MS Security Analyst

Senior Security Analyst
Full Time
Columbia, MD

The University of Maryland Medical System is a 14-hospital system with academic, community and specialty medical services reaching every part of Maryland and beyond. UMMS is a national and regional referral center for trauma, cancer care, Neurocare, cardiac care, women's and children's health and physical rehabilitation. UMMS is the fourth largest private employer in the Baltimore metropolitan area and one of the top 20 employers in the state of Maryland. No organization will give you the clinical variety, the support, or the opportunities for professional growth that you’ll enjoy as a member of our team. UMMS is currently seeking a Senior Security Analyst at our corporate office in Columbia, MD.

General Summary
The responsibility of the Senior Security Analyst is to increase information confidentiality, integrity, and availability through the integration of security policies, security awareness, access controls and environmental controls.  Responsibilities include working with the Information Security team, technologies teams and business to develop, maintain and monitor an effective Information security program which is designed to ensure the logical and physical protection of the company’s technical resources which include information, equipment and software.

Principal Responsibilities and Tasks
The following statements are intended to describe the general nature and level of work being performed by people assigned to this classification.  These are not to be construed as an exhaustive list of all job duties performed by personnel so classified.

Policies, procedures and awareness

1. Leads the effort to develop security standards, procedures, and guidelines for multiple platforms, applications and diverse systems environments as well as evaluating existing information security procedures and identifying new areas of risk.
2. Leads the effort to develop, enhance and implement security training program based on policies. 

Compliance:

 

1. Works with Compliance, Privacy and Legal to meet the requirements of Meaningful Use and Litigation Hold.
2. Manages UMMS compliance with industry and statutory data needs and statutes such as HIPAA & HITECH regulations and Medicare and Medicaid Electronic Health Record (EHR) Incentive Program rules and requirements.  Identifies regulatory changes that will affect information security policy, standards, and procedures and recommends appropriate changes.  Prepares action plan and monitors corrective measures to maintain adequate level of security to meet audit and regulatory requirements.

Testing and Remediation:

 

1. Coordinates the efforts, assist in the responses and tracks the remediation of Information Security Program Assessments and Risk Assessment.  Coordinated internal and external audits related to Information Security.

Identity Management:

 

1. Develops and manages role-based access requirements, methods, processes and tools, including identify and authentication management.

Data Classification:

 

1. Manage the information lifecycle, including information inventory, classification, handling, retention and disposal.

Disaster Recovery:

1. Establish updates and maintains the IT Disaster Recovery and Business Impact analysis efforts. Coordinates and documents table top exercises and Disaster Recovery tests.

Vendor Reviews:

1. Conduct Vendor Security Risk Assessments to determine which vendors have access to confidential information and perform detailed assessment based on the risk.

Security Project Management:

1. Perform project leadership tasks on select security projects
2. Maintain a solid familiarity with HIPAA/HITECH/Meaningful Use Security and Privacy related regulations.
3. Participates and/or leads security projects, estimates costs, time frames, staffing requirements and prepares cost justifications for assigned project.  Uses status reports for project oversight.

 

Education and Experience

1. Bachelor's Degree in computer science, a health, science, or business field, or an equivalent level of professional experience required. Master’s degree preferred. Additional Certifications may be required. CISSP, CISA, CISM, CGEIT, CRISC, CHC, CHPS, CIPP, PMP, ITIL v3 preferred.
2. Five (5) years in Information Technology related experience.
3. Three (3) or more years’ experience in IT security.
4. Experience in working with compliance and regulatory program requirements. Experience with IT governance, policies, access controls and compliance.  Proven project management and organizational skills, specifically managing multiple concurrent projects. Excellent analytical, problem solving and decision making skills, applied with a solution-focused attitude. Excellent written communication skills, demonstrating the ability to write with purpose, clarity, and accuracy. Strong self-directed work habits, exhibiting initiative, drive, creativity, maturity, self-assurance and professionalism. Excellent teamwork skills.
5. Experience working in a healthcare environment is preferred.

Knowledge, Skills and Abilities

1. Ability to perform and teach analysis and problem solving principles with emphasis in user relations, data gathering techniques, and management information applications to IT staff is required.  Serves as a resource to others in the resolution of complex problems and issues.
2. Demonstrates ability to develop complex specifications for all aspects of applications, and familiarity with problem analysis, hardware/software configurations and application integration.
3. Able to teach application functionality, design standards, process changes to the end user community and train the trainer.
4. Makes recommendations regarding the integration/relationship between and among organizational applications.
5. Effective customer service skills, with the ability to work with all levels within the organization
6. Ability to teach a project team of analysts, end users and consultants skills required to coordinate daily activities, delegate responsibilities, tasks and review/validate work.
7. Effective verbal and written communication skills are necessary to advise and consult with user personnel and make formal presentations of project findings and recommendations.
8. Able to teach security application functionality, design standards, and problem solving tools. 
9. Excellent organization skills; demonstrates confidence and creativity.

All your information will be kept confidential according to EEO guidelines.