St. Mary's Good Samaritan Senior Information Risk Analyst in St. Louis, Missouri


Role Purpose:

The position is responsible for supporting the IT compliance, auditing and risk assessments, which includes interacting with key stakeholders in the mitigation of findings. This person should have strong familiarity with HIPAA, PCI, ISO and other regulatory and industry frameworks. Specifically, the analyst will perform assessments relating to IT Security, IT Risk, and IT Compliance programs, including risk identification, risk assessment, risk mitigation, compliance controls assessments, self-assessments, and action plans.


  • Participates in the enhancement of IT governance and compliance programs. This includes technology implementation as well as project and program management.

  • Exhibits a strong understanding of regulations

  • Properly identifies key and compensates controls.

  • Develops audit and testing plans in accordance with established audit procedures to determine operational effectiveness of controls

  • Accurately identifies and evaluates the root cause of any audit issue in order to reduce or eliminate reoccurring deficiencies and organizational impact.

  • Develops remediation plans and track to closure through the use of various risk registers.

  • Provides regular updates reporting the progress of issues in remediation

  • Ensures successful completion of assigned audit engagements, from start to finish, inclusive of preplanning and wrap up activities.

  • Performs assessments for compliance with relevant laws and regulations to include HIPAA, PCI, and ISO security standards.

  • Exhibits a strong working knowledge of sensitive information such as Protected Health Information (PHI), Personal Information (PI) and Payment Card Industry (PCI) information.

  • Assists with the implementation and documentation of safeguards to protect sensitive information

  • Provides feedback for the maturation of the information risk program.

  • Identifies improvements within existing security practices and processes to protect critical patient data and business information

  • Communicates to the appropriate audience the audit scope, status, issues, risks and recommendations through verbal and written reports

  • Maintains and utilizes tools and processes to track metrics for both monitoring and compliance.

  • Creates work papers including audit evidence documentation ensuring that proper methodology was followed and appropriately documented as well as that conclusions were appropriately reached.

  • Works with business and operational teams to develop risk mitigation plans and ensure all current risk, deficiencies and vulnerabilities are accurately recorded, cross-referenced, displayed and reported.

  • Provides guidance to internal customers regarding practical application of information security policies and standards and regulatory requirements.

  • Evaluates current processes and procedures for inefficiencies and make improvement recommendations.


Minimum Requirements:

  • Associate’s degree

  • 3-5 years of direct experience in IT Compliance, IT Audit and/or IT Security

  • Experience with regulatory and contractual compliance to include Payment Card Industry (PCI) and Health Information Portability and Accountability Act (HIPAA)

  • Strong knowledge on industry standard framework, such as COSO, COBIT, NIST, ISO27000, ITIL,HIPAA, PCI etc.

  • Must have working knowledge of the NIST cyber security framework, ITGI process or COBIT.

*SSM Health Integrated Health Technologies – *

At SSM Health Integrated Health Technologies, information systems and clinical engineering systems come together to form a hub of technology for SSM Health - an integrated delivery network with hospitals in four states: Wisconsin, Illinois, Missouri and Oklahoma. It is based in St. Louis with locations throughout our system. It has been honored four times with Missouri Quality Awards since 2002 and has been recognized as a national leader in the adoption of an electronic health record.

Organization: SSM Health Integrated Health Technologies

Primary Location: Missouri-St. Louis-SSM Health Integrated Health Technologies

Work Locations: SSM Health Integrated Health Technologies (0009) 7980 Clayton Road St. Louis, 63117

Job: Information Technology

Req ID: 18009960