Information Security Analyst

Description

Become part of an inclusive organization with over 40,000 teammates, whose mission is to improve the health and well-being of the unique communities we serve.

Summary:
HCS - Information Security Analyst will protect institutional and patient data and IT assets from a variety of threats that cause a data breach, data destruction or prolonged downtime. Provide technical expertise of information security appliances, software and hardware which deliver defense in depth protection of information technology resources and confidential data across the health system. Engage in projects, requirements analysis, security solutions research, and implementation of security technologies. Security incident response including, detection, containment, recovery, forensics and reporting. Assemble data from different sources for analysis.

Responsibilities:

1. Vulnerability Management - Maintains inventories and inventory processes of information resources protected by security regulations so vulnerability assessments can be performed. Uses tools and processes to effectively carry out vulnerability testing. Interprets scanning or testing results and provides consultation to network, workstation, systems, or web-applications administrators regarding system and application weaknesses. Appropriately escalates issues presenting unacceptable risk to the institution. Monitors risk mitigation progress.
2. Security Architecture, Consulting and Evaluation - Assists in materializing security architecture into projects. Develops and maintains and applies tools, processes and procedures to evaluate suitability of security configuration and feature offerings of proposed systems.
3. Information Security Risk Analysis - Develops, maintains and applies tools, methods and processes to collect and assemble data for input into the risk analysis process. Makes recommendations for corrective action for vulnerabilities that present unacceptable risk to the organization. Monitors progress for corrective action and assists action teams in making progress.
4. Security Incident Prevention, Detection and Handling - Applies incident management policy, standards and procedures to real or potential security incidents. Assists in research, evaluation and implementation of security technologies such as web content filtering systems, email filtering systems, end point protection systems, network firewall systems, intrusion prevention and detection systems (IDS/IPS), data loss protection (DLP) systems, security incident event management (SIEM) systems to prevent, detect and respond appropriately to threats to confidential information and information resources. Monitors security systems; recognizes anomalies of various systems, and handles or escalates appropriately. Writes professional and factual incident reports. Makes recommendations for recovery and prevention process improvements.
5. Data Analysis - Tunes and calibrates security systems to improve effectiveness. Analyzes and correlates network dataflow logs, web logs, computer and application user activity logs, and security incident logs for information relevant to a real or potential information security or privacy breach or to support decision making and risk mitigation.
6. Project Work - Contribute expertise in discovery and information gathering sessions. Participate in alternatives analysis evaluating pros and cons, technical feasibility, risk and other information to support a decision to select the best solution. Complete assigned project tasks on time. Communicate issues for timely resolution. Work with other project team members to remove barriers to progress. Communicate progress with project leader.
7. Other - Trains and assists less experienced information security staff and IT staff regarding security methods for systems they support. Takes on-call for urgent security events.

Education Requirements:
* Bachelor's degree in Computer Science, Information Systems Management or a related field (or an equivalent combination of education, training and experience) required.
Licensure/Certification Requirements:
* No licensure or certification required.
Professional Experience Requirements:
* If a Bachelor's degree: Four (4) years in professional IT positions, with 2 years of experience in related job functions required.
* If an Associate's degree: Six (6) years in professional IT positions, with 2 years of experience in related job functions required.
* If a high school diploma or GED: Eight (8) years in professional IT positions, with 2 years of experience in related job functions required.
Knowledge/Skills/and Abilities Requirements:
* Troubleshoot, analyze, and test solutions to technical problems.
* Ability to work well in a team environment.
* Ability to successfully manage multiple tasks simultaneously.
* Ability to write audience appropriate reports, standards, process, and procedures.

Legal Employer: NCHEALTH

Entity: Shared Services

Organization Unit: ISD Information Security

Work Type: Full Time

Standard Hours Per Week: 40.00

Salary Range: $35.52 - $51.05 per hour (Hiring Range)

Pay offers are determined by experience and internal equity

Work Assignment Type: Hybrid

Work Schedule: Day Job

Location of Job: US:NC:Morrisville

Exempt From Overtime: Exempt: Yes

This position is employed by NC Health (Rex Healthcare, Inc., d/b/a NC Health), a private, fully-owned subsidiary of UNC Health Care System, in a department that provides shared services to operations across UNC Health Care; except that, if you are currently a UNCHCS State employee already working in a designated shared services department, you may remain a UNCHCS State employee if selected for this job.

Qualified applicants will be considered without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.

UNC Health makes reasonable accommodations for applicants' and employees' religious practices and beliefs, as well as applicants and employees with disabilities. All interested applicants are invited to apply for career opportunities. Please email applicant.accommodations@unchealth.unc.edu if you need a reasonable accommodation to search and/or to apply for a career opportunity.