$80K - $100K(Ladders Estimates)
Where Excellence Meets Purpose
The University of Miami is among the top research universities and academic medical centers in the nation, and one of the largest private employers in South Florida.
With more than 16,000 faculty and staff, the University strives for excellence, and is driven by a powerful purpose to transform and impact the lives of its students, patients, members of the community, and people across the globe.
The University is committed to fostering a culture of belonging, where everyone feels valued and has the opportunity to add value. Through values of Diversity, Integrity, Responsibility, Excellence, Compassion, Creativity, and Teamwork (DIRECCT) the U community works together to create an environment driven by purpose, excellence, community, and service.
The University has been named on Forbes's Best Employers list for two consecutive years, and is the only university in Florida to receive this honor.
UHealth IT has an amazing opportunity for a Security Analyst. The Security Analyst conducts computer forensic investigations, data recovery, and electronic discovery. Additionally, the incumbent maintains systems to protect data from unauthorized users. An employee in this position identifies, reports, and resolves security violations.
• Collaborate with IT teams and business owners during the IT Governance process to
ensure that information security issues are addressed and risks identified throughout the
project life cycle.
• Manage projects related to risk management, mitigation and response, compliance and
Policies, Procedures & Standards
• Support development of enterprise-wide security policies, procedures and standards to
meet HIPAA, GDPR, PCI-DSS and applicable regulatory compliance standards.
• Recommends, manages and implements required changes to IT risk and security policies
• Monitors compliance with security policies, standards, guidelines and procedures.
• Provides recommendations for the adoption of new policies and procedures.
• Support Healthcare IT Risk Manager Development of processes and procedures for
UHealth's Cybersecurity Program, specific to risk assessment and risk management
• Captures, maintains and monitors information security risk in UHealth's standard risk
• Work directly with Information System asset owners, vendors and cybersecurity team
members to facilitate information security risk analysis and risk management processes.
• Serves as a subject matter expert (SME) for performing vendor risk assessments to
improve overall vendor risk posture.
• Provides objective evaluations of security controls, mechanisms and goals in comparison
to best practices.
• Complete vendor information security risk reviews and attestations aligned with existing
policies and procedures using existing risk registry solution.
• Complete risk assessment on all information assets aligned with defined schedule and
analyze the effectiveness of information security controls and define actionable
recommendations for remediation.
• Develops and implements strategies to align information security with business
objectives and goals protecting the confidentiality, integrity and availability of data.
• Leads and reviews application security risk assessments for new or updated internal or
third party applications.
• Support development of risk management procedures aligned with industry best practice
frameworks such as NIST 800-30.
• Provides information security management with risk assessments and security
dashboards outlining risks treatments for risks above the identified risk threshold for
• Support incidence response process and participates in investigations and compliance
reviews as requested.
• Support internal audit functions acting as a liaison between internal audit and IT to
ensure objectives are met and controls are properly adjusted or implemented.
Security Operation Center
• Support SOC team investigations and resolving escalated security events.
• Support the development and socialization of enterprise security awareness training.
• Evaluates the effectiveness of awareness and training program and makes
recommendations for improvement.
• Generates appropriate communication, process and education plans for mitigating
disruptions caused by security events affecting business operations.
Additional Qualifications needs:
• Working knowledge of cloud computing security principles.
• Knowledge of regulatory requirements and industry standards(ISO 27001, HIPAA, PCI,
• Working knowledge of vendor control attestations; SOC-2 Type II and CSA STAR
The minimum qualifications are a Bachelor's Degree in relevant field required. Certification and Licensing: Certification in relevant specialty or field. Experience: Minimum 3 years of relevant experience. Any appropriate combination of relevant education, experience and/or certifications may be considered.
Valid Through: 2019-11-15