Share this Job

Governance Risk Compliance Analyst - Information Security

Benefits Eligibility (Employment Type):  Full-time benefits (32-40 hours per week)
Shift Type:  Day
Shift Length:  8 Hours
Primary Location (City):  Vancouver
State:  WA

PeaceHealth is seeking a Governance Risk Compliance Analyst - Information Security for a 1.0 full time equivalent Exempt position. This position will be working Day shift with shift durations of 8 Hours.

Req ID: 168737



Responsible for planning and implementation of policies, procedures, standards, and controls to govern the protection of PeaceHealth information systems, networks, and data. Assists with duties that include audits & assessments, risk management, compliance management, and security awareness. In addition, this position will provide support for internal and external audits, including gathering and discussing evidence, and tracking remediation responses and activities.



  1. Collaborates with functional teams on security risks and share PeaceHealth security initiatives.  Solicits involvement of senior management and leaders to achieve compliance through information sharing and collaboration to support timely resolution and risk mitigation.   
  2. Leads and supports enterprise wide security risk assessments and control audits with technical and non-technical teams.
  3. Proactively identifies and develops recommendations to security issues and vulnerabilities by working with multiple teams including OI privacy, compliance, internal audit, legal, HR, TSP, etc.     
  4. Serves as an advisor and subject matter expert on identified security issues, projects, or any other PeaceHealth initiative that may have a security implication.    
  5. Performs test of controls, risk assessments or risk-based analysis on projects, third party contracts, approved frameworks, policies; including federal and state mandates in support of security compliance communications, resolutions and follow-up actions.
  6. Develops solutions and processes that further PeaceHealth goals while ensuring protection of our patient information including recommending policies, standards, procedures and controls as wells as mitigation strategies in strengthening overall posture.
  7. Supports and responds to investigations and other security requests across PeaceHealth.  
  8. Develops and maintains relevant risk metrics to promote transparency across the PeaceHealth communities we serve.   Measures, monitors and reports on information security risks via security governance committees and other ad hoc meetings at PeaceHealth.
  9. Promotes security education and awareness across PeaceHealth
  10. Performs other duties as assigned.





  • Bachelor’s degree in Information Technology, Computer Science or related curriculum or equivalent knowledge and skills obtained through a combination of education, training, and experience required.



  • Minimum of five years of experience in managing security and/or compliance audits and risk assessments in a health care organization required.
  • Experience working with security frameworks (NIST, ITIL, HIPAA) required.
  • Experience in security investigations and incident response methodologies including cyber and other security threat vulnerabilities required.
  • Demonstrated experience in security, risk assessment, auditing or compliance project management, systems analysis, or related IT control environments required.



  • Certification in CRIS, CISSP, CHPS, CISA, or equivalent certification required.



  • Excellent project management, written and oral communications skills.
  • Ability to present information in various forms such as textual, graphical and statistical.
  • Ability to collect and analyze data to guide decision making while under potentially intense pressure to address security incidents.
  • Demonstrated ability to work collaboratively with a broad range of constituencies and respond to their needs and collaborate effectively towards solutions.
  • Ability to work on matters of high sensitivity and confidentiality with both professionalism and discretion.
  • Ability to work independently with limited supervision and guidance.
  • Proficient in standard software programs (i.e., Microsoft products, Windows and Outlook).


Please apply online to be considered. For full consideration of your skills and abilities, please attach a current resume with your application.


About PeaceHealth


PeaceHealth, based in Vancouver, Wash., is a not-for-profit Catholic health system offering care to communities in Washington, Oregon, and Alaska. PeaceHealth has approximately 16,000 caregivers, a multi-specialty medical group practice with more than 900 providers and 10 medical centers serving both urban and rural communities throughout the Northwest. In 1890, the Sisters of St. Joseph of Peace founded what has become PeaceHealth. Today, PeaceHealth is the legacy of its founding Sisters and continues with a spirit of respect, stewardship, collaboration and social justice in fulfilling its Mission. 


We offer competitive compensation, a robust benefits package and a collaborative, Mission-driven work environment! To learn more about working at PeaceHealth and the Vancouver community please visit our homepage:


Get a feeling for the Spirit of PeaceHealth through this three-minute video, and visit us on Facebook or LinkedIn!


Questions? Review our Employment FAQ or email Please note this email does not accept resumes or applications.


Location: Vancouver, Shared Services Center (802)
Job Category:  Business, Administrative & Facilities 
Shift:  Day
Shift Length: 8 Hours
FTE: 1.0
Work Type:  Full Time
Hourly compensation starts at: $35.55, more depending on experience
Required Certifications/Licensure: 


PeaceHealth is committed to providing equal employment opportunities to all qualified job applicants and employees without regard to the following statuses: protected veteran; qualified individual with a disability; race; ethnicity; religion; gender; pregnancy; gender identity; national origin; age; genetic information; sexual orientation; or any other protected status in accordance with local, state, or federal laws.


The above information is intended to indicate the general nature and level of work performed by this position. It is not designed to contain or be interpreted as a comprehensive inventory of all duties, responsibilities, and qualifications required of caregivers assigned to this job.


Posting Notes: Vancouver || Business, Administrative & Facilities || Risk Management & Quality || Full Time || RISK MANAGEMENT

Nearest Major Market: Portland Oregon
Nearest Secondary Market: Tacoma

Job Segment: Risk Management, Medical, Compliance, Information Security, Finance, Healthcare, Legal, Security, Technology