IT Business Analyst

Mandatory Skills

• Regulatory Knowledge: Deep understanding of HIPAA Security Rule and NIST frameworks.
• Interoperability: Knowledge of standards like HL7 or FHIR to ensure the patient system communicates securely with other healthcare platforms.
• Critical Thinking: Balancing "clinical usability" with "risk reduction"—ensuring security measures don't slow down life-saving patient care
• Extensive Security experience especially in pharma space dealing with Patient data

• IT Business Analyst Responsibilities
  • Requirements Gathering: Collaborates with clinical staff and administrators to define what the system must do, such as managing Electronic Health Records (EHR) or billing.
  • Process Optimization: Identifies bottlenecks in patient flow or data entry and recommends technical solutions to streamline these tasks.
  • User Support & Training: Translates complex technical features into actionable training for doctors, nurses, and administrative staff.
• Security Analyst Responsibilities
  • Focuses on the protection of Electronic Protected Health Information (ePHI) and regulatory compliance.
  • Risk Assessments: Conducts regular audits to identify vulnerabilities in the system's architecture, data flows, and third-party integrations.
  • Access Management: Implements "least-privilege" access and Multi-Factor Authentication (MFA) to ensure staff only see the patient data necessary for their specific roles.
  • Incident Response: Detects and responds to security threats, such as phishing or data breaches, and leads the recovery process while documenting findings for legal compliance.
  • Vendor Oversight: Manages Business Associate Agreements (BAAs) with system vendors to ensure they meet the organization's security standards
• Effective collaboration with product, data, and business teams
• Good communication and documentation skills and can work with executive leadership on daily basis
• Good functional and domain knowledge of Pharma domain
• Health care specific certification good plus:
  • HCISPP (HealthCare Information Security and Privacy Practitioner): The gold standard for this specific role; it covers healthcare risk, governance, and the legal aspects of patient data.
  • C PHIMS (Certified Professional in Healthcare Information and Management Systems): Focuses on the "Business Analyst" side—improving clinical outcomes through better technology management.
• Core Security & Audit (Must have):

· CISSP (Certified Information Systems Security Professional): Best for high-level security strategy and architecture.
· CISA (Certified Information Systems Auditor): Critical for the "Analyst" side, focusing on auditing system controls and reporting.

• Process & Business Analysis (Must have):

· CBAP (Certified Business Analysis Professional): For mastering requirements gathering and process modeling.
· ITIL 4 Foundation: Useful for understanding how to manage IT services in a high-stakes environment like a hospital

• Essential Compliance documentation prior experience(must have):
  • SRA (Security Risk Assessment) : A living document that identifies where ePHI is stored, transmitted, or at risk. This is a mandatory HIPAA requirement.
  • BAA (Business Associate Agreements): ): Contracts with third-party vendors) ensuring they also follow strict security standards