Senior Security Analyst
Facility: University of Maryland Medical System
Employment Type: Full Time
Location: Columbia, MD Shift/Schedule: DAY
Department: IST: TECHNOLOGY SVC GROUP
Posted FTE: 1
Job Posting Category:
Hours of Work: M-F, 8a-4p
Job ID #: 43307
Benefits Eligible:
Minimum Education:
License/Cert Required: Not Indicated
Minimum Experience:
Specialty Type: Not Applicable
What You Will Do:
General Summary
The responsibility of the Senior Security Analyst is to increase information confidentiality, integrity, and availability through the integration of security policies, security awareness, access controls and environmental controls. Responsibilities include working with the Information Security team, technologies teams and business to develop, maintain and monitor an effective Information security program which is designed to ensure the logical and physical protection of the company’s technical resources which include information, equipment and software.
Principal Responsibilities and Tasks
The following statements are intended to describe the general nature and level of work being performed by people assigned to this classification. These are not to be construed as an exhaustive list of all job duties performed by personnel so classified.
Policies, procedures and awareness
1. Leads the effort to develop security standards, procedures, and guidelines for multiple platforms, applications and diverse systems environments as well as evaluating existing information security procedures and identifying new areas of risk.
2. Leads the effort to develop, enhance and implement security training program based on policies.
Compliance:
3. Works with Compliance, Privacy and Legal to meet the requirements of Meaningful Use and Litigation Hold.
4. Manages UMMS compliance with industry and statutory data needs and statutes such as HIPAA & HITECH regulations and Medicare and Medicaid Electronic Health Record (EHR) Incentive Program rules and requirements. Identifies regulatory changes that will affect information security policy, standards, and procedures and recommends appropriate changes. Prepares action plan and monitors corrective measures to maintain adequate level of security to meet audit and regulatory requirements.
Testing and Remediation:
5. Coordinates the efforts, assist in the responses and tracks the remediation of Information Security Program Assessments and Risk Assessment. Coordinated internal and external audits related to Information Security.
Identity Management:
6. Develops and manages role-based access requirements, methods, processes and tools, including identify and authentication management.
Data Classification:
7. Manage the information lifecycle, including information inventory, classification, handling, retention and disposal.
Disaster Recovery:
8. Establish updates and maintains the IT Disaster Recovery and Business Impact analysis efforts. Coordinates and documents table top exercises and Disaster Recovery tests.
Vendor Reviews:
9. Conduct Vendor Security Risk Assessments to determine which vendors have access to confidential information and perform detailed assessment based on the risk.
Security Project Management:
10. Perform project leadership tasks on select security projects
11. Maintain a solid familiarity with HIPAA/HITECH/Meaningful Use Security and Privacy related regulations.
12. Participates and/or leads security projects, estimates costs, time frames, staffing requirements and prepares cost justifications for assigned project. Uses status reports for project oversight.
What You Need to Be Successful:
Education and Experience
1. Bachelor's Degree in computer science, a health, science, or business field, or an equivalent level of professional experience required. Master’s degree preferred. Additional Certifications may be required. CISSP, CISA, CISM, CGEIT, CRISC, CHC, CHPS, CIPP, PMP, ITIL v3 preferred
2. Five (5) years in Information Technology related experience
3. Three (3) or more years’ experience in IT security.
4. Experience in working with compliance and regulatory program requirements. Experience with IT governance, policies, access controls and compliance. Proven project management and organizational skills, specifically managing multiple concurrent projects. Excellent analytical, problem solving and decision making skills, applied with a solution-focused attitude. Excellent written communication skills, demonstrating the ability to write with purpose, clarity, and accuracy. Strong self-directed work habits, exhibiting initiative, drive, creativity, maturity, self-assurance and professionalism. Excellent teamwork skills.
5. Experience working in a healthcare environment is preferred.
Knowledge, Skills and Abilities
1. Ability to perform and teach analysis and problem solving principles with emphasis in user relations, data gathering techniques, and management information applications to IT staff is required. Serves as a resource to others in the resolution of complex problems and issues.
2. Demonstrates ability to develop complex specifications for all aspects of applications, and familiarity with problem analysis, hardware/software configurations and application integration.
3. Able to teach application functionality, design standards, process changes to the end user community and train the trainer.
4. Makes recommendations regarding the integration/relationship between and among organizational applications.
5. Effective customer service skills, with the ability to work with all levels within the organization.
6. Ability to teach a project team of analysts, end users and consultants skills required to coordinate daily activities, delegate responsibilities, tasks and review/validate work.
7. Effective verbal and written communication skills are necessary to advise and consult with user personnel and make formal presentations of project findings and recommendations.
8. Able to teach security application functionality, design standards, and problem solving tools.
9. Excellent organization skills; demonstrates confidence and creativity.
~CB
We are an Equal Opportunity Employer and do not discriminate against any employee or applicant for employment because of race, color, sex, age, national origin, religion, sexual orientation, gender identity, status as a veteran, and basis of disability or any other federal, state or local protected class.
