Uw Health

Information Security Analyst

Uw Health$99K — $117K *
Education, Government & Non-Profit
Less than 5 years of experience
Job Overview by Ladders

Qualifications

  • 5-7 years of professional experience in risk assessments following standards like NIST or ISO with minimal oversight.
  • Experience ensuring security requirements in healthcare, higher education, or research settings.
  • Knowledge of information security regulations, including NIST, HIPAA, AI, and cloud services.
  • Current certification in Information Security or IT Audits required.
  • Project management experience that includes leading teams and effective communication at all organizational levels.

Responsibilities

  • Design, develop, and implement security methodologies for major systems.
  • Conduct risk assessments, document results, and create procedures to mitigate risks.
  • Develop and document an RMC project management tool for processes and workflows.
  • Liaise with campus IT teams to gather feedback and enhance efficiency in risk management compliance.
  • Configure and test applications and security controls as part of security assessments.

Benefits

  • Generous vacation, holidays, and sick leave.
  • Comprehensive insurance plans and savings accounts.
  • Retirement benefits, including a competitive pension plan.
  • Opportunities for flexible work arrangements, including remote work capabilities.
Full Job Description
Current Employees: If you are currently employed at any of the Universities of Wisconsin, log in to Workday to apply through the internal application process.

Job Category: Academic Staff

Employment Type: Regular

Job Profile: Info Sec Analyst III (Inst)

Job Summary:
The Risk Management and Compliance (RMC) team within the Office of Cybersecurity is looking for an experienced risk analyst to address the internal security review requests from UW-Madison campus partners. This could include new tools, services, platforms or departmental risk reviews to ensure the security of UW-Madison data at all levels - Public to Restricted (ePHI).

This position will work collaboratively with our campus partners, UW-Madison service providers, and third-party vendors to assess risk and present these risks to campus stakeholders. Responsibilities include evaluating current system use and data classification as entered by the system owner, collaboration with the Office of Compliance on privacy risks and presentation of overall risk with opportunities to improve security prior to utilization. Information gathered to establish the data flow and scope of these requests will be entered by campus partners in an enterprise risk review tool (OneTrust). This position is not responsible for incident response, vulnerability review, or minimizing the attack surface of the university.

A successful individual will have information security expertise as well as project management, business analysis, solution implementation skills, the ability to communicate to technical, non-technical staff and university leadership. This position reports to the Office of Cybersecurity and serves as a campus technical expert and authority on information security risk analysis and compliance matters. As a trusted advisor and partner with UW-Madison campus partners, UW System integration teams, project managers and system owners, this position will focus on the most efficient and impactful way to review risk of existing tools and present opportunities for improving overall security.

This position will also have specific responsibility to assist in the establishment and maintenance of an RMC project management tool to improve overall efficiency. Acquiring feedback from campus partners and liaisons is also required to make procedural adjustments to the service this team offers.

The candidate selected for this position may perform a combination of on-site and remote work subject to an approved flexible work arrangement (FWA), which is reviewed and approved annually. Remote work requires successful candidates to possess their own high-speed internet and phone to perform the work on a university provided computer. Per University policy, transportation between home and assigned work location is not payable/reimbursable and will be at the expense of the employee. This position will primarily work remotely but may occasionally need to come to campus for scheduled meetings, retreats, or workshops.

Key Job Responsibilities:
  • Assists in the design, development, and implementation of security methodology and infrastructure for major systems
  • Conducts vulnerability-scanning analysis, tests security controls, documents the results of risk assessments, and designs procedures to prevent future incidents
  • Assist in development and documentation of an RMC project management tool to include processes and workflows
  • Liaison with campus IT practitioners to gather needs and feedback for RMC to ensure efficiency
  • Configures, develops, and tests applications and security controls


Department:
Division of Information Technology, Office of Cybersecurity, Risk Management & Compliance (RMC)

The Office of Cybersecurity leads and manages university efforts to reduce risk through data protection, continuous diagnostics, cybersecurity awareness training, and effective processes and procedures to safeguard intellectual property and sensitive information. The office has four teams: Risk Management and Compliance, Cybersecurity Operations, Business Systems Security and Cybersecurity Programs, and IT Policies.

The Risk Management & Compliance (RMC) team has established a formalized risk assessment program for campus. This program offers review and validation on technical, administrative, and physical controls that affect the security of a vendor or service handling UW- Madison data. RMC assessments are designed to communicate levels of risk and provide recommendations for risk reduction.

