Senior Security Analyst
Vacancy expired!
Arbor Research seeks a highly skilled information security professional, eager to lead the advancement of our organization’s security policies and control specifications. This individual will work with the VP Information, members of the Network Services team, as well as others across the organization to enhance existing policies and develop new policies where necessary, design best practices and strategies to monitor compliance, and lead risk management processes. The successful candidate will demonstrate an in-depth understanding of IT security implementation and relevant Federal regulations and legislature, possess at least five years’ IT security experience along with a recognized security accreditation, and be driven to expand their skills and responsibilities towards becoming the organization’s Information System Security Officer.
Due to the ongoing COVID-19 pandemic, interviews will be conducted virtually, rather than onsite.Arbor Research Collaborative for Health, a not-for-profit organization located in Ann Arbor, MI, is the preferred employer for professionals passionate about improving health care policy, health care delivery, and health outcomes through evidence based research. At our core, we value collaborative spirit, creativity, credibility, and dedication. Our interdisciplinary team brings together expertise from a variety of fields and disciplines to answer complex research questions by thinking across boundaries and generating innovative approaches.Bright, enthusiastic individuals thrive at Arbor Research. We provide a rich benefits package along with high quality learning and development opportunities, and a casual yet professional work environment in support of achieving a positive work/life balance. These attributes provide our dedicated employees the flexibility to work collaboratively and creatively in order to make credible contributions to the research community. Join our diverse and dynamic team today and contribute to the improvement of patient care in the future!More information about this opportunity and the benefit program at Arbor Research is available on the careers page at www.ArborResearch.org.CHARACTERISTIC DUTIES AND RESPONSIBILITIES- Develop and maintain security policies and control specifications to reflect agreed upon standards, including those based on NIST 800-53, HITRUST, and others
- Communicate policies and best practices; develop strategies to efficiently monitor compliance with policy
- Document technical and policy controls to demonstrate compliance with these policies; work cross-functionally with internal teams to implement procedures
- Collaborate with the Senior Information Services team to make risk-based decisions evaluating threats, vulnerabilities, and relative costs
- Identify and arrange for external security certifications and audits; work directly with auditors and internal teams, providing guidance to ensure compliance with regulatory requirements
- Document and investigate security events and incidents; incorporate into formal risk assessments on an ongoing basis
- Identify and implement appropriate cyber defense tools and services to provide actionable metrics and monitoring
- Provide advice and input for Disaster Recovery, Contingency, and Continuity of Operations Plans
- Evaluate developing threats and technical controls; make recommendations for implementation with appropriate consideration of cost and risk mitigation
- Identify security related training needs & certifications for network services and all other staff members
- Ensure responsiveness and compliance with contract-specific security requirements
- Bachelor’s degree in related field with five years’ progressively responsible IT security experience, or equivalent combination of education and experience
- Recognized security accreditation (CPP, CISM, GISP, CISSP, etc.). Opportunities to expand current certifications may be supported as needed.
- In-depth understanding of IT security implementation and the relevant Federal regulations and legislation, such as HITRUST and FISMA control families, HIPAA, GDPR, and SOC 2
- Understanding of web application security risks and standards (e.g., OWASP)
- Knowledge of risk management (assessment and mitigation) processes
- Knowledge of computer networking concepts and protocols, and network security methodologies
- Experience implementing security monitoring, vulnerability scanning, and penetration testing tools
- Excellent writing and organizational skills, including understanding of policies, procedures, and requirements/specifications
- Demonstrated performance with a very high degree of accuracy, integrity, discretion, sound judgement, accountability, and ownership
- Demonstrated interest in a non-profit, mission-driven environment
- Experience responding to audit and regulatory inquiries
- Health care information experience, including understanding of data privacy laws
- Exceptional understanding of security vulnerabilities, attacker exploit techniques, and methods for remediation of such
Vacancy expired!