Website Vanderbilt University Medical Center


The Senior Security Analyst assists in the creation, coordination and execution of policy & privacy/security compliance programs across VUMC.  The Senior Security Analyst assists leadership in supporting these compliance programs that are expected to experience significant change, expansion or evolution over time.


Assist in conducting cybersecurity compliance reviews and tracking compliance gaps to remediation.
Assist in development/review of cybersecurity policies.
Consult with workforce members on regulatory and policy requirements.
Act as cybersecurity compliance representative on cross-functional work teams.
Assist with project/organizational risk assessments.
Develop, implement and monitor security compliance work plans for the organization.
Develop/improve processes for evaluating/documenting security compliance.
Assist in responding third party audits (payers, research partners, vendors).
Assist in responding to internal audits (assist in managing and completing Management Action Plans (MAPs))
Assist in developing cybersecurity training initiatives.
Prepare regular reports for executive review.
Maintain an in-depth knowledge of privacy/security-related regulatory frameworks such as HIPAA, GDPR and provide timely information regarding important regulatory changes to operational leaders.


Bachelor’s degree in related field or equivalent experience.
Experience writing/editing policies and procedures.
Experience managing compliance documentation, including but not limited to committee charters, confidentiality agreements and annual attestations.
Excellent organizational, analytical, and time management skills.
Effective interpersonal, writing, and communications skills required.
Experience with US and international privacy / security-related regulatory frameworks (HIPAA/HITECH, GDPR, etc…).
Ability to work independently with minimal supervision.
Experienced with business process development / improvement.
Ability to manage multiple competing priorities within the context of a complex, multi-faceted organization.
At least 3 years’ experience in cybersecurity.


PROGRAM MANAGEMENT (INTERMEDIATE): Planning, organizing, and managing resources to bring about the successful completion of specific program goals and objectives.

RISK AND COMPLIANCE ASSESSMENTS (INTERMEDIATE): Ensuring compliance with established foreign and domestic laws and regulations and VUMC institutional policies and procedures and recommending any necessary changes. This activity will include the independent review and examination of IT systems, architectures, data flows, etc., and the documentation and reporting of such assessments in support of VUMC programs.

PEER LEADERSHIP (INTERMEDIATE): The ability to show leadership and influence people of equal rank in an effort to accomplish team goals.

QUALITY MANAGEMENT (INTERMEDIATE): Developing a systematic process of checking to see whether a process or service is meeting specific requirements.

NETWORKING (INTERMEDIATE): Build relationships through industry contacts, professional organizations and individuals.

PROCESS IMPROVEMENT (INTERMEDIATE): Identifies, analyzes and improves upon existing business processes for optimization and to meet standards of quality.



Organizational Impact: Independently delivers on objectives with understanding of how they impact the results of own area/team and other related teams.
Problem Solving/ Complexity of work: Utilizes multiple sources of data to analyze and resolve complex problems; may take a new perspective on existing solution.
Breadth of Knowledge: Has advanced knowledge within a professional area and basic knowledge across related areas.
Team Interaction: Acts as a go-to resource for colleagues with less experience; may lead small project teams.

To apply for this job please visit