Compensation:
Starting salary will be based on experience and qualifications. Well qualified applicants can anticipate to earn between $99,000 - $117,000, with final salary based on experience and qualifications.

Employees in this position can expect to receive benefits such as generous vacation, holidays, and sick leave; competitive insurances and savings accounts; retirement benefits. Benefits information can be found at (https://hr.wisc.edu/benefits/).

Required Qualifications:
  • Established professional experience conducting risk assessments against recognized standards (NIST, COBIT or ISO) with minimal oversight.
  • Established professional experience working with security requirements within a healthcare, higher ed, or research organization.
  • Working knowledge of NIST, HIPAA, Artificial Intelligence and cloud computing services.
  • Holds a current professional certification in Information Security or IT Audits.
  • Experience executing project management skills including setting expectations, communicating to all levels of the organization, and leading a team.
  • Experience working independently to conduct technical investigations with diverse constituents, providing detailed written reports and presentations.


Preferred Qualifications:
  • Experience in assessing vendors as part of procurement and implementation stages
  • Experience using standard industry applications to create or update current documents to meet compliance reporting requirements (i.e. office productivity software, project management software)
  • Expertise using vulnerability management tools to analyze discovered vulnerabilities against current configurations to determine the organizational risk.
  • Experience serving as both a lead and a contributing team member on projects
  • Knowledge of enterprise project management tools and skills to navigate them (Ie JIRA).


Education:
Bachelor's Degree Preferred Minimum

How to Apply:
Click on the "Apply" button to start the application process.

You will be prompted to upload the following documents:

-Resume
-Letter of Qualifications

Applicants should attach a letter of qualificationsand resume detailing their training and experience relating to the required and preferred qualifications referencedabove. The application reviewers will be relying on written application materials to determine which qualified applicants willadvance in the recruitment process.

Please note that successful applicants must be authorized to work in the United States without need of employer sponsorship, on or before the effective date of appointment. University sponsorship is not available for this position.

Contact Information:
DoIT Human Resources, [email protected], 608-263-1790

Relay Access (WTRS): 7-1-1. SeeRELAY_SERVICEfor further information.

About Uw Health

UW Health University Hospital is a 515-bed academic regional referral center with 127 outpatient clinics, located on the western edge of the University of Wisconsin–Madison's campus in Madison, Wisconsin. It is an American College of Surgeons designated Level I adult and pediatric trauma center, one of only two in Wisconsin. UW Health University Hospital has seven intensive care units, pediatric, neonatal, cardiac, cardiothoracic, burn, neurosurgery). UW Health University Hospital was ranked by U.S. News & World Report as the 16th best hospital in the United States and the #1 hospital in Wisconsin in the publication's 2021-2022 Best Hospitals Honor Roll, earning national rankings in 10 adult and 6 pediatric specialties. Additionally, UW Health University Hospital was ranked as the 22nd best hospital in the United States and #84th Best Hospitals in the world by Newsweek in 2022. UW Health describes itself as "the integrated health system of the University of Wisconsin–Madison." It is the primary teaching affiliate of the University of Wisconsin School of Medicine and Public Health. It is also the primary teaching affiliate of the University of Wisconsin–Madison's School of Nursing and School of Pharmacy, and is a teaching affiliate of Edgewood College's Henry Predolin School of Nursing. UW Health University Hospital is home to the University of Wisconsin Carbone Cancer Center, one of 40 National Cancer Institute-designated Comprehensive Cancer Centers. UW Health also operates the American Family Children's Hospital, a 110-bed pediatric hospital located adjacent to University Hospital, as well as UW Health at the American Center, a 59-bed hospital and emergency room located on the Northeast Side of Madison. Additionally, UW Health operates a network of outpatient clinics at over 80 sites throughout southern and central Wisconsin and northern Illinois, and has partnerships with UnityPoint Meriter Hospital in Madison, Beloit Hospital in Beloit, Wisconsin, and Swedish American Hospital in Rockford, Illinois. UW Health also has an affiliated insurance company, Quartz Health Solutions, Inc., operated in partnership with UnityPoint Health and Gundersen Health System.
Learn more about Uw Health

Similar Jobs

More Jobs at Uw Health

More Education, Government & Non-Profit Jobs

Find similar Information Security Analyst jobs: