UT Health Senior Information Security Analyst in Information Technology in Texas Medical Center-Houston, Texas
Senior Information Security Analyst in Information Technology
Texas Medical Center-Houston, Texas
Requisition #: 2200000I
UTHealth is looking for a Senior Information Security Analyst who will possess the ability to conduct compliance and security assessments in a very complex and large organization and the position requires advanced technical knowledge. Excellent verbal and written communication and organizational skills are integral to being successful in this role. The IT Security - Risk Management and Consulting team—of which this position is a member--provides guidance to the organization; thereby, the person in this position needs to exhibit a leadership mindset.
Over the next year the person in the position is expected to:
Expand the maturity of the existing risk management process into a robust risk management program. Doing so requires that the person in the position possess analytical skills to perform security assessments using a variety of tools—some of which the professional in this position may need to create.
Improve the risk and compliance management processes through orientation and execution of a granular risk assessment process. We need to accomplish this for the entire organization. Corrective action planning, follow-up and roadmap tracking/guidance will be a key function of this position.
Understand UTHealth education, healthcare and research business operations and provide guidance to the organization. The position will also provide guidance/leadership in the creation and modification of security policies, procedures, guidance documents and security information/awareness efforts.
Accomplishing the above goals will require talking to many different people some of whom are not IT folks, but rather business leaders throughout the organization and people outside of the organization. It will also require attention to details, prioritization, tracking progress, reports and follow-up e-mails and meetings. At the heart of it all, you still need to be technical so that you can measure and communicate the relevant risks and possible solutions.
Are you still interested?
If so, we would like to talk to you about a challenging and rewarding Information Security position.
This is a full time role that requires the employee to report to a location in the Texas Medcial Center. They will office out of our University Center Tower in a hybrid schedule of working remotely and on-site when needed. It is eligible for full benefits from UTHealth including great medical coverage options and an excellent retirement package from the State of Texas.
Position Key Accountabilities:
Provides technical leadership and support in the selection, configuration, and maintenance of security and software, utilities, and hardware.
Manages projects and supervises Information Security Staff and/or resources as relating to departmental projects and key initiatives as required by Chief Information Security Officer.
Maintains current understanding of IT audit techniques, information security best practices, policies and procedures including Federal, State and other applicable regulatory requirements and guidelines (HIPAA, FERPA, NIST, PCI DSS, TAC 202).
Evaluates cost effective alternatives to current information security program components.
Participates in annual review of all information security policies, standards, procedures and guidelines; recommends amendments; assures alignment with current regulatory requirements.
Monitors and enforces compliance with information security policies, standards, procedures and guidelines.
Responsible for developing, implementing, and maintaining an ongoing IT security awareness and employee training program for the entire UTHSC-H.
Conducts risk and security assessments, facilitates disaster recovery planning, and supports business continuity efforts for business critical systems. Evaluates results with system owners and custodians.
Provides information security consulting on a variety of technologies and processes.
Performs periodic penetration tests and vulnerability scans. Reviews results for evidence of vulnerability or compromise; assist in or facilitate the implementation of resolution. Track resolution of findings and prepare reports.
Manages enterprise configuration/vulnerability management program, web application firewalls, and security scans to identify and correct security gaps. Prepares remediation reports and provides technical mentorship and guidance for various levels of operations staff.
Participates, develops and facilitates activities in support of Computer Security Incident Response Team (CSIRT) efforts. Coordinates initial assessments including severity, potential impact and resolution efforts with fellow CSIRT members.
Works with clinical, academic, and administrative application groups to design, develop, and deploy automation solutions with minimum supervision.
Provides support for enterprise account life-cycle management including, but not limited to account provisioning, account de-provisioning, authentication and authorization.
Monitors system log information for evidence of compromise; respond to and report security incidents.
Provides forensic analysis and support for compliance and other security related investigations; provides summary analysis as necessary.
Initiates and participates in periodic security audits; test controls; prepare reports and make recommendations as necessary.
Performs other duties as assigned.
Complex problem-solving skills; ability to think independently as well as work in a dynamic team group; ability to work within tight deadlines; strong organizational skills; excellent verbal and written communication skills.
Ability to configure and administer Windows and VMware servers and desktops; working knowledge of UNIX-based systems.
Preferred: Relevant security, audit or networking certifications (CISSP, CISA, CISM, GIAC, Cisco); web application security; programming, Linux system administration, database administration; network architecture design; incorporating security into SDLC.
Bachelor’s degree, training in information technology or related experience in lieu of education.
Three years of experience in information technology support or information technology auditing. One to two years direct involvement with security platforms deployed as part of an enterprise-level Information Security program.
Exerts up to 50 pounds of force occasionally and/or up to 20 pounds frequently and/or up to 10 pounds constantly to move objects.
This job class may contain positions that are security sensitive and thereby subject to the provisions of Texas Education Code § 51.215
If you are looking for a great healthcare career in Houston, visithttp://go.uth.edu/careers!
University of Texas Health Science Center at Houston (UTHealth)
Established in 1972 by The University of Texas System Board of Regents, The University of Texas Health Science Center at Houston (UTHealth) is Houston’s Health University and Texas’ resource for health care education, innovation, scientific discovery and excellence in patient care. The most comprehensive academic health center in the UT System and the U.S. Gulf Coast region, UTHealth is home to schools of biomedical informatics, biomedical sciences, dentistry, nursing and public health and the John P. and Kathrine G. McGovern Medical School. UTHealth includes The University of Texas Harris County Psychiatric Center, as well as the growing clinical practices UT Physicians, UT Dentists and UT Health Services. The university’s primary teaching hospitals are Memorial Hermann-Texas Medical Center, Children’s Memorial Hermann Hospital and Harris Health Lyndon B. Johnson Hospital.
UTHealth offers a comprehensive and competitive benefits package. For more information on our benefits programs please refer to the UTHealth Office of Benefits Website.
Equal Employment Opportunity Statement
UTHealth is committed to providing equal opportunity in all employment-related activities without regard to race, color, religion, sex, sexual orientation, national origin, age, disability, genetic information, gender identity or expression, veteran status or any other basis prohibited by law or university policy. Reasonable accommodation, based on disability or religious observances, will be considered in accordance with applicable law and UTHealth policy. The University maintains affirmative action programs with respect to women, minorities, individuals with disabilities, and eligible veterans in accordance with applicable law.