Sutter Health Privacy and Information Security Risk Management Analyst in Roseville, California

Position Overview:

The Privacy and Information Security Risk Management Analyst (Analyst) utilizes the Sutter Health governance, risk management, and compliance (GRC) platform to conduct and validate technical security reviews and security assessments in alignment with the Sutter Health information security controls framework, state and federal regulations, and industry security best practices, culminating in the production of security risk assessment reports. The Analyst acts as technical advisor to security leadership, Information Services (IS) departments, and Sutter Health business units on security-related issues and risks and provides support by leading resolution on complex security issues and initiatives. In addition, the Analyst provides security training to IS staff members through new hire orientation, just-in-time training, and regular department training. The Analyst also develops and/or reviews technical information security policies, procedures, standards, and guidelines to support Sutter Health business initiatives, conducts technical security-related research and analysis and translates the results into meaningful input to the Information Security program. The Analyst possesses detailed knowledge regarding NIST, HIPAA/HITECH, FIPS, and other related industry security standards, regulations, and best practices. The Analyst reports to the manager of the Security Risk Management team.



High school diploma is required.

Bachelor Degree in Business, Information Systems, Healthcare, Data Science or other applicable field is required. Equivalent combination of education and experience may be substituted.


Certified Information Systems Security Professional (CISSP) required

HCISPP, CRISC, CISA or similar certification preferred


• Relevant work experience in information systems and information security as typically acquired in five years

• Three years of healthcare information technology industry experience highly desired

• Thorough knowledge of information systems security concepts, current information security trends, and practices including security processes and methods

• Must be an expert in security concepts, practices, and procedures

• Thorough knowledge of software, hardware, databases, networks, firewalls, encryption, and other systems security devices

• Working knowledge of TCP/IP, DNS, DHCP, Active Directory, network topologies, and intrusion detection systems

• Familiarity with various database architectures and related security best practices

• Extensive experience with security tools in the industry

• Demonstrates strong quantitative, analytical, and conceptual thinking skills

• Strong technical skills in planning, administration, and management of information systems, operational and technical security controls, and security risk analysis and management

• Strong business and technical skills in the planning, administration, and management of information systems, operational and technical security controls, and security risk management

• Knowledge of federal and state security and privacy-related regulatory requirements

• Detailed knowledge regarding NIST, HIPAA, FIPS, and other related industry security standards, regulations, and best practices

• Excellent written and verbal communication skills

• Strong interpersonal and customer support skills.

• Strong organizational, analytical, and problem-solving skills

Organization: Sutter Health System Office

Employee Status: Regular

Benefits: Yes

Position Status: Exempt

Union: No

Job Shift: Day

Shift Hours: 8 Hour Shift

Days of the Week Scheduled: Monday-Friday

Weekend Requirements: Other

Schedule: Full Time

Hrs Per 2wk Pay Period: 80

All qualified applicants will receive consideration for employment without regard to race, color, creed, religion, marital status, sexual orientation, registered domestic partner status, sex, gender, gender identity or expression, ancestry, national origin (including possession of a driver's license issued to individuals who did not present proof of authorized presence in the U.S.), age, medical condition, physical or mental disability, military or protected veteran status, political affiliation, pregnancy or perceived pregnancy, childbirth, breastfeeding or related medical condition, genetic information or any other characteristic made unlawful by local, state, or federal law, ordinance or regulation. External hires must pass a background check/drug screening. Qualified applicants with arrest and/or conviction records will be considered for employment in a manner consistent with Federal, state, and local laws, including but not limited to the San Francisco Fair Chance Ordinance.