"IT Security Analyst - College of Optometry"

Department:

Dean, Optometry

Salary:

Commensurate with Experience/Education

Description:

Performs security risk analysis and assessments associated with information resources, risk management policy development and product assessments. Maintains day-to-day responsibility for security management of the University Network and IT assets. Pursuant to the State of Texas Executive Order No. GA-48, this position researches, works on, or has access to critical infrastructure and requires the ability to maintain the security or integrity of the University infrastructure. This position requires personnel be routinely reviewed to determine whether or not criminal history or continuous connections for the government or political apparatus of a foreign adversary might prevent the employee from being able to maintain the security or integrity of the infrastructure.

1. Participates in the information security risk management policy development process.
2. Assist team in providing project management plans and status reports related to network vulnerabilities and intrusion detection. Perform security risk analysis, intrusion detection, and vulnerability assessments associated with information resources, risk management, policy development and product assessment.
3. Works closely with the University of Houston System and component campuses to provide assistance and strategic direction for information security risk analysis, assessments and custom information security risk management requirements and processes.
4. Maintains baseline of information security risk management requirements and processes for the University.
5. Applies defined security analysis methodologies to networks and systems. Identifies countermeasure options to support customers in choosing the best solutions to satisfy budget, functionality, security, and other critical requirements.
6. Collaborates with the Department to provide technical guidance in all areas as it relates to information security risk management and information security project management.
7. Provides short-turnaround assessment of critical risk management requests in support of the MIS and ISS.
8. Assists Department with research related to present and future information security risk management technologies and processes.
9. Assists with gathering information for the University internal Audit auditors, during IT audits and assess items presented in Change Control for non-compliance with policy.
10. Performs other duties as assigned.

The ideal candidate for this position should possess the following:

1. Ability to serve as the college IT Security Officer
2. Work experience with Clinic Operations personnel to ensure IT security regulations and compliance.
3. Previous experience conducting unit risk assessments, risk analysis, and security threat responses.
4. Knowledge and experience with compliance related to both the required and addressable, technical, administrative and physical safeguards in accordance with applicable federal and state laws, especially the HIPAA Security Rules.

Preferred Qualifications:

1. Baccalaureate degree in Information Systems, Cybersecurity or related IT / Healthcare field.
2. Knowledge and experience in state and federal information security laws, including but not limited to HIPAA, including NIST, PCI and all other applicable regurgitations.
3. a. Experience in securing cloud data management platforms within AWS; security of services such as IAM, Security Hub, Athena, Glue, Lake Formation, Step Functions, Lambda, S3, DynamoDB, Relational Database Service (RDS), Amazon EMR and Amazon Redshift.
   3.b. Security aspects to any of following:
   • (Preferably 3+ years) Experience in designing, implementing large scale Data Lake and Data Warehouse in the cloud
   • Experience in using one or more query languages (e.g. SQL, HiveQL, SPARQL), schema definition languages (e.g. DDL, SDL, XSD, RDF), and scripting languages (e.g. Python, Scala) to build a data solution
   • Understanding of distributed system concepts from storage and compute perspectives, including data persistence solutions (e.g. HDFS vs RDBMS), data integration techniques (e.g. ETL vs federation), database optimization (e.g. partitioning, distribution, indexing), and join algorithms (e.g. hash vs nested loop)
   • Experience in CI/CD automation for a data lake using CDK (Cloud Development Kit) or Terraform
4. Experience with healthcare data formats such as HL7/FHIR, genomics data, and medical imaging data.
5. Understanding of healthcare infrastructure and security requirements
6. Demonstrated organization, facilitation, written and oral communication, and presentation skills.
7. Recommended Security certification such as Certified in Healthcare Privacy and Security (CHPS) and/or other healthcare industry related security credentials.

Standard attachments:

Candidates interested in applying for the position must submit the following documents with the application:
• Cover letter describing the manner in which your experience applies to the posting.
• Resume
• Salary History (list Employer name, dates, and last salary)
• Three work references, including current and past supervisors. NOTE: We will maintain your confidentiality and notify you in advance of making contact with any of your references. References will be contacted only after the interviewing process has been completed.

Experience will be considered in lieu of education.
Education will be considered in lieu of experience.
This position is 100% on-site.

MQ:

Requires a thorough understanding of both theoretical and practical aspects of an analytical, technical or professional discipline; or the basic knowledge of more than one professional discipline. Knowledge of the discipline is normally obtained through a formal, directly job-related 4 year degree from a college or university or an equivalent in-depth specialized training program that is directly related to the type of work being performed. Requires a minimum of three (3) years of directly job-related experience.