Duke University
DHTS INFORMATION SECURITY ANALYST
This job is now closed
Job Description
- Req#: 233172
- Create, document, and/or manage cross-group periodic reviews on DHE Security Policies, Standards, and SOPs.
- Perform Vendor Security Assessments (VSAs) in support of applications and/or services proposed for use at Duke Health or the PDC.
- Perform continuous monitoring of active applications and/or services at Duke Health or the PDC using TPRM processes and tools.
- On a daily basis, respond to relevant service requests received from end users (e.g. for investigation of security events, use of security tools, or adherence to security policies and procedures).
- Participate in other activities necessary to support the information security program, and perform other related duties incidental to the work described herein.
- Work in conjunction with cross-functional teams to develop and manage plans and vendors to maintain compliance with HIPAA regulatory requirements.
- Regulatory requirements (HIPAA Security Rule, FISMA, and/or NIST Cybersecurity Framework)
- A broad understanding of multiple IT disciplines and technologies
- Strong, clear written and verbal communication skills
- Comfortable and confident communicating with executive leadership and peers alike
- Experience creating and managing multiple contributors to written policies or plans with strong writing and grammar skills
- Strong focus on customer satisfaction
- Strong written and oral communication skills
- Strong critical thinking, analytical, and problem-solving skills
- Able to troubleshoot problems in complex environments
- Able to work independently as part of a team as necessary
- Able to effectively prioritize tasks with competing deadlines
- Excellent interpersonal skills with a demonstrated ability to build relationships with colleagues, customers, vendors, and other third parties.
- Good written and oral communication and customer service skills are critical for this role.
- Must be able to work effectively in a fast-paced environment where priorities shift quickly.
- Must be able to work independently or as part of a team as necessary.
- Data Loss Prevention (DLP) systems
- Encryption technologies and standards
- Endpoint security software
- Governance, Risk, and Compliance (GRC) systems
- Firewalls
- Forensic investigation practices
- Identity and Access Management (IAM)
- Incident response practices
- Intrusion Detection and Prevention Systems (IDS/IPS)
- Network and/or application penetration testing
- Risk assessment practices
- Security Information Event Management (SIEM) systems
- Virtual Private Network (VPN) systems
- Vulnerability management practices and Vulnerability scanning tools
- COBIT
- FISMA
- HIPAA Security and/or Privacy Rules
- HITECH and Meaningful Use/Promoting Interoperability Program
- HITRUST Common Security Framework (CSF)
- ISO 27000-series standards
- ITIL
- NIST information security standards
- PCI DSS
DHTS INFORMATION SECURITY ANALYST
Job DescriptionThe Information Security Analyst is an individual contributor that will provide support for a variety of operational information security functions as part of Duke Health’s Information Security Office (ISO). This role will entail working as a member of the ISO Governance, Risk & Compliance (GRC) team, creating, documenting, and managing periodic reviews on Duke Health Enterprise (DHE) Policies, Standards, and Standard Operating Procedures (SOPs). The role will additionally perform information security reviews on applications/services, and Third Party Risk Management (TPRM) processes to support the core Information Security Infrastructure for Duke Health and the Private Diagnostic Clinic (PDC). The Information Security Analyst will work under the direction of the Chief Information Security Officer (CISO) and the Director of Security, GRC and must be able to work and communicate effectively with IT, clinical, research, and management staff from other departments across Duke Health.
While the typical office hours for this position will be 8 am to 5 pm Monday through Friday, periodic after-hours work may be required.
Essential Tasks/Responsibilities
The Information Security Analyst role incorporates the following tasks and responsibilities:Desired Technical Knowledge, Skills, Abilities
Additional qualities:
Special competencies required
Preferred: One or more basic information security industry certifications (e.g. CompTIA Security+, CySA+ or equivalent) are highly desirable for this role.Required Minimum Qualifications
Level 1 or 2: Bachelor's degree in a related field or four years of equivalent technical experience
Licensure/Certification
Level 1: N/A
Level 2: In addition to the requirements described for Level 1, Level 2 requires: One or more information security industry certifications (e.g. CISSP, CISM, CISA, CEH, or equivalent) are preferred. Additional technical or management certifications (e.g. MCSE, CCNP, CCIE, or PMP) are preferred.
Experience
Level 1 - No experience is required beyond the minimum education (or equivalency) requirement.
Level 2 - Two years of related experience is required.
The ideal candidate should have a working knowledge of more than one of the following information security practices, standards, and systems:
The ideal candidate should have a working knowledge of more than one of the following regulatory compliance requirements and IT management frameworks:
Duke is an Affirmative Action/Equal Opportunity Employer committed to providing employment opportunity without regard to an individual's age, color, disability, gender, gender expression, gender identity, genetic information, national origin, race, religion, sex, sexual orientation, or veteran status.
Duke aspires to create a community built on collaboration, innovation, creativity, and belonging. Our collective success depends on the robust exchange of ideas—an exchange that is best when the rich diversity of our perspectives, backgrounds, and experiences flourishes. To achieve this exchange, it is essential that all members of the community feel secure and welcome, that the contributions of all individuals are respected, and that all voices are heard. All members of our community have a responsibility to uphold these values.
Essential Physical Job Functions: Certain jobs at Duke University and Duke University Health System may include essentialjob functions that require specific physical and/or mental abilities. Additional information and provision for requests for reasonable accommodation will be provided by each hiring department.
About the company
Duke University is a private research university in Durham, North Carolina.
Notice
Talentify is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or protected veteran status.
Talentify provides reasonable accommodations to qualified applicants with disabilities, including disabled veterans. Request assistance at accessibility@talentify.io or 407-000-0000.
Federal law requires every new hire to complete Form I-9 and present proof of identity and U.S. work eligibility.
An Automated Employment Decision Tool (AEDT) will score your job-related skills and responses. Bias-audit & data-use details: www.talentify.io/bias-audit-report. NYC applicants may request an alternative process or accommodation at aedt@talentify.io or 407-000-0000.