Information Security Analyst

Location
North Carolina, United Sates
Posted
30 Nov 2018
End of advertisement period
30 Jan 2019
Ref
401514026
Contract Type
Permanent
Hours
Full Time

Job Description

The Information Security Analyst Level 2 provides support for a variety of operational and consultative functions as part of the Duke Medicine Information Security Office (ISO). The Information Security Analyst Technical Lead helps design, implement, manage, and monitor security controls to protect the confidentiality, integrity, availability of the organization’s information assets in accordance with legal, regulatory, and institutional requirements. The Information Security Analyst Level 2 also acts as a subject matter expert in relevant domains of knowledge, and will work in collaboration with IT, clinical, research, and management staff. The position provides expertise in: defining requirements; developing and designing secure architectures; developing secure processes and standards; and selecting enterprise-wide security products, tools, technologies and services. The Information Security Analyst Technical Lead works with all functional areas within IT to design and support secure technologies that meet the business needs of Duke Health.

Duties and Responsibilities

  • This position may include the following duties and responsibilities:
  • Develop an understanding of key Duke Health technology and systems.
  • Perform security pre-purchase evaluation of vendors in accordance with ISO procedures, and develop security requirements for purchase of vended solutions.
  • Work with customers, Engineering, vendors, Compliance and other Duke Health staff to track and help remediate control deficiencies.
  • Work with customer to implement DHTS security processes into customer workflows.
  • Test application and system security controls, and providing development teams and/or vendors with remediation recommendations.
  • Working in conjunction with cross-functional teams, develop and manage plans to attain and maintain compliance with HIPAA regulatory requirements.
  • Conduct risk assessments and vulnerability scans to identify security risks, and report on findings to system owners and management.
  • Review existing security plans with system, application, and data owners/managers to ensure that controls are properly implemented, and to proactively identify any gaps that may result in non-compliance with regulatory or Duke Health requirements.
  • Respond to relevant service requests received from end users.
  • Provide reports and presentations on the status of security controls and industry trends to management and technical staff.
  • Develop and deliver security training and security-related newsletter content for the organization’s staff.
  • Participate in campus-wide information security events and programs to ensure alignment and knowledge sharing between departments.
  • Participate in other activities necessary to support the information security program.

Required Qualifications at this Level

Education:          

Bachelor’s degree in a related clinical or technical field, or four years of equivalent technical experience required.

Experience:  
     
Minimum of ten years of general IT industry experience is required, of which at least five years should have been in an information security operations, engineering, or related role.

Degrees, Licensure, and/or Certification:      

Certified Information Systems Security Professional (CISSP) is strongly preferred.   Candidate must pass the CISSP exam within two years of hire date.
The ideal candidate will hold additional technical or management certifications (e.g. HCISPP, CISM, CISA, CEH, GIAC, MCSE, CCNP, VMWare Certified Professional, CCIE, or PMP).

Knowledge, Skills, and Abilities:

The Information Security Analyst 2 role requires a multi-faceted information security and IT professional with a variety of knowledge, skills, and abilities. The successful candidate will possess experience one or more of the following areas: 

  • Data Loss Prevention (DLP) systems
  • Encryption technologies and standards
  • Endpoint security software
  • Identity and Access Management (IAM) solutions, including industry standards such as OAuth, OpenID, SAML, Shibboleth, etc.
  • Network and/or application penetration testing
  • Network security (e.g. firewalls, IDS/IPS, NAC, VPN, software-defined networking)
  • Virtualization and container technologies (e.g. VMware, Docker)
  • Server operating systems
  • Vulnerability scanning tools and management practices
  • Must have a working knowledge of the HIPAA Security Rule, FISMA, or the NIST Cybersecurity Framework.
  • The ideal candidate will have demonstrated the following characteristics through past professional and educational experiences:
  • A broad understanding of multiple IT disciplines and technologies
  • Strong focus on customer satisfaction
  • Strong written and oral communication skills
  • Strong critical thinking, analytical, and problem-solving skills
  • Able to troubleshoot problems in complex technical environments
  • Able to work independently or as part of a team as necessary
  • Able to effectively prioritize tasks with competing deadlines
  • Self-starter who is able to effectively use professional judgment and work with minimal direction
  • Excellent interpersonal skills with a demonstrated ability to build relationships with colleagues, customers, vendors, and other third parties.

Minimum Qualifications

Education

Level 1, 2 and 3 - Bachelor's degree in a related clinical or technical field, or four years of equivalent technical experience required. Level 3 - A Master's degree in computer science, information systems, business management, engineering, mathematics, healthcare, a physical science, or other related field is preferred.

LICENSURE/CERTIFICATION:

LEVEL 1: N/A

LEVEL 2: In addition to the requirements described for the Level 1, the Level 2 requires:One or more information security industry certifications (e.g. CISSP,CISM, CISA, CEH, or equivalent) are preferred. Additional technical or management certifications (e.g. MCSE, CCNP, CCIE, or PMP) are preferred.

LEVEL 3: In addition to the requirements described for the Level 2, the Level 3 requires: One or more information security industry certifications (e.g. CISSP,CISM, CISA, CEH, or equivalent) are required.

Experience

Level 1 - No experience required beyond the minimum education (or equivalency) requirement. Level 2 - Three years of related experience is required. Level 3 - Five years of related experience is required.

Requisition Number: 401514026
Location: Durham 
Duke Entity: HEALTH SYSTEM
Job Code: 3843 DHTS INFORMATION SECURITY ANALYST
Job Family Level:  CD
Exempt/Non-Exempt: Exempt
Full Time / Part Time: FULL TIME
Regular / Temporary: Regular
Shift: First/Day

Minimum Qualifications

Duke University is an Affirmative Action/Equal Opportunity Employer committed to providing employment opportunity without regard to an individual's age, color, disability, gender, gender expression, gender identity, genetic information, national origin, race, religion, sex, sexual orientation, or veteran status. Duke aspires to create a community built on collaboration, innovation, creativity, and belonging. Our collective success depends on the robust exchange of ideas, an exchange that is best when the rich diversity of our perspectives, backgrounds, and experiences flourishes. To achieve this exchange, it is essential that all members of the community feel secure and welcome, that the contributions of all individuals are respected, and that all voices are heard. All members of our community have a responsibility to uphold these values.

Essential Physical Job Functions:

Certain jobs at Duke University and Duke University Health System may include essential job functions that require specific physical and/or mental abilities. Additional information and provision for requests for reasonable accommodation will be provided by each hiring department.

Education

Level 1, 2 and 3 - Bachelor's degree in a related clinical or technical field, or four years of equivalent technical experience required. Level 3 - A Master's degree in computer science, information systems, business management, engineering, mathematics, healthcare, a physical science, or other related field is preferred.

LICENSURE/CERTIFICATION:

LEVEL 1: N/A

LEVEL 2: In addition to the requirements described for the Level 1, the Level 2 requires: One or more information security industry certifications (e.g. CISSP, CISM, CISA, CEH, or equivalent) are preferred. Additional technical or management certifications (e.g. MCSE, CCNP, CCIE, or PMP) are preferred.

LEVEL 3: In addition to the requirements described for the Level 2, the Level 3 requires: One or more information security industry certifications (e.g. CISSP, CISM, CISA, CEH, or equivalent) are required.

Experience

Level 1 - No experience required beyond the minimum education (or equivalency) requirement. Level 2 - Two years of related experience is required. Level 3 - Four years of related experience is required.

Degrees, Licensures, Certifications

N/A

Auto req:  ID106501BR