Job Description
Duke University Health System
Durham, North Carolina, DHTS INFORMATION SECURITY ANALYST Job Description The Information Security Analyst is an individual contributor that will provide support for a variety of operational information security functions as part of Duke Health’s Information Security Office (ISO). This role will entail working as a member of the ISO Governance, Risk & Compliance (GRC) team, creating, documenting, and managing periodic reviews on Duke Health Enterprise (DHE) Policies, Standards, and Standard Operating Procedures (SOPs). The role will additionally perform information security reviews on applications/services, and Third Party Risk Management (TPRM) processes to support the core Information Security Infrastructure for Duke Health and the Private Diagnostic Clinic (PDC). The Information Security Analyst will work under the direction of the Chief Information Security Officer (CISO) and the Director of Security, GRC and must be able to work and communicate effectively with IT, clinical, research, and management staff from other departments across Duke Health. While the typical office hours for this position will be 8 am to 5 pm Monday through Friday, periodic after-hours work may be required. Essential Tasks/Responsibilities The Information Security Analyst role incorporates the following tasks and responsibilities: Create, document, and/or manage cross-group periodic reviews on DHE Security Policies, Standards, and SOPs. Perform Vendor Security Assessments (VSAs) in support of applications and/or services proposed for use at Duke Health or the PDC. Perform continuous monitoring of active applications and/or services at Duke Health or the PDC using TPRM processes and tools. On a daily basis, respond to relevant service requests received from end users (e. g.
for investigation of security events, use of security tools, or adherence to security policies and procedures). Participate in other activities necessary to support the information security program, and perform other related duties incidental to the work described herein. Work in conjunction with cross-functional teams to develop and manage plans and vendors to maintain compliance with HIPAA regulatory requirements. Desired Technical Knowledge, Skills, Abilities Regulatory requirements (HIPAA Security Rule, FISMA, and/or NIST Cybersecurity Framework) A broad understanding of multiple IT disciplines and technologies Strong, clear written and verbal communication skills Comfortable and confident communicating with executive leadership and peers alike Experience creating and managing multiple contributors to written policies or plans with strong writing and grammar skills Additional qualities: Strong focus on customer satisfaction Strong written and oral communication skills Strong critical thinking, analytical, and problem-solving skills Able to troubleshoot problems in complex environments Able to work independently as part of a team as necessary Able to effectively prioritize tasks with competing deadlines Excellent interpersonal skills with a demonstrated ability to build relationships with colleagues, customers, vendors, and other third parties. Special competencies required Good written and oral communication and customer service skills are critical for this role. Must be able to work effectively in a fast-paced environment where priorities shift quickly. Must be able to work independently or as part of a team as necessary. Preferred: One or more basic information security industry certifications (e. g. CompTIA Security+, CySA+ or equivalent) are highly desirable for this role.
Required Minimum Qualifications Level 1 or 2: Bachelor’s degree in a related field or four years of equivalent technical experience Licensure/Certification Level 1: N/A Level 2: In addition to the requirements described for Level 1, Level 2 requires: One or more information security industry certifications (e. g. CISSP, CISM, CISA, CEH, or equivalent) are preferred. Additional technical or management certifications (e. g. MCSE, CCNP, CCIE, or PMP) are preferred. Experience Level 1 – No experience is required beyond the minimum education (or equivalency) requirement. Level 2 – Two years of related experience is required. The ideal candidate should have a working knowledge of more than one of the following information security practices, standards, and systems: Data Loss Prevention (DLP) systems Encryption technologies and standards Endpoint security software Governance, Risk, and Compliance (GRC) systems Firewalls Forensic investigation practices Identity and Access Management (IAM) Incident response practices Intrusion Detection and Prevention Systems (IDS/IPS) Network and/or application penetration testing Risk assessment practices Security Information Event Management (SIEM) systems Virtual Private Network (VPN) systems Vulnerability management practices and Vulnerability scanning tools The ideal candidate should have a working knowledge of more than one of the following regulatory compliance requirements and IT management frameworks: COBIT FISMA HIPAA Security and/or Privacy Rules HITECH and Meaningful Use/Promoting Interoperability Program HITRUST Common Security Framework (CSF) ISO 27000-series standards ITIL NIST information security standards PCI DSS Duke is an Affirmative Action/Equal Opportunity Employer committed to providing employment opportunity without regard to an individual’s age, color, disability, gender, gender expression, gender identity, genetic information, national origin, race, religion, sex, sexual orientation, or veteran status. Duke aspires to create a community built on collaboration, innovation, creativity, and belonging.
Our collective success depends on the robust exchange of ideas-an exchange that is best when the rich diversity of our perspectives, backgrounds, and experiences flourishes. To achieve this exchange, it is essential that all members of the community feel secure and welcome, that the contributions of all individuals are respected, and that all voices are heard. All members of our community have a responsibility to uphold these values. Essential Physical Job Functions: Certain jobs at Duke University and Duke University Health System may include essentialjob functions that require specific physical and/or mental abilities. Additional information and provision for requests for reasonable accommodation will be provided by each hiring department.
Source ⇲