Information Security Analyst - Duke Health Technology Solutions - Durham
Company: Duke Health
Location: Morrisville
Posted on: November 26, 2022
Job Description:
The Information Security Analyst for Security Engineering
provides support for a variety of operational and consultative
functions as part of the Duke Health Information Security Office
(ISO). The Information Security Analyst helps design, implement,
manage, and monitor security controls to protect the
confidentiality, integrity, and availability of the organization's
information assets in accordance with legal, regulatory, and
institutional requirements. The Information Security Analyst also
acts as a subject matter expert in relevant domains of knowledge,
and will work in collaboration with IT, clinical, research, and
management staff.
This position may include the following duties and
responsibilities
- Develop an understanding of key Duke Health security
applications (e.g. endpoint protection, detection, and response;
encryption; data loss prevention; enterprise vulnerability
management).
- Provide maintenance, support and troubleshooting for security
platforms and tools.
- Design and Implement robust security architectures for security
platforms and tools.
- Test security applications and work with development teams or
vendors.
- Remain current on emerging security trends and
technologies.
- Working in conjunction with cross-functional teams, develop and
manage plans to attain and maintain compliance with various
regulatory requirements, including but not limited to HIPAA, FISMA,
and PCI.
- Using output from risk assessments and requirements analysis,
assist system, application, and data owners/managers with selecting
security controls and documenting system security plans.
- Review existing security plans with system, application, and
data owners/managers to ensure that controls are properly
implemented, and to proactively identify any gaps that may result
in non-compliance with regulatory or Duke Health requirements.
- Use professional judgment and institutional knowledge to assess
risk levels, conduct forensic investigations, provide guidance on
remediation planning, and prioritize remediation efforts.
- Provide reports and presentations on the status of security
controls and industry trends to management and technical
staff.
- Participate in campus-wide information security events and
programs to ensure alignment and knowledge sharing between
departments.
- Participate in other activities necessary to support the
information security program. Minimum Qualifications
Education:
- Bachelor's degree in a related clinical or technical field, or
four years of equivalent technical experience required. Experience:
- Minimum of five years of general IT industry experience is
required, of which at least three years should have been in an
information security operations, engineering, or related role.
- One or more information security industry certifications (e.g.
CIS SP, CEH, OSCP, GIAC certifications, or equivalent) are
preferred.
- Additional technical or management certifications (e.g. MCSE,
CCNP, AWS Certified Solutions Architect, Salesforce certifications,
VMWare Certified Professional, CCIE, or PMP) are preferred.
- Must have a working knowledge of at least one of the following
information security practices, standards, and systems:
- Data Loss Prevention (DLP) systems
- AWS, Azure or Google Cloud
- Encryption technologies and standards
- Endpoint security software
- Firewalls
- Forensic investigation practices
- Identity and Access Management (IAM)
- Intrusion Detection and Prevention Systems (IDS/IPS)
- Network and/or application penetration testing
- Security Information Event Management (SIEM) systems
- Virtual Private Network (VPN) systems
- Vulnerability management practices
- Vulnerability scanning tools
- Must have a working knowledge of the HIPAA Security Rule, FISMA
or PCI. Preferred Qualifications
The ideal candidate will have demonstrated the following
characteristics through past professional and educational
experiences:
- Able to maintain a positive attitude in challenging
circumstances
- Abroad understanding of multiple IT disciplines and
technologies
- Strong focus on customer satisfaction
- Strong written and oral communication skills
- Strong critical thinking, analytical, and problem solving
skills
- Able to troubleshoot problems in complex technical
environments
- Able to work independently or as part of a team as
necessary
- Able to effectively prioritize tasks with competing
deadlines
- Self-starter who is able to work with minimal direction
- Able to work eff ectivelyacross multiple technical
disciplines
- Strong interpersonal skills and the ability to build
relationships with colleagues, customers, vendors, and other third
parties
Duke is an Affirmative Action/Equal Opportunity Employer committed
to providing employment opportunity without regard to an
individual's age, color, disability, gender, gender expression,
gender identity, genetic information, national origin, race,
religion, sex, sexual orientation, or veteran status.
Duke aspires to create a community built on collaboration,
innovation, creativity, and belonging. Our collective success
depends on the robust exchange of ideas-an exchange that is best
when the rich diversity of our perspectives, backgrounds, and
experiences flourishes. To achieve this exchange, it is essential
that all members of the community feel secure and welcome, that the
contributions of all individuals are respected, and that all voices
are heard. All members of our community have a responsibility to
uphold these values.
Essential Physical Job Functions: Certain jobs at Duke University
and Duke University Health System may include essentialjob
functions that require specific physical and/or mental abilities.
Additional information and provision for requests for reasonable
accommodation will be provided by each hiring department.
Keywords: Duke Health, Cary , Information Security Analyst - Duke Health Technology Solutions - Durham, Healthcare , Morrisville, North Carolina
Didn't find what you're looking for? Search again!
Loading more jobs...
