• New Training Session Sign In Process

    We will be beta testing a barcode based sign in process (replacing the physical sign-in sheets) for our monthly training sessions. The barcode that will be used for the sign-in is at the bottom of the registration confirmation email. You can use your cell phone or a paper print out of the registration confirmation email to sign in. This will enable us to track attendance better and also enable uploading of session CPEs directly to ISACA International.

Duke University

Duke Health System - Information Security Analyst

Return to Postings
Posted On:
Closing On:
05-Tue-2019
05-Tue-2019

Job Description:

DHTS INFORMATION SECURITY ANALYST

DHTS - INFORMATION SECURITY ADMIN

Job Description

DHTS INFORMATION SECURITY ANALYST
Information Security Incident Reporting and Compliance Analyst
 Job Description
General DescriptionThe Information Security Incident Reporting and Compliance Analyst provide support for a variety of operational functions as part of the Duke Health Information Security Office (ISO).  Information Security Incident Reporting and Compliance Analyst helps manage the documentation, classification, tracking, reporting, and remediation of security incidents throughout the incident lifecycle, and helps meet Duke’s legal, regulatory, and institutional requirements relating to incident response. The position provides expertise in: defining requirements, project management, business writing, and IT security. The Information Security Incident Reporting and Compliance Analyst work with the Computer Security Incidence Response (CSIRT) team and other functional areas within Duke Health to ensure proper handling of incidents.
 
Duties and Responsibilities

  • Develop an understanding of key Duke Health technology and systems.
  • Develop computer security incident reporting SOPs and WIs and related forms
  • Document computer security incidents using a standard report form
  • Write incident reports
  • Document incident classification framework and document incidents in accordance with the framework
  • Help ensure the confidentiality of documentation
  • Ensure that there is evidence for report conclusions
  • Document interviews of key personnel
  • Track incidents through their lifecycle, from initial notification to resolution
  • Ensure that collected evidence maintains its forensic value
  • Ensure that all follow-up activities are conducted, and the investigation lifecycle is a closed loop and future safeguards are implemented.
  • Ensure that information security incident playbooks are kept up-to-date.
  • Track remediation of security incidents
  • Participate in other activities unrelated to incident response necessary to support the information security program, such as regulatory compliance activities, vendor evaluations, and writing SOPs for information security activities.

 

Preferred Skills:

Education
 
Bachelor’s degree in a related clinical or technical field, or four years of equivalent technical experience required.
 
Experience
 
No prior information security experience is required, however, persons with experience in information technology, project management or technical writing fields are preferred.
 
Level 1 - No experience required beyond the minimum education (or equivalency) requirement.


Degrees, Licensure, and/or Certification:

Level 1, 2 and 3 - Bachelor's degree in a related clinical or technical field, or four years of equivalent technical experience required. Level 3 - A Master's degree in computer science, information systems, business management, engineering, mathematics, healthcare, a physical science, or other related field is preferred.

One or more information security industry certifications (e.g. CISSP, CISM, CISA, CEH, or equivalent) are preferred.

Additional technical or management certifications (e.g. MCSE, CCNP, CCIE, or PMP) 
 
The ideal candidate will hold a PMP, Security+ or other general security certification
 
Knowledge, Skills, and Abilities:
 
The Information Security Incident Reporting and Compliance Analyst will possess experience one or more of the following areas:  

 

  • Project Management
  • Technical writing
  • Network security or operations
  • Server operating systems
  • Vulnerability scanning tools and management practices
  • Must have a working knowledge of the HIPAA Security Rule, FISMA, or the NIST Cybersecurity Framework.
  • The ideal candidate will have demonstrated the following characteristics through past professional and educational experiences:
  • A broad understanding of multiple IT disciplines and technologies
  • Strong focus on customer satisfaction
  • Strong written and oral communication skills
  • Strong critical thinking, analytical, and problem-solving skills
  • Able to work independently or as part of a team as necessary
  • Able to effectively prioritize tasks with competing deadlines
  • Self-starter who is able to effectively use professional judgment and work with minimal direction
  • Excellent interpersonal skills with a demonstrated ability to build relationships with colleagues, customers, vendors, and other third parties

Job Code

3843 DHTS INFORMATION SECURITY ANALYST

Requisition Number

401592319

Location

Durham

Duke Entity

HEALTH SYSTEM

Job Family Level

CD

Full Time / Part Time

FULL TIME

Regular / Temporary

Regular

Shift

First/Day

Minimum Qualifications

Duke University is an Affirmative Action/Equal Opportunity Employer committed to providing employment opportunity without regard to an individual's age, color, disability, gender, gender expression, gender identity, genetic information, national origin, race, religion, sex, sexual orientation, or veteran status.

Duke aspires to create a community built on collaboration, innovation, creativity, and belonging. Our collective success depends on the robust exchange of ideas—an exchange that is best when the rich diversity of our perspectives, backgrounds, and experiences flourishes. To achieve this exchange, it is essential that all members of the community feel secure and welcome, that the contributions of all individuals are respected, and that all voices are heard. All members of our community have a responsibility to uphold these values.

Essential Physical Job Functions: Certain jobs at Duke University and Duke University Health System may include essential job functions that require specific physical and/or mental abilities. Additional information and provision for requests for reasonable accommodation will be provided by each hiring department.


Education
Level 1, Bachelor's degree in a related clinical or technical field, or four years of equivalent technical experience required. LICENSURE/CERTIFICATION: LEVEL 1: In addition to the requirements described one or more information security industry certifications (e.g. CISSP, CISM, CISA, CEH, or equivalent) are preferred. Additional technical or management certifications (e.g. MCSE, CCNP, CCIE, or PMP) are preferred. 

Experience
Level 1 - No experience required beyond the minimum education (or equivalency) requirement.

Degrees, Licensures, Certifications
N/A

Auto req ID

113100BR

Powered by JobGrok