Security Analyst (IT Risk Analyst) in Miami, FL

$80K - $100K(Ladders Estimates)

Miami University   •  

Miami, FL 33299

Industry: Education, Government & Non-Profit

  •  

Less than 5 years

Posted 27 days ago

Where Excellence Meets Purpose

The University of Miami is among the top research universities and academic medical centers in the nation, and one of the largest private employers in South Florida.

With more than 16,000 faculty and staff, the University strives for excellence, and is driven by a powerful purpose to transform and impact the lives of its students, patients, members of the community, and people across the globe.

The University is committed to fostering a culture of belonging, where everyone feels valued and has the opportunity to add value. Through values of Diversity, Integrity, Responsibility, Excellence, Compassion, Creativity, and Teamwork (DIRECCT) the U community works together to create an environment driven by purpose, excellence, community, and service.

The University has been named on Forbes's Best Employers list for two consecutive years, and is the only university in Florida to receive this honor.

UHealth IT has an amazing opportunity for a Security Analyst. The Security Analyst conducts computer forensic investigations, data recovery, and electronic discovery. Additionally, the incumbent maintains systems to protect data from unauthorized users. An employee in this position identifies, reports, and resolves security violations.

Project/Work Planning

• Collaborate with IT teams and business owners during the IT Governance process to

ensure that information security issues are addressed and risks identified throughout the

project life cycle.

• Manage projects related to risk management, mitigation and response, compliance and

user awareness.

Policies, Procedures & Standards

• Support development of enterprise-wide security policies, procedures and standards to

meet HIPAA, GDPR, PCI-DSS and applicable regulatory compliance standards.

• Recommends, manages and implements required changes to IT risk and security policies

and procedures.

• Monitors compliance with security policies, standards, guidelines and procedures.

• Provides recommendations for the adoption of new policies and procedures.

Governance

• Support Healthcare IT Risk Manager Development of processes and procedures for

UHealth's Cybersecurity Program, specific to risk assessment and risk management

program optimization.

Risk Assessments

• Captures, maintains and monitors information security risk in UHealth's standard risk

registry tool.

• Work directly with Information System asset owners, vendors and cybersecurity team

members to facilitate information security risk analysis and risk management processes.

• Serves as a subject matter expert (SME) for performing vendor risk assessments to

improve overall vendor risk posture.

• Provides objective evaluations of security controls, mechanisms and goals in comparison

to best practices.

• Complete vendor information security risk reviews and attestations aligned with existing

policies and procedures using existing risk registry solution.

• Complete risk assessment on all information assets aligned with defined schedule and

analyze the effectiveness of information security controls and define actionable

recommendations for remediation.

• Develops and implements strategies to align information security with business

objectives and goals protecting the confidentiality, integrity and availability of data.

• Leads and reviews application security risk assessments for new or updated internal or

third party applications.

Risk Management

• Support development of risk management procedures aligned with industry best practice

frameworks such as NIST 800-30.

• Provides information security management with risk assessments and security

dashboards outlining risks treatments for risks above the identified risk threshold for

UHealth.

Incidence Response

• Support incidence response process and participates in investigations and compliance

reviews as requested.

Internal Audit

• Support internal audit functions acting as a liaison between internal audit and IT to

ensure objectives are met and controls are properly adjusted or implemented.

Security Operation Center

• Support SOC team investigations and resolving escalated security events.

Training

• Support the development and socialization of enterprise security awareness training.

• Evaluates the effectiveness of awareness and training program and makes

recommendations for improvement.

• Generates appropriate communication, process and education plans for mitigating

disruptions caused by security events affecting business operations.

Additional Qualifications needs:

• Working knowledge of cloud computing security principles.

• Knowledge of regulatory requirements and industry standards(ISO 27001, HIPAA, PCI,

NIST, HITRUST).

• Working knowledge of vendor control attestations; SOC-2 Type II and CSA STAR

The minimum qualifications are a Bachelor's Degree in relevant field required. Certification and Licensing: Certification in relevant specialty or field. Experience: Minimum 3 years of relevant experience. Any appropriate combination of relevant education, experience and/or certifications may be considered.



Valid Through: 2019-11-15