Apply Now Clicking "Apply Now" opens the link in a new window.

How to Apply

The Information Assurance: Michigan Medicine (IA:MM) team was established to protect systems, data, and identities that Michigan Medicine relies upon. The team educates and prepares staff and students for increasing cyber threats, and proactively mitigates IT security risks in partnership with the greater U-M community. The IA:MM team enables teaching, learning, research, and healthcare in a large, open environment by helping to balance risks and threats. IA:MM collaborates and coordinates with university efforts and participates in the development of university-wide security, compliance, and privacy strategies and strives to implement best practice cybersecurity efforts.

A cover letter is required for consideration for this position and should be attached as the first page of your resume. The cover letter should address your specific interest in the position and outline skills and experience that directly relate to this position.

Job Summary

The University of Michigan's Information Assurance team at Michigan Medicine (IA:MM) is seeking a candidate to fulfill the role of Security Analyst Associate. This role will join the Cybersecurity Operations Team within IA:MM. The team is responsible for security incident response services for servers, end user computers, and mobile devices within Michigan Medicine related to such areas as malware infections and network intrusions. Also, the team provides security consultation, as required, on a variety of subject areas and works with the appropriate data owners/stewards to safeguard sensitive data.

A successful Security Analyst Associate must be a motivated, creative, results-oriented, adaptable, and data driven professional that is willing to be part of the team helping to secure the highly dynamic environment within Michigan Medicine.

This position will also work with our third-party Managed Security Service Provider at their remote site with rotation to the onsite team.

Responsibilities*

  • Carry out activities (e.g. containment, eradication, restoration) in response to reported information security incidents and in accordance with established incident response procedures. Participate in lessons learned activities
  • Detect and prevent intrusions using IDS/IPS, SIEM, and other tools
  • Expose and/or assess the impact of reported vulnerabilities; implement mitigation strategies based on severity
  • Monitor and provide support Michigan Medicine around security policy and security standards
  • Identify sensitive data and provide input for proper storage and protection; assist with remediation efforts as required
  • Provide information security consulting for various Michigan Medicine groups and units requesting information assurance assistance on a project or long-term consulting basis
  • Participate as an information assurance subject matter expert in the analysis and design of new enterprise systems and services
  • Collaborate with the Compliance Office to determine applicability and scope of various regulations; assist in interpreting and/or implementing technical requirements to ensure compliance
  • Participate in the design, implementation, and continuous improvement of security service offerings
  • Build good relationships with teams, and stakeholders at all levels (e.g. management, colleagues, and employees) using strong competencies to build trust, change perceptions, effectively communicate, influence, and adapt
  • Continually improve security service solutions and offerings by keeping up-to-date on security conferences, seminars, reading, research, and testing

Required Qualifications*

  • Associate degree in Computer Science, Computer Engineering, or Information Assurance or an equivalent combination of education and experience
  • 2 years of information technology experience
  • Understanding of fundamental Operating System and TCP/IP Networking concepts
  • Understanding of fundamental information security concepts including: Authentication, Authorization, Audit, Encryption, Firewalls
  • Understanding of fundamental security related practices including: Risk Management, Incident Response, Vulnerability Management, Penetration Testing, IDS/IPS, System and Application Hardening, Identity and Access Management, Security Information and Event Management, Firewall management, IDS/IPS
  • Exposure to, experience with, responsibility for, and understanding of at least two of the security related technologies or practices listed in the previous two bullets
  • Outstanding verbal and written communication skills
  • Demonstrated success completing tasks within established deadlines

Desired Qualifications*

  • Exposure to, experience with, responsibility for, and deep understanding of at least four of the security related concepts or practices listed above
  • Experience performing information security risk assessments using an interview-based approach
  • Experience assessing the security architecture of proposed IT solutions
  • Understanding of security controls for Windows, Macintosh, Linux, and Networking platforms
  • Detailed understanding of the assurance implications associated with cloud-based solutions
  • Solid understanding of mobile device security issues, strategies, and controls
  • Possess Splunk Certified Power User or higher for the Intermediate and Splunk Certified User or higher
  • Experience securing virtualized environments
  • System administration background with Microsoft, Macintosh and *nix environments
  • Detailed understanding of the assurance implications of various regulatory and compliance requirements including PCI and HIPAA
  • Demonstrated success working across organizational boundaries

Background Screening

Michigan Medicine conducts background screening and pre-employment drug testing on job candidates upon acceptance of a contingent job offer and may use a third party administrator to conduct background screenings.  Background screenings are performed in compliance with the Fair Credit Report Act.

Mission Statement

The mission of UM Information Assurance is to direct university-wide IT security, IT policy, compliance, privacy, and enterprise continuity efforts and provide operation security services that enable the university to excel in its research, teaching, and patient care mission.

This role, as part of the academic medical center’s assurance program, is both part of UM Information Assurance and the Michigan Medicine Chief Information Officer’s program. The goal is to represent and balance the needs of the health system and medical school in the framework and processes of the greater UM Information Assurance effort.

Essential to the success of this position will be the ability to successfully navigate and work collaboratively with the IT organizations, assurance partners, technical security staff, and Michigan Medicine management and external organizations’ roles and priorities. We work in a highly collaborative environment with an extraordinary scope of responsibilities and priorities. A successful candidate will be required to operate with minimal supervision, deliver effective and predictable results, and solve problems creatively, yet practically. A candidate should be comfortable and confident in meeting deadlines and executing timely performance of operations and project work within shared systems of work. This organization changes to suit the needs of the institution. Candidates should understand the dynamic nature of information services within an academic health center, information technology operations, and medical education

Application Deadline

Job openings are posted for a minimum of seven calendar days.  This job may be removed from posting boards and filled anytime after the minimum posting period has ended.

U-M EEO/AA Statement

The University of Michigan is an equal opportunity/affirmative action employer.

U-M EEO/AA Statement

The Information Assurance: Michigan Medicine (IA:MM) team was established to protect systems, data, and identities that Michigan Medicine relies upon. The team educates and prepares staff and students for increasing cyber threats, and proactively mitigates IT security risks in partnership with the greater U-M community. The IA:MM team enables teaching, learning, research, and healthcare in a large, open environment by helping to balance risks and threats. IA:MM collaborates and coordinates with university efforts and participates in the development of university-wide security, compliance, and privacy strategies and strives to implement best practice cybersecurity efforts.

 

A cover letter is required for consideration for this position and should be attached as the first page of your resume. The cover letter should address your specific interest in the position and outline skills and experience that directly relate to this position.