Position Summary:

UTHealth Houston is looking for a Senior Information Security Analyst who will possess the ability to conduct compliance and security assessments in a very complex and large organization and the position requires advanced technical knowledge. Excellent verbal and written communication and organizational skills are integral to being successful in this role. The IT Security - Risk Management and Consulting team—of which this position is a member-provides guidance to the organization; thereby, the person in this position needs to exhibit a leadership mindset.

Over the next year the person in the position is expected to:
1. Expand the maturity of the existing risk management process into a robust risk management program. Doing so requires that the person in the position possess analytical skills to perform security assessments using a variety of tools—some of which the professional in this position may need to create.
2. Improve the risk and compliance management processes through orientation and execution of a granular risk assessment process. We need to accomplish this for the entire organization. Corrective action planning, follow-up and roadmap tracking/guidance will be a key function of this position.
3. Understand UTHealth education, healthcare and research business operations and provide guidance to the organization. The position will also provide guidance/leadership in the creation and modification of security policies, procedures, guidance documents and security information/awareness efforts.

Accomplishing the above goals will require talking to many different people some of whom are not IT folks, but rather business leaders throughout the organization and people outside of the organization. It will also require attention to details, prioritization, tracking progress, reports and follow-up e-mails and meetings. At the heart of it all, you still need to be technical so that you can measure and communicate the relevant risks and possible solutions.

Are you still interested?
If so, we would like to talk to you about a challenging and rewarding Information Security position.

This is a full time role that requires the employee to report to a location in the Texas Medical Center. They will office out of our University Center Tower in a hybrid schedule of working remotely and on-site when needed. It is eligible for full benefits from UTHealth Houston including great medical coverage options and an excellent retirement package from the State of Texas.

Position Key Accountabilities:

1. Provides technical leadership and support in the selection, configuration, and maintenance of security and software, utilities, and hardware.
2. Manages projects and supervises Information Security Staff and/or resources as relating to departmental projects and key initiatives as required by Chief Information Security Officer.
3. Maintains current understanding of IT audit techniques, information security best practices, policies and procedures including Federal, State and other applicable regulatory requirements and guidelines (HIPAA, FERPA, NIST, PCI DSS, TAC 202).
4. Evaluates cost effective alternatives to current information security program components.
5. Participates in annual review of all information security policies, standards, procedures and guidelines; recommends amendments; assures alignment with current regulatory requirements.
6. Monitors and enforces compliance with information security policies, standards, procedures and guidelines.
7. Responsible for developing, implementing, and maintaining an ongoing IT security awareness and employee training program for the entire UTHSC-H.
8. Conducts risk and security assessments, facilitates disaster recovery planning, and supports business continuity efforts for business critical systems. Evaluates results with system owners and custodians.
9. Provides information security consulting on a variety of technologies and processes.
10. Performs periodic penetration tests and vulnerability scans. Reviews results for evidence of vulnerability or compromise; assist in or facilitate the implementation of resolution. Track resolution of findings and prepare reports.
11. Manages enterprise configuration/vulnerability management program, web application firewalls, and security scans to identify and correct security gaps. Prepares remediation reports and provides technical mentorship and guidance for various levels of operations staff.
12. Participates, develops and facilitates activities in support of Computer Security Incident Response Team (CSIRT) efforts. Coordinates initial assessments including severity, potential impact and resolution efforts with fellow CSIRT members.
13. Works with clinical, academic, and administrative application groups to design, develop, and deploy automation solutions with minimum supervision.
14. Provides support for enterprise account life-cycle management including, but not limited to account provisioning, account de-provisioning, authentication and authorization.
15. Monitors system log information for evidence of compromise; respond to and report security incidents.
16. Provides forensic analysis and support for compliance and other security related investigations; provides summary analysis as necessary.
17. Initiates and participates in periodic security audits; test controls; prepare reports and make recommendations as necessary.
18. Performs other duties as assigned.