Data Security Analyst Senior / Intermediate

How to Apply

A cover letter is required for consideration for this position and should be attached as the first page of your resume. The cover letter should address your specific interest in the position and outline skills and experience that directly relate to this position.

Job Summary

The University of Michigan's Information Assurance team at Michigan Medicine (IA:MM) is looking for a candidate to fulfill the role of Data Security Analyst Senior. You will support in developing and enhancing our organization's information security risk management and strategies. You will also help with the logistics for information security risk remediation throughout the Academic Medical Center and across the three missions of research, learning, and patient care. As a Data Security Analyst you will promote strategic and operational direction by ensuring the support of complex assessment systems, reporting and processes.

Who We Are

Opportunity

We are a team that focuses on how we can together help protect Michigan Medicine; it's patients, students, workforce, data, systems, and identities from cybersecurity threats. We champion our staff, their backgrounds, interests, and abilities with opportunities for training career growth in an increasing critical field.  In addition to the benefits of working at one of the best learning and research institutions in the world, we also promote the development of our talented staff's cybersecurity career within an equitable balance of work and home priorities. This position is being made available with the ability for you to negotiate alternative work schedules and remote/on-site options to suit your work-life balance. Non-Michigan residents should inquire about potential employment while working remotely in a state other than Michigan. Apply to be part of a strong team that partners with our institution, community, and each other.
 

Our Division's Mission 

We serve as a trusted partner and provides a best-in-class security program to uphold and protect the mission of Michigan Medicine.
 

Our Division's Vision 

We believe in cultivating a shared responsibility of security to enhance how we provide care, deliver education, and create innovation to protect the quality of healthcare.
 

Our Division's Principles

• Prioritize your self-care, family-care, team-care, then the work. 
• Implement balanced assurance solutions. 
• Strengthen our department's capabilities. 
• Develop an assurance-minded workforce.
• Focus on practical information assurance. 

Responsibilities*

• Prepare and review security assessments for new and existing information systems, applications, and information technology services of Michigan Medicine Service Providers for compliance with U-M and Michigan Medicine policy and procedure, as well as relevant legal and regulatory requirements and security standards.
• Use tools and methodology to assess the information security risks associated with sensitive and mission critical systems based on the NIST 800-53 security control framework.
• Mentor junior members of the team.  This may include reviewing work for adherence to standards, provide coaching guidance, and provide solutions to problems arising during assessments or other projects.
• Develop mitigation strategies to bring risk levels into an acceptable range and assist and support the Michigan Medicine Service Providers with those remediation activities.
• Identify information security risk areas where further awareness and training is needed.
• Compare, evaluate, and recommend improvements in policies, procedures, and technical safeguards to address significant risks to the security of Michigan Medicine information systems and data.
• Detect and/or assess the impact of reported vulnerabilities; implement mitigation strategies based on severity.
• Identify sensitive data and provide input for proper storage and protection.
• Make recommendations and participate in the development of information assurance policies and procedures.
• Participate in the development of education and awareness efforts and the timely dissemination of security information to staff and end users.
• Lead process improvement and problem management of risk management functions within the Michigan Medicine information assurance team.
• Balance and adjust security decisions based on qualified data with an understanding of operational business risks versus security threats.
• Build good relationships with teams, and stakeholders at all levels (e.g. management, colleagues, and employees) using strong competencies to build trust, change perceptions, effectively communicate, and influence.
• Provide input to the Health System Chief Information Security Officer in the strategic planning and improvement of security service capabilities.
• Communicate and coordinate with information sharing and analysis centers (H-ISAC)
• Collaborate with teams, stakeholders and business partners to understand and implement improvement opportunities.
• Ensure parameters are established and monitor process quality and performance metrics; create analysis and trending reports from performance data associated with process operation to influence decisions effectively in areas of risk management solutions and services.
• Inspire and influence teams including staff and Health Information Technology & Services business partners to deliver risk management solutions and offerings effectively to the academic medical center?s community.
• Continually improve security service solutions and offerings by keeping up-to-date on security conferences, seminars, reading, research, and testing.
• Guiding the development of information security standards, guidelines, and policy.
• Develop sound relationship with internal and external customers by providing accurate and effective support.

Required Qualifications*

Senior Level

• Bachelor's degree in computer science or a related field or equivalent combination of education, certification and experience.
• 5+ years demonstrated experience in information systems security.
• Demonstrated experience in conducting audits or risk assessments or using audit/assessment tools and methodologies.
• Demonstrated knowledge of National Institute of Standards and Technology (NIST) Risk Frameworks.
• Experience in IT auditing and/or information security consulting.
• Demonstrated knowledge of TCP/IP networking.
• Ability to contribute and collaborate effectively as a lead member of a highly functioning and productive team.
• Excellent organizational, analytical, and independent problem-solving skills.

Intermediate Level

• Bachelor's degree in computer science or a related field or equivalent combination of education, certification and experience.
• 2-3 years demonstrated experience in information systems security.
• Demonstrated experience in conducting audits or risk assessments or using audit/assessment tools and methodologies.
• Demonstrated knowledge of National Institute of Standards and Technology (NIST) Risk Frameworks.
• Experience in IT auditing and/or information security consulting.
• Demonstrated knowledge of TCP/IP networking.
• Ability to contribute and collaborate effectively as a lead member of a highly functioning and productive team.
• Excellent organizational, analytical, and independent problem-solving skills.

Desired Qualifications*

• Minimum of 7 years experience in information systems security.
• A security certification such as CISSP, CISA, GIAC-GSEC.
• Experience in a healthcare environment.
• Experience with vulnerability scanning and penetration testing tools and technology.
• Demonstrated understanding of security related technologies and practices including authentication and authorization systems, digital forensics, encryption, endpoint protection, education and awareness, firewalls, IDS/IPS, incident response, malware disassembly, mobile device security, NAC, secure code review, secure remote access, secure wireless networking, penetration testing, PKI, policy development, risk management, SIEM, threat modeling, two-factor authentication, vulnerability management, web application security, web application firewalls.
• Demonstrated understanding of attack methodologies and vectors.
• Ability to work independently and proactively.
• Ability to communicate effectively, both verbally and in writing. Demonstrated success giving presentations.
• Demonstrated success coordinating and completing multiple tasks within established and changing deadlines.

Modes of Work

Positions that are eligible for hybrid or mobile/remote work mode are at the discretion of the hiring department. Work agreements are reviewed annually at a minimum and are subject to change at any time, and for any reason, throughout the course of employment. Learn more about the work modes.

Underfill Statement

This position may be underfilled at a lower classification depending on the qualifications of the selected candidate.

Additional Information

Benefits

We offer a benefits package that includes comprehensive training and career development opportunities, generous retirement savings plans, ample paid time off, and a wealth of family care support: https://careers.umich.edu/benefits.

Background Screening

Michigan Medicine conducts background screening and pre-employment drug testing on job candidates upon acceptance of a contingent job offer and may use a third party administrator to conduct background screenings.  Background screenings are performed in compliance with the Fair Credit Report Act. Pre-employment drug testing applies to all selected candidates, including new or additional faculty and staff appointments, as well as transfers from other U-M campuses.

Application Deadline

Job openings are posted for a minimum of seven calendar days.  The review and selection process may begin as early as the eighth day after posting. This opening may be removed from posting boards and filled anytime after the minimum posting period has ended.

U-M EEO Statement

The University of Michigan is an equal employment opportunity employer.