Business Analyst, Hospital Information Security

Shift: Monday – Friday, 8:00am-5:00pm (On-call rotation with department)

Department: IT Security

Compensation

· Base Pay Range: $68,265 - $111,425 per year, based on experience

ABOUT THE JOB

The Business Analyst, Hospital Information Security supports the hospital’s information security program by serving as a liaison between Information Security and departments across MU Health System to ensure documentation and compliance alignment. Focuses on understanding business and technical workflows, identifying documentation gaps, researching security and compliance policies, and drafting proposals and updates to policies and procedures. The Business Analyst works closely with business owners, technical owners, and the Information Security Officer to ensure appropriate security documentation (e.g., risk assessments, data flow diagrams, system use cases, exception requests, and implementation plans) is in place, accurate, and up to date. This position requires a deep understanding of regulatory obligations and hospital security policies, with a strong emphasis on documentation, communication, and process improvement.

ABOUT MU HEALTH CARE

MU Health Care is proud to be named one of Forbes’ Best-in-State Employers seven years in a row, and that’s largely a result of the incredible culture and team we’ve built. At MU Health Care, we have an inspired, hard-working and collaborative environment driven by our mission to save and improve lives. Here, we believe anything is possible and rally around solutions. We celebrate innovation and offer opportunities to be a part of something bigger — to have a voice and role in the work that is serving our community and changing the field of medicine.

Our academic health system — the only in mid-Missouri — is home to seven hospitals, including the region’s only Level 1 Trauma Center and region’s only Children’s Hospital, as well as over 90 specialty clinics. Here you can define your career among our many clinical and nonclinical positions — with growth, opportunity and support every step of the way.

Learn more about MU Health Care.

Learn more about living in mid-Missouri.

EMPLOYEE BENEFITS

· Health, vision and dental insurance coverage starting day one

· Generous paid leave and paid time off, including nine holidays

· Multiple retirement options, including 100% matching up to 8% and full vesting in three years

· Tuition assistance for employees (75%) and immediate family members (50%)

· Discounts on cell phone plans, rental cars, gyms, hotels and more

· See a comprehensive list of benefits here.

DETAILED JOB DESCRIPTION

Ensures complete and accurate technical and non-technical documentation is drafted, created, or collected for Information Security efforts related to risk assessments, project reviews, and new technology implementations.

Facilitates and documents meetings with business owners and technical owners to capture use cases, data types, access patterns, and security concerns.

Develops and maintains information security documentation, including system security plans, risk analysis, policy proposals, and corrective action plans.

Reviews and interprets hospital and university security policies, Health Information Portability and Accountability Act (HIPAA) regulations, and industry standards to inform documentation and compliance efforts.

Collaborates with the Hospital Information Security Analysts to ensure technical risk and compliance assessments are accurately captured and reflected in documentation.

Proposes changes to policies and procedures to the Information Security Officer based on identified gaps, evolving regulations, and organizational needs.

Supports audit and compliance efforts by collecting and organizing documentation needed for internal and external review.

Tracks security documentation requirements through the risk lifecycle and ensures timely updates or renewals.

Maintains awareness of regulatory and policy changes that may impact documentation requirements.

Participates in process improvement initiatives related to information security governance, project intake, and compliance workflows.

May complete unit/department-specific duties as outlined in department documents.

REQUIRED QUALIFICATIONS

Bachelor’s degree in information technology, cybersecurity, healthcare, business analysis, or a related field, or an equivalent combination of education and experience from which comparable knowledge, skills, and abilities can be acquired.

Two (2) years of experience in healthcare, information technology, information security, business analysis, or policy development.

Experience developing technical and non-technical documentation.

Experience engaging with healthcare stakeholders, including clinical, administrative, and technical teams, to document data usage, access, and protection requirements.

Certified in Cybersecurity (CC) or Governance, Risk, and Compliance Certification (CGRC) certification by the International Information System Security Certification Consortium (ISC2), or Security, Compliance, and Identity Fundamentals certification by Microsoft, or equivalent certification within twelve (12) months as a condition of continued employment in this job classification.

PREFERRED QUALIFICATIONS

Experience with Governance, Risk, and Compliance (GRC) platform.

Experience with drafting or managing security documentation for cloud and SaaS solutions.

Familiarity with project lifecycle and system development lifecycle documentation processes.

Additional license/certification requirements as determined by the hiring department.

PHYSICAL DEMANDS

The physical demands described here are representative of those that must be met with or without reasonable accommodation. The performance of these physical demands is an essential function of the job. The employee may be required ambulate, remain in a stationary position and position self to reach and/or move objects above the shoulders and below the knees. The employee may be required to move objects up to 10 lbs.

Equal Employment Opportunity

The University of Missouri is an Equal Opportunity Employer.

Equal Employment Opportunity

The University of Missouri is an Equal Opportunity Employer.