Research Security & Risk Analyst II - RI IS

Overview:

 

• Primarily focuses on academic medical research
• Collaborates to ensure information security measures are integrated into research projects and protocols
• Assists researchers in identifying and navigating security relevant processes
• Leads security involvement in IRB ancillary reviews; advises IRB on security matters
• Partners with data owners, stewards and custodians to ensure proper data handling and protection
• Assesses systems for compliance with regulations, contracts, and policies
• Communicates security risks and vulnerabilities clearly and concisely to stakeholders
• Knowledge of information security and data privacy frameworks, standards and controls preferred (e.g. NIST CSF, SP 800-53/171, HIPAA, GDPR)

 

Job Description Summary:

 

Coordinates the efforts of the Information Security and Risk Department (ISRD). Leads day-to-day operation of information security and risk management processes.

 

Job Description:

 

Essential Functions:

• Coordinates the development and maintenance of information security policies, standards and procedures.
• Oversees execution of information security processes including security assessment, incident response, third party risk management, vulnerability management reporting, security awareness training, and disaster recovery.
• Leads risk analysis efforts with the goal of identifying potential risk treatments and managing to acceptable levels of risk.
• Actively participates in information security and risk continuous process improvement initiatives.
• Trains and mentors new staff in relation to information security and risk processes and procedures.
• Effectively identifies and communicates information security risks to stakeholders.
• Coordinates business and information services resources for project and operational support.
• Stays up-to-date and informed of information security industry changes and trends.

Education Requirement:

BS in Computer Science or equivalent experience required.

Continues to stay actively involved in outside education advancement.

Licensure Requirement:

(not specified)

Certifications:

Security+, CISSP or equivalent preferred.

Skills:

(not specified)

Experience:

Four years of experience in IT, required.

Two years of experience in information security, required.

Experience in healthcare, preferred.

Physical Requirements:

OCCASIONALLY: Climb stairs/ladder, Lifting / Carrying: 0-10 lbs, Lifting / Carrying: 11-20 lbs, Standing, Walking

FREQUENTLY: (none specified)

CONTINUOUSLY: Audible speech, Computer skills, Decision Making, Flexing/extending of neck, Hand use: grasping, gripping, turning, Hearing acuity, Interpreting Data, Problem solving, Repetitive hand/arm use, Seeing – Far/near, Sitting

Additional Physical Requirements performed but not listed above:

(not specified)

 

 

"The above list of duties is intended to describe the general nature and level of work performed by individuals assigned to this classification. It is not to be construed as an exhaustive list of duties performed by the individuals so classified, nor is it intended to limit or modify the right of any supervisor to assign, direct, and control the work of employees under their supervision. EOE M/F/Disability/Vet"