Information Security Analyst

at  UTHealth Houston

POSITION SUMMARY:

UTHealth Houston is searching for an Information Security Analyst who will work with various aspects of security, including cybersecurity and cloud storage, and assist those working on research projects that use best practices for digital security concerns. The Information Security Analyst position requires the ability to conduct information security assessments in a complex and large organization. Requires technical knowledge, good communication, attention to detail, and organizational skills.
In addition to the minimum qualifications below, we are specifically preferring candidates with the following skills:
1. Knowledge of current and emerging research cybersecurity regulations, including NSPM-33, NIST SP 800-53, NIST SP 800-171, and Cybersecurity Maturity Model Certification (CMMC).
2. Knowledge of AWS and Azure cloud and complementary user entity controls (CUECs).
3. Experience working with Principal Investigators, faculty, and research assistants to translate research and compliance business requirements into appropriate information security controls and perform related assessments.
This role will work a hybrid schedule that will offer flexibility on when the employee comes into the office after their initial training period.
What we do here changes the world. UTHealth Houston is Texas’ resource for healthcare education, innovation, scientific discovery, and excellence in patient care. That’s where you come in.

Once you join us, you won’t want to leave. It’s because we reward our team for the excellent service they provide. Our total rewards package includes the benefits you’d expect from a top healthcare organization (benefits, insurance, etc.), plus:

• 100% paid medical premiums for our full-time employees
• Generous time off (holidays, preventative leave days, both vacation and sick time – all of which equates to around 37-38 days per year)
• The longer you stay, the more vacation you’ll accrue!
• Longevity Pay (Monthly payments after two years of service)
• Build your future with our awesome retirement/pension plan!

We take care of our employees! As a world-renowned institution, our employees’ well-being is important to us. We offer work/life services such as…

• Free financial and legal counseling
• Free mental health counseling services
• Gym membership discounts and access to wellness programs
• Other employee discounts include entertainment, car rentals, cell phones, etc.
• Resources for child and elder care
• Plus many more!

POSITION KEY ACCOUNTABILITIES:

• Administers tasks within the information security research security program, including execution of risk and compliance assessments, corrective action planning, follow-up, and guidance.
• Performs risk and compliance assessments of cloud applications and technologies compliant with appropriate requirements through the use of technology tools as available
• Understands academic, healthcare, and research business operations and provides input in creating and modifying information security policies, procedures, guidance documents, and awareness efforts. Responsible for monitoring policy compliance and escalating to management as appropriate.
• Performs application security compliance reviews of routine to moderate complexity, covering regulations including Protected Health Information (PHI), Family Educational Rights and Privacy Act (FERPA), Personally-Identifying Information (PII) data, and Payment Card Industry Data Security Standards (PCI DSS) and facilitating review resolution activities including report preparation, finding tracking and corrective action implementations.
• Performs activities associated with a comprehensive vulnerability management program, including device scanning, issue reporting, and remediation.
• Performs other duties as assigned.

CERTIFICATION/SKILLS:

Certification in information technology or information security (Security+, SSCP, HCISPP, CISA, CRISC, CDPSE, CCSP, etc.) is preferred.
Knowledge of application security requirements: cloud, web, mobile, and related compliance programs such as the Texas Risk and Authorization Management Program (TX-RAMP).
Knowledge and practical understanding of compliance requirements such as HIPAA, HITECH, HITRUST, FERPA, PCI, TAC 202, and relevant NIST standards, including SP 800-53 and 800-171.
Analytical skills to perform information security assessments, including the use of related technology tools.

MINIMUM EDUCATION:

Bachelor’s degree with some training in information technology. May substitute required education with equivalent years of experience beyond the minimum experience requirement.

MINIMUM EXPERIENCE:

One (1) year experience in information technology, compliance or auditing in a diverse, complex technology environment.

PHYSICAL REQUIREMENTS:

Exerts up to 50 pounds of force occasionally and/or up to 20 pounds frequently and/or up to 10 pounds constantly to move objects.

Please refer the Job description for details