Senior Data Security Analyst
- Posted: over a month ago
JOIN UHA’S TEAM
We focus on your health and pay 100% for your family's medical insurance and provide 20 days of paid personal time off during your first year
Senior Data Security Analyst
Department: Information Services
FLSA Status: Full time, Exempt
Under general guidance from the Chief Information Officer, the incumbent is responsible to drive the constant improvement and evolution of UHA’s cyber security program. Provide leadership for key security functions in all phases of the NIST CyberSecurity Framework of 1) Identify, 2) Protect, 3) Detect, 4) Respond, 5) Recover. The incumbent will have the opportunity to learn UHA’s business functions, then lead cross functional teams to design people, process and technical security solutions and programs that mesh with UHA’s business operations.
Essential Duties & Responsibilities:
- Understand UHA’s business functions and design people, process and technical security solutions and programs that mesh with UHA’s business operations. Use cyber security frameworks to standardize these cyber security solutions and programs.
- Coordinate the efforts of a diverse group of information systems and business professionals to complete periodic data security risk analyses and assessments. Identify projects/activities to address gaps and mitigate risks. Work directly with executive level personnel to ensure that residual risk is within UHA’s overall risk tolerance.
- Develop and maintain a multi-year enterprise-wide security roadmap. Provide program management over all the discrete projects that comprise the roadmap. Provide project management over several of the projects at any given time.
- Design appropriate data security solutions and programs for SaaS and Cloud services that UHA uses.
- Update UHA’s information security policies, manuals and procedures.
- Do presentations for, and actively engage in discussions with executive level personnel including the CEO, COO, CFO and CIO, and members of the UHA Board of Directors. Present complex security concepts in business friendly language in order to gain their understanding, buy-in and approval of UHA’s security program and roadmap.
- Provide information security guidance to a diverse team of professionals, including, network analysts, audit and compliance specialists, legal specialist, human resources specialists.
- Ensure that the operational activities of UHA’s security program, e.g., monthly patching, access reviews, HIPAA training, phishing exercises are executed and documented.
- Stay abreast with the cyber security threat and solution landscape to bring innovative solutions that significantly improve UHA’s security posture.
Required Education and Experience:
The individual must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
Knowledge, Skills and Abilities:
- Knowledge of data security technologies such as firewalls, DLP systems, IPS/IDS Systems, cloud web proxies, file and execution based malware detection and prevention, multi-factor authentication, Security Information and Event Management (SIEM) tools and services. .
- Knowledge of data security governance practices such as risk analyses, risk assessments, incidence response planning, tabletop exercises.
- Knowledge of industry security requirements such as HIPAA, PCI DSS, GLBA, etc.
- Knowledge of security frameworks such as NIST CSF, ISO 27000, etc.
- Ability to present complex and highly technical security concepts to business executives and board of directors in way to gain their understanding and buy-in.
- Ability to use project planning tools, e.g., MS Project and business process documentation tools, e.g., MS Visio (flowcharting).
Education and Experience:
- Bachelor’s degree in a rigorous field of study that emphasizes critical thinking and analysis, such as computer science, engineering, physical sciences, mathematics, law, etc.
- 5 years of work experience that required interaction with, and substantive understanding of information security technologies such as firewalls, DLP systems, IPS/IDS systems, SIEMs, etc.
- 5 years of information security governance or related experience, e.g., performing risk assessments, developing action plans and road maps to address gaps from the risk assessments, developing and testing incidence response plans.
- 3 years of project management experience, e.g., leading teams to implement new or improved technologies and processes.
Preferred and Advanced Qualifications:
- Certification that demonstrates information security knowledge and experience such as; CompTIA Security, CISSP, CISM, etc.
- Specific knowledge and experience in HIPAA data security and privacy requirements and best practices.
- This position may qualify to work from home
Competitive compensation & excellent benefits offered
Visit our website at https://uhahealth.com/page/career-opportunities to apply and for details about vacant positions.An Equal Opportunity Employer
University Health Alliance
Real EstateView all jobs at University Health Alliance