Work in Arizona Jobs

Job Information

Banner Health Business Security Analyst III in Phoenix, Arizona

Primary City/State:

Phoenix, Arizona

Department Name:

IT Cybersecurity GRC-Corp

Work Shift:


Job Category:

Information Technology

Health care is constantly changing, and at Banner Health, we are at the front of that change. We are leading health care to make the experience the best it can be. We want to change the lives of those in our care – and the people who choose to take on this challenge. If changing health care for the better sounds like something you want to be part of, we want to hear from you.

Banner Health Cybersecurity GRC is seeking a Business Security Analyst III to perform and manage HIPAA Security and Privacy assessments across our enterprise as well as manage IT audit issues and observations from internal/external audits. Tasks will include maintenance of IT issues, observations, finding follow-up and reporting. The teams focus is to leverage our assessments and data for internal/external audits to reduce overall audit hours across IT and to provide continual accountability and status of the overall IT risk register related to IT findings and observations. As a Cybersecurity Business Analyst III, you will gather information about Banner’s infrastructure and provide an analysis as to the control strengthens and weaknesses. You will collaborate with IT control owners with the goal of maturing/maintaining our current processes thereby building strong business relationships across IT. In this role you will be responsible for documenting control narratives including observations and potential process improvements as this documentation is leverage for future assessments and will align with other IT programs already created by the Cybersecurity GRC team. As the team evolves and grows, there will be opportunities to extend this role to the management and performance of IT and Cybersecurity risk assessments.

The typical schedule for this role is Monday-Friday 8a-5p with limited schedule flexibility. The primary location for this role will be at Banner Corporate (Phoenix Plaza - off Thomas and Central) with the opportunity for remote capabilities. An ideal candidate would possess a bachelor’s degree with 5+ years of related experience; have a good understanding of IT Governance, Risk and Compliance, and frameworks such as HIPAA, NIST, ITIL, and COBIT; an industry certification such as CISA, CISSP, or similar; internal/external audit liaison experience; time management skills; multitasking abilities, strong communications and organizational skills, and experience with teaching/training others.

Within Banner Health Corporate, you will have the opportunity to apply your unique experience and expertise in support of a nationally-recognized healthcare leader. We offer stimulating and rewarding careers in a wide array of disciplines. Whether your background is in Human Resources, Finance, Information Technology, Legal, Managed Care Programs or Public Relations, you'll find many options for contributing to our award-winning patient care.


This position is responsible for delivering Cybersecurity objectives to plan and designing, developing, and implementing, efficient business, technical, financial, and operational practices or systems in support of core organizational functions and business processes. This includes gathering and analyzing data or requirements in support of business cases, proposed projects, and systems requirements. This individual is competent to work at the highest practical understanding of the Essential Functions across the Cybersecurity organization. You will be required to apply proven communication, analytical, technical, and problem-solving skills to help maximize the benefit of Cybersecurity practices and investments. Provides all customers, both internal and external, of Banner Health with excellent service experience by consistently demonstrating our core and leader behaviors each and every day.


  1. Manage process enhancement and redesign efforts to streamline Cybersecurity delivery. Review and analyze the effectiveness and efficiency of existing systems and processes to develop strategies for improving or further leveraging, consolidating, or decommissioning.

  2. Ability to work independently and as a team with minimal oversight to identify and establish scope and parameters of required analysis in order to define outcome criteria and deliver measurable actions as part of daily efforts as well as in projects.

  3. Ability to determine key data points from raw data and generate information to create meaningful actionable metrics and represent at an executive level.

  4. Ability to translate complex, technical specifications into understandable and actionable business requirements.

  5. Ability to manage financial planning processes and deliver financial results and reporting including month end, total cost of ownership, ROI, and CBA.

  6. Conduct research to make recommendations and to support decision making with the ability to communicate effectively at all levels of the organization.

  7. Provides guidance, direction, and oversight for compliance with all federal, state, and local mandated information security laws, rules, and guidelines. Remain current with the latest industry information.

  8. Ability to interpret, evaluate, manage, and strategize vendor relationships.

  9. Under general direction, this position is responsible for Cybersecurity across multiple departments system-wide and requires interaction at all levels of staff and management.


Must possess strong knowledge of business, cybersecurity, information technology and/or computer science as normally obtained through the completion of a bachelor's degree. Certification may be required in at least one of the following areas within one year of entering the position. Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), Systems Security Certified Practitioner (SSCP), Payment Card Industry - Internal Security Assessor (PCI-ISA), Certified in Risk and Information Systems Control (CRISC), HealthCare Information Security & Privacy Practitioner (HCISSP), CompTIA Security+ or other certification designated by the Information Security Leader.

Must possess four years of experience in a healthcare or related environment or an equivalent combination of relevant education, technical, business and healthcare experience. Must demonstrate expertise in information technology and healthcare. Needs experience in medium to large scale project planning and reporting either individually or in a team. Requires communication and presentation skills to engage technical and non-technical audiences. Requires ability to communicate and interact across facilities and at various levels. Ability to balance project workloads with customer support and on-call demands. As is typical in this industry, variable shifts and hours and carrying/responding to a pager may be required.

Demonstrate proficiency with the Microsoft Suite of products and other tools depending on position requirements.


Advanced degree may substitute for work experience.

Additional related education and/or experience preferred.

Banner Health complies with applicable federal and state laws and does not discriminate based on race, color, national origin, religion, sex, sexual orientation, gender identity or expression, age, or disability.