DHTS INFORMATION SECURITY ANALYST

* DHTS INFORMATION SECURITY ANALYST
401058771
75741BR
Durham
HEALTH SYSTEM
DHTS – INFORMATION SECURITY ADMIN
First/Day
FULL TIME
3843 DHTS INFORMATION SECURITY ANALYST
CD
General Description
The Information Security Analyst provides support for a variety of operational and consultative functions as part of the Duke Medicine Information Security Office (ISO).  The Information Security Analyst helps design, implement, manage, and monitor security controls to protect the confidentiality, integrity, and availability of the organization’s information assets in accordance with legal, regulatory, and institutional requirements. The Information Security Analyst also acts as a subject matter expert in relevant domains of knowledge, and will work in collaboration with IT, clinical, research, and management staff.
Duties and Responsibilities
This position may include the following duties and responsibilities

  • Working in conjunction with cross-functional teams, develop and manage plans to attain and maintain compliance with various regulatory requirements, including but not limited to HIPAA, FISMA, and PCI.
  • Conduct risk assessments, vulnerability scans, and penetration tests to identify security risks, and report on findings to system owners and management.
  • Using output from risk assessments and requirements analysis, assist system, application, and data owners/managers with selecting security controls and documenting system security plans.
  • Review existing security plans with system, application, and data owners/managers to ensure that controls are properly implemented, and to proactively identify any gaps that may result in non-compliance with regulatory requirements.
  • Use professional judgment and institutional knowledge to assess risk levels, conduct forensic investigations, provide guidance on remediation planning, and prioritize remediation efforts.
  • Develop and deliver security awareness training for the organization’s staff.
  • Respond to relevant service requests received from end users.
  • Provide reports and presentations on the status of security controls and industry trends to management and technical staff.
  • Develop and deliver security awareness training for the organization’s staff.
  • Participate in campus-wide information security events and programs to ensure alignment and knowledge sharing between departments.
  • 24×7 on-call support rotation may be required.
  • Participate in other activities necessary to support the information security program.
  • Performs other related duties incidental to the work described herein.


Required Qualifications at this Level

Education:  Bachelor’s degree in a related clinical or technical field, or four years of equivalent technical experience required.

Experience: Minimum of ten years of general IT industry experience is required, of which at least three years should have been in a information security operations, engineering, audit, or related role.

Degrees, Licensure, and/or Certification:
  • One or more information security industry certifications (e.g. CISSP, HCISPP, CISM, CISA, CEH, or equivalent) are preferred.
  • Additional technical or management certifications (e.g. MCSE, CCNP, CCIE, or PMP) are preferred.

Knowledge, Skills, and Abilities:
  • Must have a working or expert knowledge of at least one of the following information security practices, standards, and systems:
    • Data Loss Prevention (DLP) systems
    • Encryption technologies and standards
    • Endpoint security software
    • Governance, Risk, and Compliance (GRC) systems
    • Firewalls
    • Forensic investigation practices
    • Identity and Access Management (IAM)
    • Incident response practices
    • Intrusion Detection and Prevention Systems (IDS/IPS)
    • Network and/or application penetration testing
    • Risk assessment practices
    • Security Information Event Management (SIEM) systems
    • Virtual Private Network (VPN) systems
    • Vulnerability management practices
    • Vulnerability scanning tools
  • Must have an expert knowledge of the HIPAA Security Rule, FISMA, and a working knowledge of at least one of the following regulatory compliance requirements and IT management frameworks:
    • HITECH and Meaningful Use
    • HITRUST Common Security Framework (CSF)
    • ISO 27000-series standards
    • ITIL
    • NIST SP800-53 and related standards
    • PCI DSS
  • The ideal candidate will have demonstrated the following characteristics through past professional and educational experiences:
    • A broad understanding of multiple IT disciplines and technologies
    • Strong focus on customer satisfaction
    • Strong written and oral communication skills
    • Strong critical thinking, analytical, and problem solving skills
    • Able to troubleshoot problems in complex technical environments
    • Able to work independently or as part of a team as necessary
    • Able to effectively prioritize tasks with competing deadlines
    • Able to maintain a positive attitude in challenging circumstances
    • Self-starter who is able to work with minimal direction
    • Able to work effectively across multiple technical disciplines
    • Strong interpersonal skills and the ability to build relationships with colleagues, customers, vendors, and other third parties
Duke University is an Affirmative Action/Equal Opportunity Employer committed to providing employment opportunity without regard to an individual’s age, color, disability, genetic information, gender, gender identity, national origin, race, religion, sexual orientation, or veteran status. ******************************************************* Essential Physical Job Functions: Certain jobs at Duke University and Duke University Health System may include essential job functions that require specific physical and/or mental abilities. Additional information and provision for requests for reasonable accommodation will be provided by each hiring department.

Education

Level 1, 2 and 3 – Bachelor’s degree in a related clinical or technical field, or four years of equivalent technical experience required. Level 3 – A Master’s degree in computer science, information systems, business management, engineering, mathematics, healthcare, a physical science, or other related field is preferred. LICENSURE/CERTIFICATION: LEVEL 1: N/A LEVEL 2: In addition to the requirements described for the Level 1, the Level 2 requires: One or more information security industry certifications (e.g. CISSP, CISM, CISA, CEH, or equivalent) are preferred. Additional technical or management certifications (e.g. MCSE, CCNP, CCIE, or PMP) are preferred. LEVEL 3: In addition to the requirements described for the Level 2, the Level 3 requires: One or more information security industry certifications (e.g. CISSP, CISM, CISA, CEH, or equivalent) are required.

Experience

Level 1 – No experience required beyond the minimum education (or equivalency) requirement. Level 2 – Three years of related experience is required. Level 3 – Five years of related experience is required.

Degrees, Licensures, Certifications

N/A

Source:https://sjobs.brassring.com/TGWEbHost/jobdetails.aspx?jobId=758097&partnerid=25017&siteid=5172&codes=IND

Print Friendly

Leave a Reply