At Stony Brook Medicine, an Information Security Risk Analyst will work closely with the ACISO to develop and implement a robust risk management program throughout the enterprise. They will directly participate in elements of risk reduction such as security awareness training, asset management, and vulnerability remediation follow through. They will document aspects of the security program including policy, procedures, standards, meeting records, schedule working group meetings, while assisting with audits and compliance proofs for the security program.

The focus of this position is to ensure that the information/Information security program is running in a consistent, professional and progressive manner, which requires much documentation, logistical coordination and follow-up. Documents all aspects of the Information/Information Security Program at Stony Brook University, including Stony Brook Medicine. This will include procedures, standards and meeting records. Handles logistics of scheduling working group and other necessary meetings, assists in audits and compliance proofs for the security program, and supports security awareness events and efforts. Supports risk management efforts and documents identified gaps, remediation plans and acceptance criteria.

Duties of an Information Security Risk Analyst may include the following but are not limited to:

Information/Information Security Program Management : Works closely with the CISO to coordinate, communicate, and integrate various elements of the Information security program throughout Stony Brook Medicine, while ensuring alignment with strategic and enterprise priorities. Works closely with technical subject matter experts and Information/Information Security leadership to support or coordinate evaluations of an IT system or individual components to determine compliance with published standards. Provide strategic input and support to the Information/Information Security Program through ongoing coordination and participation in related working groups, keeping orderly meeting notes, and contributing to the campus' efforts to comply with information/Information security policies, regulations and industry frameworks.

Documentation : Takes the lead in documenting all aspects of the Information Security program and operational procedures in an accurate, repeatable and easily understood format. Is directly involved in preparing and gathering information required to demonstrate compliance and in response to internal and external audits. Keeps the Information security website updated, relevant and promotes it accordingly.

Information/Information Security Awareness and Training : Prepares information/Information security awareness content, and takes the lead in organizing efforts to train the University community, which includes Faculty, Staff (clinical and professional), Students and Affiliates through a variety of methods. Coordinates, or at times, conducts training and security awareness workshops. Works closely with strategic relations and University communications to ensure consistent and effective messaging.

Administrative and Project Support : Manages Information security RSA Archer implementation projects and serves as a liaison between Information Security and Enterprise PMO. Development of Archer modules including: Security Incident Mgt, Exception Mgt, Issues Mgt. Follows up on 'lessons learned' as a result of a Information security incident or event. Updates departmental status report weekly, and keeps management up-to-date and informed on risks to success. Prepares formal documentation associated with new Information security initiatives that can be used for training. Works closely with Information Security staff to ensure progress on departmental initiatives is consistent. Manages calendar of Information Security management personnel, and arranges for Information Security representation at various meetings. Takes the lead in procurement efforts.

Non-Essential : Other duties or projects as assigned as appropriate to rank and department mission.

• Bachelor's degree. In lieu of the Bachelor's degree, four [4] years of related full time experience coordinating, planning or actively participating in the implementation, security or support of IT systems, or a combination of higher education and experience totaling four [4] full-time years may be considered.
• Three [3] years of full-time experience coordinating, planning, supporting, auditing or securing information technology.
• Experience in an administrative support or project management role.
• Experience collaborating with an information/Information security group or experience working on information/Information security initiatives.
• Knowledge network, system and infrastructure terminology and technology.
• Ability to analyze problems and to formulate and design solutions.
• Experience creating processes and documenting procedures.
• Outstanding written, verbal, and interpersonal communication skills
• Experience successfully working independently as well as part of a team with a collaborative approach to problem solving.
• Experience building positive relationships based on trust, predictability, and communication.
• A clear willingness and desire to learn and grow professionally and technically.

Preferred Qualifications:

• One or more IT or IS Industry certification(s) ( CISA, RSA Archer Administration, CISM, PMP, CISSP, ISO, )
• Experience supporting other Information security functions.
• Experience in an Information security focused position or department.
• Working Knowledge of servers, switches, routers, firewalls, VoIP or wireless technologies.

Special Notes: Resume/CV and cover letter should be included with the online application.

Posting Overview: This position will remain posted until filled or for a maximum of 90 days. An initial review of all applicants will occur two weeks from the posting date. Candidates are advised on the application that for full consideration, applications must be received before the initial review date (which is within two weeks of the posting date).

If within the initial review no candidate was selected to fill the position posted, additional applications will be considered for the posted position; however, the posting will close once a finalist is identified, and at minimal, two weeks after the initial posting date. Please note, that if no candidate were identified and hired within 90 days from initial posting, the posting would close for review, and possibly reposted at a later date.

• Stony Brook Medicine is a smoke free environment. Smoking is strictly prohibited anywhere on campus, including parking lots and outdoor areas on the premises.
• All Hospital positions maybe subject to changes in pass days and shifts as necessary.
• This position may require the wearing of respiratory protection, which may prohibit the wearing of facial hair.
• This function/position maybe designated as "essential." This means that when the Hospital is faced with an institutional emergency, employees in such positions may be required to remain at their work location or to report to work to protect, recover, and continue operations at Stony Brook Medicine, Stony Brook University Hospital and related facilities.

Prior to start date, the selected candidate must meet the following requirements:

• Successfully complete pre-employment physical examination and obtain medical clearance from Stony Brook Medicine's Employee Health Services*
• Complete electronic reference check with a minimum of three (3) professional references.
• Successfully complete a 5 panel drug screen*
• Successfully complete a Background Check investigation.
• Provide a copy of any required New York State license(s)/certificate(s).

Failure to comply with any of the above requirements could result in a delayed start date and/or revocation of the employment offer.

* The hiring department will be responsible for any fee incurred for examination.

Stony Brook University is committed to excellence in diversity and the creation of an inclusive learning, and working environment. All qualified applicants will receive consideration for employment without regard to race, color, national origin, religion, sex, pregnancy, familial status, sexual orientation, gender identity or expression, age, disability, genetic information, veteran status and all other protected classes under federal or state laws.

If you need a disability-related accommodation, please call the University Office of Equity and Access at (631)632-6280.

In accordance with the Title II Crime Awareness and Security Act a copy of our crime statistics can be viewed here .