Information Security Analyst - GRC (Governance, Risk, and Compliance) (Finance)

UTHealth Houston is searching for an information security analyst to join the IT Security Risk Management Team. The Information Security Analyst position requires the ability to conduct information security assessments in a complex and large organization, to conduct 3rd party vendor assessments, and be familiar with cloud security controls. This position re qu ires technical knowledge, good communication, attention to detail, and organizational skills.

In addition to the minimum qualifications below, we are specifically preferring candidates with the following skills:

1. Knowledge of current and emerging cybersecurity research regulations, including NIST SP 800-53, NIST SP 800-171, and Cybersecurity Maturity Model Certification (CMMC).

2. Knowledge of cloud security and complementary user entity controls (CUECs). Prefer candidates with experience using GRC (Governance, Risk, and Compliance) software, 3rd party risk management, and vendor assessments.

3. We currently use AuditBoard for our GRC tool. Any exposure to that is a plus.

4. Experience as a System Administrator conducting user access reviews and disaster recovery planning will be beneficial to this position.

5. Project Management skills are desirable because the candidate will need to be able to prioritize and juggle many security assessments while meeting deadlines.

This role will work a hybrid schedule that will offer flexibility on when the employee comes into the office after their initial training period. This team is known for innovation and excellence and has a lot of creativity, curiosity, and passion when finding solutions for our stakeholders.

What we do here changes the world. UTHealth Houston is Texas's resource for healthcare education, innovation, scientific discovery, and excellence in patient care. That's where you come in.

Once you join us, you won't want to leave. It's because we reward our team for the excellent service they provide. Our total rewards package includes the benefits you'd expect from a top healthcare organization (benefits, insurance, etc.), plus:

• 100% paid medical premiums for our full-time employees
• Generous time off (holidays, preventative leave days, both vacation and sick time - all of which equate to around 37-38 days per year)
• The longer you stay, the more vacation you'll accrue!
• Longevity Pay (Monthly payments after two years of service)
• Build your future with our awesome retirement/pension plan!

We take care of our employees! As a world-renowned institution, our employees' well-being is important to us. We offer work/life services such as...

• Free financial and legal counseling
• Free mental health counseling services
• Gym membership discounts and access to wellness programs
• Other employee discounts include entertainment, car rentals, cell phones, etc.
• Resources for child and elder care
• Plus many more!

Position Summary:

The Information Security Analyst position requires the ability to conduct information security assessments in a complex and large organization. Requires technical knowledge, good communication, attention to detail, and organizational skills.

Position Key Accountabilities:

Administers tasks within the information security risk management program, including execution of risk assessments, corrective action planning, follow-up, and guidance.

Performs risk assessments of cloud applications and technologies that are compliant with appropriate requirements through the use of technology tools as available.

Understands academic, healthcare, and research business operations and provides input in the creation and modification of information security policies, procedures, guidance documents, and awareness efforts. Responsible for monitoring policy compliance and escalating to management as appropriate.

Performs application security compliance reviews of routine to moderate complexity, covering regulations including: Protected Health Information (PHI), Family Educational Rights and Privacy Act (FERPA), Personally-Identifying Information (PII) data, and Payment Card Industry Data Security Standards (PCI DSS) and facilitating review resolution activities including: report preparation, finding tracking and corrective action implementations.

Performs activities associated with a comprehensive vulnerability management program, including: device scanning, issue reporting, and remediation.

Performs other duties as assigned.

Certification/Skills:

Certification in information technology or information security (Security+, SSCP, HCISPP, CISA, CRISC, CDPSE, CCSP, etc.) is preferred.

Knowledge of application security requirements: cloud, web, mobile, and related compliance programs such as the Texas Risk and Authorization Management Program (TX-RAMP).

Knowledge and practical understanding of compliance requirements such as HIPAA, HITECH, HITRUST, FERPA, PCI, TAC 202, and relevant NIST standards, including SP 800-53 and 800-171.

Analytical skills to perform information security assessments, including the use of related technology tools.

Project Management skills r elated to IT projects.

Minimum Education:

Bachelor's degree with some training in information technology /security. May substitute required education with equivalent years of experience beyond the minimum experience requirement.

Minimum Experience:

At least one (1) year of experience in information technology /security, compliance, or auditing in a diverse, complex technology environment. Prefer those who have information security experience in some way through their work. Candidates with three to five years of specific security-related experience are preferred.

Physical Requirements:

Exerts up to 50 pounds of force occasionally and/or up to 20 pounds frequently and/or up to 10 pounds constantly to move objects.

Security Sensitive:

This job class may contain positions that are security sensitive and thereby subject to the provisions of Texas Education Code § 51.215

Residency Requirement:

Employees must permanently reside and work in the State of Texas.