The Information Security Analyst for Security Engineering provides support for a variety of operational and consultative functions as part of the Duke Health Information Security Office (ISO). The Information Security Analyst helps design, implement, manage, and monitor security controls to protect the confidentiality, integrity, and availability of the organization's information assets in accordance with legal, regulatory, and institutional requirements. The Information Security Analyst also acts as a subject matter expert in relevant domains of knowledge, and will work in collaboration with IT, clinical, research, and management staff.
This position may include the following duties and responsibilities
Develop an understanding of key Duke Health security applications (e.g. endpoint protection, detection, and response; encryption; data loss prevention; enterprise vulnerability management).
Provide maintenance, support and troubleshooting for security platforms and tools.
Design and Implement robust security architectures for security platforms and tools.
Test security applications and work with development teams or vendors.
Remain current on emerging security trends and technologies.
Working in conjunction with cross-functional teams, develop and manage plans to attain and maintain compliance with various regulatory requirements, including but not limited to HIPAA, FISMA, and PCI.
Using output from risk assessments and requirements analysis, assist system, application, and data owners/managers with selecting security controls and documenting system security plans.
Review existing security plans with system, application, and data owners/managers to ensure that controls are properly implemented, and to proactively identify any gaps that may result in non-compliance with regulatory or Duke Health requirements.
Use professional judgment and institutional knowledge to assess risk levels, conduct forensic investigations, provide guidance on remediation planning, and prioritize remediation efforts.
Provide reports and presentations on the status of security controls and industry trends to management and technical staff.
Participate in campus-wide information security events and programs to ensure alignment and knowledge sharing between departments.
Participate in other activities necessary to support the information security program.
Bachelor's degree in a related clinical or technical field, or four years of equivalent technical experience required.
Minimum of five years of general IT industry experience is required, of which at least three years should have been in an information security operations, engineering, or related role.
One or more information security industry certifications (e.g. CIS SP, CEH, OSCP, GIAC certifications, or equivalent) are preferred.
Additional technical or management certifications (e.g. MCSE, CCNP, AWS Certified Solutions Architect, Salesforce certifications, VMWare Certified Professional, CCIE, or PMP) are preferred.
Must have a working knowledge of at least one of the following information security practices, standards, and systems:
Data Loss Prevention (DLP) systems
AWS, Azure or Google Cloud
Encryption technologies and standards
Endpoint security software
Forensic investigation practices
Identity and Access Management (IAM)
Intrusion Detection and Prevention Systems (IDS/IPS)
Network and/or application penetration testing
Security Information Event Management (SIEM) systems
Virtual Private Network (VPN) systems
Vulnerability management practices
Vulnerability scanning tools
Must have a working knowledge of the HIPAA Security Rule, FISMA or PCI.
The ideal candidate will have demonstrated the following characteristics through past professional and educational experiences:
Able to maintain a positive attitude in challenging circumstances
Abroad understanding of multiple IT disciplines and technologies
Strong focus on customer satisfaction
Strong written and oral communication skills
Strong critical thinking, analytical, and problem solving skills
Able to troubleshoot problems in complex technical environments
Able to work independently or as part of a team as necessary
Able to effectively prioritize tasks with competing deadlines
Self-starter who is able to work with minimal direction
Able to work eff ectivelyacross multiple technical disciplines
Strong interpersonal skills and the ability to build relationships with colleagues, customers, vendors, and other third parties
Duke is an Affirmative Action/Equal Opportunity Employer committed to providing employment opportunity without regard to an individual's age, color, disability, gender, gender expression, gender identity, genetic information, national origin, race, religion, sex, sexual orientation, or veteran status.
Duke aspires to create a community built on collaboration, innovation, creativity, and belonging. Our collective success depends on the robust exchange of ideas-an exchange that is best when the rich diversity of our perspectives, backgrounds, and experiences flourishes. To achieve this exchange, it is essential that all members of the community feel secure and welcome, that the contributions of all individuals are respected, and that all voices are heard. All members of our community have a responsibility to uphold these values.
Essential Physical Job Functions: Certain jobs at Duke University and Duke University Health System may include essentialjob functions that require specific physical and/or mental abilities. Additional information and provision for requests for reasonable accommodation will be provided by each hiring department.
As a world-class academic and health care system, Duke Health strives to transform medicine and health locally and globally through innovative scientific research, rapid translation of breakthrough discoveries, educating future clinical and scientific leaders, advocating and practicing evidence-based medicine to improve community health, and leading efforts to eliminate health inequalities.
BACK TO TOP
ISACA Career Centre is Just One of the Benefits.
Discover what else ISACA has to offer!
The job you are trying to reach from was originally posted at ISACA Career Centre.