Information Security Analyst Senior
Company: UNC Health Care
Location: Morrisville
Posted on: May 8, 2024
|
|
Job Description:
Description Become part of an inclusive organization with over
40,000 diverse employees, whose mission is to improve the health
and well-being of the unique communities we
serve.Summary:Information Security Analyst Sr provides a high level
of technical expertise of information security appliances, software
and hardware which deliver defense in depth protection of
information technology resources and confidential data across the
health system. Performs project management, requirements analysis,
security systems design, and implementation of security
technologies. Translates data to information to support risk based
decision making.Responsibilities:1. Vulnerability Management -
Maintains inventories and inventory processes of information
resources protected by security regulations so vulnerability
assessments can be performed. Uses tools and processes to
effectively carry out vulnerability testing. Monitors and improves
vulnerability management processes and procedures. Interprets
scanning or testing results and provides consultation to network,
workstation, systems, or web-applications administrators regarding
system and application weaknesses. Appropriately escalates issues
presenting unacceptable risk to the institution. Monitors risk
mitigation progress.2. Security Architecture, Consulting and
Evaluation - develops security architecture components for newly
proposed information systems and technologies using diagrams and
narratives. Assists in materializing security architecture into
projects. Develops and maintains and applies tools, processes and
procedures to evaluate suitability of security configuration and
feature offerings of proposed systems.3. Information Security Risk
Analysis - Develops, maintains and applies tools, methods and
processes to analyze risk from threats to confidential information.
Writes appropriate recommendations that will bring risks to an
acceptable level. Develops and delivers audience appropriate
information security assessment and recommendation presentations
and reports. Establishes and maintains sound metrics to track and
demonstrate information security improvement and risk management.
Prepares risk assessment reports for technical and executive
audiences.4. Security Incident Prevention, Detection and Handling -
Develops, maintains, communicates and applies incident management
policy, standards and procedures. Researches, evaluates,
recommends, designs technical policies for and implements security
technologies such as web content filtering systems, email filtering
systems, end point protection systems, network firewall systems,
intrusion prevention and detection systems (IDS/IPS), data loss
protection (DLP) systems, security incident event management (SIEM)
systems to prevent, detect and respond appropriately to threats to
confidential information and information resources. Monitors
security systems; recognizes anomalies of various systems, and
handles or escalates appropriately. Writes professional and factual
incident reports. Makes recommendations for recovery and
prevention.5. Data Analysis - Analyzes security threat
intelligence, tunes and calibrates security systems to improve
effectiveness. Analyzes and correlates network dataflow logs, web
logs, computer and application user activity logs, and security
incident logs for information relevant to a real or potential
information security or privacy breach or to support decision
making and risk mitigation.6. Project Management - Lead discovery
and information gathering sessions. Perform alternatives analysis
documenting pros and cons, cost, feasibility, risk and other
information to support a decision to select the best solution.
Manage small to medium projects; assemble project participants to
organize work to complete specific tasks on projects. Organize and
facilitate meetings to identify and remove barriers, and to
progress work. Follow-up with assignees on incomplete tasks and
open issues. Provide detailed communication between disparate teams
to keep project moving.7. Other - Trains and assists less
experienced information security staff and IT staff regarding
security methods for systems they support. Takes on-call for urgent
security events.Other InformationEducation Requirements:---
Bachelor's degree in Computer Science, Information Systems
Management or a related field (or an equivalent combination of
education, training and experience)
required.Licensure/Certification Requirements:--- No licensure or
certification required.Professional Experience Requirements:--- If
a Bachelor's degree: Eight (8) years in professional IT positions,
with 4 years of experience in related job functions required.--- If
an Associate's degree: Twelve (12) years in professional IT
positions, with 4 years of experience in related job functions
required.--- If a high school diploma or GED: Sixteen (16) years in
professional IT positions, with 4 years of experience in related
job functions required.Knowledge/Skills/and Abilities
Requirements:Job DetailsLegal Employer: NCHEALTHEntity: Shared
ServicesOrganization Unit: ISD Information Security Work Type: Full
TimeStandard Hours Per Week: 40.00Salary Range: -$43.04 - $61.87
per hour (Hiring Range)Pay offers are determined by experience and
internal equityWork Assignment Type: HybridWork Schedule: Day
JobLocation of Job: US:NC:MorrisvilleExempt From Overtime: Exempt:
YesThis position is employed by NC Health (Rex Healthcare, Inc.,
d/b/a NC Health), a private, fully-owned subsidiary of UNC Health
Care System, in a department that provides shared services to
operations across UNC Health Care; except that, if you are
currently a UNCHCS State employee already working in a designated
shared services department, you may remain a UNCHCS State employee
if selected for this job.Qualified applicants will be considered
without regard to their race, color, religion, sex, sexual
orientation, gender identity, national origin, disability, or
status as a protected veteran.UNC Health makes reasonable
accommodations for applicants' and employees' religious practices
and beliefs, as well as applicants and employees with disabilities.
All interested applicants are invited to apply for career
opportunities. Please email
applicant.accommodations@unchealth.unc.edu if you need a reasonable
accommodation to search and/or to apply for a career
opportunity.
Keywords: UNC Health Care, Raleigh , Information Security Analyst Senior, Professions , Morrisville, North Carolina
Click
here to apply!
|