< Back
Edit this resume to make it your own!

Your Name

Information Security Analyst, CISSP

Normandy Park, WA


A career-oriented professional with experience in computer operations, information security and compliance requirements including HIPAA, HITECH Act, MAR, PCI, and HHS/CMS with sixteen (16) years experience working in healthcare: supported clinical and business applications running on legacy systems as well as client server; good interpersonal and organizational skills; excellent analytical skills, an experienced IT professional with a strong desire to learn; skilled in conducting compliance reviews; proficient at completing risk assessments, incident response investigations and risk mitigation recommendations; adept at managing projects, gathering user requirements and working with project teams, management and vendors with working knowledge of the Lean process improvement methodology.

Work Experience

Identity and Access Management Analyst

Apex Systems contracted to Swedish Medical Center/Providence Health Systems, Seattle, WA

Jan 2012Current

Provision access for multiple systems and applications including Active Directory, Exchange, Epic and PeopleSoft.
  • Responsible for monitoring HP OpenView, phone, email and working with walk-in customers for questions, problems, escalated work, terminations and transfers.
  • Create and maintain documentation as systems/applications are added or change.

Information Security Analyst

Group Health Cooperative (GHC),

2008 2011

Provided guidance and oversight to GHC business units to ensure compliance with legal and regulatory requirements that included HIPAA, CMS, MAR and PCI-DSS.
  • Worked with team to create vulnerability and risk assessment tools and procedures.
  • Collaborated with multiple teams in IT and GHC business to step through business process and data flows to analyze security requirements.
  • Conducted security reviews of Information Systems including Delivery, Health Plan, and Administrative systems and medical devices.
  • Assessed the effectiveness of physical and environmental controls surrounding information processing facilities.
  • Partnered with various GHC business departments to identify security risks and provided mitigation recommendations to minimize the threats.
  • Managed and facilitated many security projects promoting ongoing security controls. Examples include: PACS & iSite, PACS CR, Lawson, Cobas Lab Instruments, and McKesson Horizon products.
  • Performed information security incident investigations. Investigations included data gathering by running reports, checking system records, coordination with IT, Finance, Privacy and Legal, seizing PCs to preserve evidence, participation with NERD - Network Emergency Response and Defense team, and documenting the incident outcome.
  • Provided corrective action/remediation recommendations to address sanctions related to security incidents or breaches.
  • Worked through multiple technical problems alone and with teams including vendors, IT staff and business staff.
  • Documented and managed security exceptions approved within the Information Security department.
  • Assisted in the assessment, identification, and reporting on the effectiveness of existing security controls managed within ISD in order to recommend security safeguards needed for the infrastructure.
  • Using LEAN methodology and common sense, created new processes to streamline and standardize work flow resulting in quicker turnaround time for assessments.
  • Created LEAN Daily Management System and Visual System Board for the work group. Maintained tools to facilitate the ease of use of the Visual System Board.

Group Health Cooperative (GHC) Seattle, WA 1995 - 2011

Senior Information Security Analyst

Group Health Cooperative (GHC),

1995 2008

Consulted with project managers during planning, preparation and implementation of new system acquisitions and system upgrades. Information Security project lead for many projects large and small. Examples include: LastWord Security upgrade, Epic, Lawson implementation of multiple modules, American Health Care.
  • Worked with Virginia Mason staff to create initial and on-going process for reciprocal access to systems for VM and GHC staff.
  • Provided security guidance to managers and staff related to HIPAA practices.
  • Assisted other departments (Help Desk, LAN Administration and Training) in developing and streamlining processes for the GHC user community for on-line access necessary for completing their jobs.
  • Maintained multi-platform computer environments that included mainframe, mini-computer, client server, databases and legacy applications.
  • Handled account provisioning for approximately 90 user environments including RACF/ZOS390, TSO, CICS, Vanguard, Security Center, Roscoe, IDEAL, Data Dictionary, SAR, CA-Email, Lawson ERP, Compaq/Tandem Safeguard, IDX (Last Word and Radiology), SYBASE, HBOC/AS400, PACS, and Epic Care.
  • Experience using Vantive & Remedy for problem reporting, ticket tracking and change management.

Data Security Client Analyst

U S WEST, Information Technologies Services,

1990 1995

Broad overall responsibility for Systems Security, including:
  • Supported a varied client community on MVS/RACF. Over 80% of problems were resolved during the initial customer contact, leading to 100% client satisfaction.
  • Created new security policies and procedures to support cross-platform business changes.
  • Developed and delivered security presentations to educate clients and peers
  • Created an applications metrics tracking workbook to simplify the customer service and support function.
  • Provided application training to teams.

Production Control Analyst

U S WEST, Information Technologies Services,

1985 1990

Monitored on-line processing to ensure 98% availability.
  • Monitored batch processing, ensuring system readiness for on-line processing.
  • Worked as part of team and alone to support processing of customer bills. Often used as team resource due to strong written and verbal communication skills.
  • Trained new people on the job as they came into the role.

Pacific Northwest Bell/US WEST | Output/Tape Services and Bill Release |Seattle and Bellevue, WA

Data Processing Specialist

U S WEST, Information Technologies Services,

1978 1985

Operated IBM 3800 printers as well as Komstar dry microfiche machinery and microfiche duplicators with a very high level of expertise while overseeing and maintaining MVS/JES3 jobs to be printed or duplicated.
  • Maintained effective tape mounting services consistently meeting "mount pending" time under 90 seconds.
  • Exceeded expectations for managing operations for paper handling (bursting) and bill enclosing equipment.
  • Coordinated and maintained monthly on-call work schedule for unit. Developed creative methods for scheduling while meeting business needs and allowing maximum flexibility of team, leading to improved morale.
  • Designated backup when supervisor not available; led meetings and placed "in charge".
  • Provided leadership for special projects including a project to create total reorganization of microfiche archival system. Project successfully completed on time and within budget.
Resume Builder | Resume Templates | Resume Examples | About Us | Privacy Policy | Terms of Use | Help Articles | Contact Us © 2013-2017