SUMMARY STATEMENT: Under the general guidance of the Chief Compliance Security Officer, the Security Analyst will be a technical leader with a high degree of knowledge in the overall field of Information Security. Plan, perform and implement information security compliance assessment including the independent analysis of results. Perform monitoring, audits and consulting, and information security training (both on-line and in-person in front of small and large groups). Serve as part of the Computer Incident response team, lead internal investigations and coordinate responses to external investigations and audits.
Appropriately identify information security risks across the UCLA Health System and David Geffen School of Medicine. Work with Privacy staff to assist in identifying privacy risks. Develop and execute effective compliance, audit or work programs. Identify and analyze internal controls, identify ways to improve security. Document findings, assess and advise on the appropriateness of corrective action plans, and track remediation progress. Provide summary reports to management.
Serve as an information security resource for IT staff, faculty and physicians. Analyze proposed systems, projects and software for potential information security and privacy issues. Analyze network scans and follow up with users on issues. Research and evaluate new and emerging information security technology.
Information Security Compliance Assessment, Audit and Monitoring · Plan and perform information security compliance projects, identify associated compliance gaps, risks and opportunities in client departments and operations. · Design, distribute, collect assessment surveys; enter results into database and summarize results. · Perform walk-throughs and onsite inspections. · Document issues, assess appropriateness of and advise on corrective action plans, and track remediation. · Advise and work with the ISS risk assessment team on standard assessments of new projects. · Provide reports to management on information security compliance status.
Information Security Compliance Response and Prevention · Lead investigation of incidents, review logs, correlate events, document findings, interface with forensic and ISS teams. · Coordinate responses to external investigations and audits including production of requested documentation and other materials.
Information Security Consultant · Serve as an information security resource for IT staff, faculty and physicians on a wide range of applications, platforms and protocols such as Microsoft Windows, IIS, SQL Server, Linux, Mac OS, (Linux), mobile device encryption, firewalls, routers, switches, DHCP, HTTP, HTTPS, FTP, SMTP, DICOM, application vulnerability scanning, etc. · Research and identify Information Security best practices. · Analyze proposed systems, projects and software for potential information security and privacy issues. · Analyze network scans and follow up with users on issues. · Research and evaluate new and emerging information security technology. · Assist Chief Information Security Officer in responding to any security incidents and other issues as required.
Training and Training Content Development and Administration · Perform information security-related training as necessary for all areas of the university (faculty, staff, students). · Research and develop content for presentations, security bulletins, information security web pages and other training materials.
Program Development · Make recommendations for information security strategies and assessments, audit and monitoring plan implementation in compliance with laws, regulations, contractual requirements and university policy. · Understand university culture and incorporate this understanding into recommendations and proposals so they will achieve greatest results while building or maintaining agreement or consensus.
Actively continue professional education and maintain and expand professional competencies.
OTHER DUTIES AS NEEDED
Qualifications· Have 5+ years of Information Security experience. · CISSP or equivalent Information Security certification preferred. · Expert knowledge of information security issues and best practices · Expert analytical skills to evaluate current security practices, identify compliance gaps, and propose remediation · Experience in information security auditing or general compliance experience · Knowledge of HIPAA Privacy and Security regulations; PCI Data Security Standards; NIST, ISO and other security standards · Advanced knowledge and experience with encryption issues, especially mobile device encryption · Advanced knowledge of Microsoft Windows operating systems and server technologies as well as general knowledge for Unix operating systems (Linux, Solaris, etc.) and virtual systems. · Working knowledge of Macs and the Mac OS · Advanced knowledge of networking including firewall, switch and router operations, intrusion prevention · Advanced knowledge of TCP/IP protocol as well as common applications (e.g. email, SMTP, POP, IMAP, 3270 emulation, telnet, ftp, ssl, http, https, etc.) · Experience with network scanning (Nessus, nmap) and web application vulnerability scanning · Ability and practical experience with programming languages, scripting languages, databases, web servers, and web application development · Working knowledge of smart phones and tablets and the security issues involved with those devices. · Ability to prepare and effectively deliver educational presentations · Advanced database skills to support analysis and reporting of audit log data, network scans, and other large datasets as well as problem and remediation tracking. Ability to use SQL. · Ability to work unusual hours on short notice in order to resolve critical problems · Excellent written and oral communication skills. Ability to explain complicated technical issues in non-technical terms. Must be able to communicate with users, frontline IT staff, faculty, physicians and all levels of management. · Expert skills in and willingness to spend time documenting clearly, concisely, thoroughly, and in a timely manner. · Excellent time management and abilities. · Demonstrated skill in performing effectively under the stress of frequent interruptions and distractions
To apply for this position, please copy and paste the following link into your browser address bar: https://ucla.contacthr.com/63443629