworks (NIST, MITRE, etc.). Assist with ongoing internal operations and tasks, including ITGC security reviews. Spearhead the ongoing internal and external SOX and HIPAA audits and other security audits that are relevant to GTI's business. Provide updates and insight during the development and maintenance of Information Security policies, standards and procedures, aligning with NIST. Lead the identification of security training and awareness initiatives for the organization. Participate in incident response tabletops, business continuity tests, and other compliance activities and exercises. Maintain KPIs and KRIs for Information Security risk & compliance activities. Execute tasks as a member of the Information Security team as assigned by management. Provide mentorship and guidance to Associate Information Security GRC Analysts. Stay up to date on relevant laws and regulations to ensure continuous compliance and audit readiness. Collaborate with the IT and security teams in response to security incidents, ensuring proper documentation and reporting. Qualifications 3+ years of experience with responsibilities relating to security and compliance. Bachelor's degree or higher in Information Security or Information Technology may help you stand out but is not required. Demonstrated work experience can be substituted. Strong written and oral communication skills. Strong conceptual understanding of Information Security theories. Knowledge of network, application, and cloud security controls. Knowledge of regulatory frameworks and compliance standards such as NIST, MITRE, OWASP, HIPAA, PCI-DSS and SOX. Strong analytical and problem-solving skills with well-organized and structured work habits, and the ability to identify and mitigate risks. Security certifications, such as CRISC, CISA are preferred, but not required. We're doing some big things, and we'll find some roadblocks along the way, big and small. A big part of this role is keeping an even keel and finding the route through or around the obstacles. This role requires lots of communication with customers and everyone at GTI. Your colleagues will rely on your ability to translate security requirements into digestible bits of information for them. Customers will expect you to quickly articulate components of the GTI security program to help them assess risk, including as part of the business development process. An insatiable intellectual curiosity and the ability to learn quickly in a complex space. Additional Requirements Must pass any and all required background checks Must be and remain compliant with all legal or company regulations for working in the industry Must be a minimum of 21 years of age #LI-HYBRID The pay range is competitive and based on experience, qualifications, and/or location of the role. Positions may be eligible for a discretionary annual incentive program driven by organization and individual performance. Green Thumb Pay Range$80,000-$100,000 USD

The Role We're looking for an Information Security Governance, Risk & Compliance Analyst to join our growing Information Security team. This role will be reporting to the Manager of Information Security Governance, Risk & Compliance. Our security team works to create a strong Information Security function within GTI that enables the business to continue its tremendous growth. The Information Security Governance, Risk & Compliance Analyst is responsible for maintaining continuous compliance with security policies, industry laws, and regulations (HIPAA, SOX, NIST, etc.). The candidate must communicate effectively with business partners and team members to help raise the level of security awareness, security compliance, and security risk. The candidate will perform environment-specific risk assessments factoring in both qualitative and quantitative risks and assist with the deployment of various controls based on those assessments. This role will also involve ongoing monitoring and improvement of security governance, ensuring a proactive approach to risk management. The role is based out of our Chicago, office. While the role is primarily remote, you need to live in the Chicagoland area and commute to the office on an as needed basis. Responsibilities * Own the relationship working with IT and business stakeholders to perform ongoing internal and vendor risk assessments, providing reporting to stakeholders, and ensuring appropriate action is taken. * Update and track KPIs from the Information Security risk register and work with stakeholders on developing Corrective Action Plans to address risks. * Provide guidance to newer staff working with internal IT stakeholders for vulnerability management, ensuring vulnerabilities are remediated in accordance with policy and SLAs. * Own the process for working with IT and business stakeholders to perform ongoing compliance reviews in line with security policies, information security regulations (HIPAA, SOX/ITGC), and security frameworks (NIST, MITRE, etc.). * Assist with ongoing internal operations and tasks, including ITGC security reviews. * Spearhead the ongoing internal and external SOX and HIPAA audits and other security audits that are relevant to GTI's business. * Provide updates and insight during the development and maintenance of Information Security policies, standards and procedures, aligning with NIST. * Lead the identification of security training and awareness initiatives for the organization. * Participate in incident response tabletops, business continuity tests, and other compliance activities and exercises. * Maintain KPIs and KRIs for Information Security risk & compliance activities. * Execute tasks as a member of the Information Security team as assigned by management. * Provide mentorship and guidance to Associate Information Security GRC Analysts. * Stay up to date on relevant laws and regulations to ensure continuous compliance and audit readiness. * Collaborate with the IT and security teams in response to security incidents, ensuring proper documentation and reporting. Qualifications * 3+ years of experience with responsibilities relating to security and compliance. * Bachelor's degree or higher in Information Security or Information Technology may help you stand out but is not required. Demonstrated work experience can be substituted. * Strong written and oral communication skills. * Strong conceptual understanding of Information Security theories. * Knowledge of network, application, and cloud security controls. * Knowledge of regulatory frameworks and compliance standards such as NIST, MITRE, OWASP, HIPAA, PCI-DSS and SOX. * Strong analytical and problem-solving skills with well-organized and structured work habits, and the ability to identify and mitigate risks. * Security certifications, such as CRISC, CISA are preferred, but not required. * We're doing some big things, and we'll find some roadblocks along the way, big and small. A big part of this role is keeping an even keel and finding the route through or around the obstacles. * This role requires lots of communication with customers and everyone at GTI. Your colleagues will rely on your ability to translate security requirements into digestible bits of information for them. Customers will expect you to quickly articulate components of the GTI security program to help them assess risk, including as part of the business development process. * An insatiable intellectual curiosity and the ability to learn quickly in a complex space. Additional Requirements * Must pass any and all required background checks * Must be and remain compliant with all legal or company regulations for working in the industry * Must be a minimum of 21 years of age #LI-HYBRID The pay range is competitive and based on experience, qualifications, and/or location of the role. Positions may be eligible for a discretionary annual incentive program driven by organization and individual performance. Green Thumb Pay Range $80,000-$100,000 USD