Facility: University of Maryland Medical System
Employment Type: Full Time
Location: Columbia, MD Shift/Schedule: DAY
Department: IST: TECHNOLOGY SVC GROUP
Posted FTE: 1
Job Posting Category:
Hours of Work: M-F, 8a-4p
Job ID #: 43307
Benefits Eligible:
Minimum Education:
License/Cert Required: Not Indicated
Minimum Experience:
Specialty Type: Not Applicable
What You Will Do:
General Summary
The responsibility of the Senior Security Analyst is to increase information confidentiality, integrity, and availability through the integration of security policies, security awareness, access controls and environmental controls. Responsibilities include working with the Information Security team, technologies teams and business to develop, maintain and monitor an effective Information security program which is designed to ensure the logical and physical protection of the company’s technical resources which include information, equipment and software.
Principal Responsibilities and Tasks
The following statements are intended to describe the general nature and level of work being performed by people assigned to this classification. These are not to be construed as an exhaustive list of all job duties performed by personnel so classified.
Policies, procedures and awareness
1. Leads the effort to develop security standards, procedures, and guidelines for multiple platforms, applications and diverse systems environments as well as evaluating existing information security procedures and identifying new areas of risk.
2. Leads the effort to develop, enhance and implement security training program based on policies.
Compliance:
3. Works with Compliance, Privacy and Legal to meet the requirements of Meaningful Use and Litigation Hold.
4. Manages UMMS compliance with industry and statutory data needs and statutes such as HIPAA & HITECH regulations and Medicare and Medicaid Electronic Health Record (EHR) Incentive Program rules and requirements. Identifies regulatory changes that will affect information security policy, standards, and procedures and recommends appropriate changes. Prepares action plan and monitors corrective measures to maintain adequate level of security to meet audit and regulatory requirements.
Testing and Remediation:
5. Coordinates the efforts, assist in the responses and tracks the remediation of Information Security Program Assessments and Risk Assessment. Coordinated internal and external audits related to Information Security.
Identity Management:
6. Develops and manages role-based access requirements, methods, processes and tools, including identify and authentication management.
Data Classification:
7. Manage the information lifecycle, including information inventory, classification, handling, retention and disposal.
Disaster Recovery:
8. Establish updates and maintains the IT Disaster Recovery and Business Impact analysis efforts. Coordinates and documents table top exercises and Disaster Recovery tests.
Vendor Reviews:
9. Conduct Vendor Security Risk Assessments to determine which vendors have access to confidential information and perform detailed assessment based on the risk.
Security Project Management:
10. Perform project leadership tasks on select security projects
11. Maintain a solid familiarity with HIPAA/HITECH/Meaningful Use Security and Privacy related regulations.
12. Participates and/or leads security projects, estimates costs, time frames, staffing requirements and prepares cost justifications for assigned project. Uses status reports for project oversight.
What You Need to Be Successful:
Education and Experience
1. Bachelor's Degree in computer science, a health, science, or business field, or an equivalent level of professional experience required. Master’s degree preferred. Additional Certifications may be required. CISSP, CISA, CISM, CGEIT, CRISC, CHC, CHPS, CIPP, PMP, ITIL v3 preferred
2. Five (5) years in Information Technology related experience
3. Three (3) or more years’ experience in IT security.
4. Experience in working with compliance and regulatory program requirements. Experience with IT governance, policies, access controls and compliance. Proven project management and organizational skills, specifically managing multiple concurrent projects. Excellent analytical, problem solving and decision making skills, applied with a solution-focused attitude. Excellent written communication skills, demonstrating the ability to write with purpose, clarity, and accuracy. Strong self-directed work habits, exhibiting initiative, drive, creativity, maturity, self-assurance and professionalism. Excellent teamwork skills.
5. Experience working in a healthcare environment is preferred.
Knowledge, Skills and Abilities
1. Ability to perform and teach analysis and problem solving principles with emphasis in user relations, data gathering techniques, and management information applications to IT staff is required. Serves as a resource to others in the resolution of complex problems and issues.
2. Demonstrates ability to develop complex specifications for all aspects of applications, and familiarity with problem analysis, hardware/software configurations and application integration.
3. Able to teach application functionality, design standards, process changes to the end user community and train the trainer.
4. Makes recommendations regarding the integration/relationship between and among organizational applications.
5. Effective customer service skills, with the ability to work with all levels within the organization.
6. Ability to teach a project team of analysts, end users and consultants skills required to coordinate daily activities, delegate responsibilities, tasks and review/validate work.
7. Effective verbal and written communication skills are necessary to advise and consult with user personnel and make formal presentations of project findings and recommendations.
8. Able to teach security application functionality, design standards, and problem solving tools.
9. Excellent organization skills; demonstrates confidence and creativity.
~CB
We are an Equal Opportunity Employer and do not discriminate against any employee or applicant for employment because of race, color, sex, age, national origin, religion, sexual orientation, gender identity, status as a veteran, and basis of disability or any other federal, state or local protected class.