Senior Information Security Analyst - Research (Remote)

Job Description

Collaborates closely with Research Information Security Specialist and Enterprise Digital Services (EDS) IT Security team to develop and implement security measures and controls for research platforms and applications. Plans, designs, implements, and provides ongoing support for the organization security technologies. Assists other associates with regard to training and work assignments.

Job Responsibility

• Develops and executes audit plans focused on IT infrastructure and cloud environments.

• Collaborates with stakeholders to establish audit objectives, scope, and timelines.

• Ensures that IT infrastructure and cloud operations comply with relevant regulations, standards, and best practices

• Tests the effectiveness of IT controls related to security, performance, and data integrity in cloud-based environments.

• Documents audit findings and prepare detailed reports that outline risks, control weaknesses, and recommendations

• Works closely with IT teams, management, and external auditors to communicate findings and recommend corrective actions.

• Presents audit results and provide insights to senior management and relevant stakeholders.

• Monitors systems for security breaches, investigates incidents, recommends enhancements to improve Northwell's research security posture.

• Plans and delivers research-specific security awareness training for investigators and all Northwell employees who conduct research.

• Assists in requirements analysis for new applications and tools, recommending solutions that most closely align with research and Northwell policies.

• Serves as a technical lead for hardware installation, configuration, and operational support of the security infrastructure; provides technical support to technical teams to resolve security issues and to support the implementation of new solutions.
• Provides support for the IT Security technologies.
• Evaluates new security technologies and recommends opportunities that would enhance the security architecture; ensures applicable information security design considerations are appropriately included in all new and existing Health computing environments.
• Oversees the build, configuration, and maintenance of all security technologies within the environment.
• Guides the development of application/system specific security hardening guidelines.
• Reviews and validates that network infrastructure and endpoint device configurations comply with the latest industry standards and framework.
• Recommends security enhancements and upgrades to network, infrastructure, and application environments.
• Engineers, implements and monitors security measures for the protection of computer systems, networks, and information.
• Identifies and designs system security requirements.
• Designs computer security architecture and develops detailed information security designs and controls.
• Operates under limited guidance and work assignments involve moderately complex to complex issues where the analysis of situations or data requires in-depth evaluation of variable factors.
• Performs related duties as required. All responsibilities noted here are considered essential functions of the job under the Americans with Disabilities Act. Duties not mentioned here, but considered related are not essential functions.

Job Qualification

• Bachelor's Degree required, or equivalent combination of education and related experience.
• 3-5 years of relevant experience, required.

HIGHLY PREFERRED

• Healthcare industry expertise: Understanding the unique regulatory landscape of healthcare research, including HIPAA, HITECH, FDA, IRB requirements, and other relevant regulations.

• Risk assessment and mitigation: Ability to identify and assess research security risks, recommend mitigation strategies, and assist in implementing appropriate controls.

• Continuous learning: Staying abreast of emerging threats, best practices, and evolving regulations in research security.

• Certifications: Relevant certifications such as CISSP, CISM, CISA, or CRISC are highly preferred.

• Technical proficiency: Familiarity with relevant security technologies, including access control systems, data loss prevention tools, intrusion detection/prevention systems, and encryption technologies.

• It's also beneficial to have experience with specific research areas within healthcare (e.g., basic science, clinical trials, genomics research) and emerging technologies relevant to research security.

• Possesses analytical thinking and problem-solving abilities.

• Detail-oriented with strong organizational skills.

• Ability to work independently and collaboratively within a team.

• Proficient in relevant audit and compliance tools.

*Additional Salary Detail
The salary range and/or hourly rate listed is a good faith determination of potential base compensation that may be offered to a successful applicant for this position at the time of this job advertisement and may be modified in the future. When determining a team member's base salary and/or rate, several factors may be considered as applicable (e.g., location, specialty, service line, years of relevant experience, education, credentials, negotiated contracts, budget and internal equity).