Thank you for your continued interest in career opportunities with UNC Health! Please note the following:
**This referral program is applicable to teammates within UNC Health's core facilities and divisions. This includes UNC Health Caldwell, UNC Health Chatham, UNC Health Alliance, UNC Hospitals (UNC Medical Center, UNC Hillsborough, and UNC Faculty Physicians), UNC Health Johnston, UNC Physicians Network, UNC Health Rex, UNC Rex Holly Springs, UNC Health Rockingham, and Shared Services.**
Current teammates, looking to refer someone? Check out our Teammate Referral Program to earn extra cash!
Current teammates, please ensure that you submit your candidate in our system, before they apply. For teammate referral guidelines and eligibility, click here.
Job ID: 163924
Location: Morrisville, NC
Facility/Division: Shared Services
Status: Full Time
Shift: Day Job
Description
Become part of an inclusive organization with over 40,000 teammates, whose mission is to improve the health and well-being of the unique communities we serve.
Summary:
HCS - Information Security Analyst will protect institutional and patient data and IT assets from a variety of threats that cause a data breach, data destruction or prolonged downtime. Provide technical expertise of information security appliances, software and hardware which deliver defense in depth protection of information technology resources and confidential data across the health system. Engage in projects, requirements analysis, security solutions research, and implementation of security technologies. Security incident response including, detection, containment, recovery, forensics and reporting. Assemble data from different sources for analysis.
Responsibilities:
1. Vulnerability Management - Maintains inventories and inventory processes of information resources protected by security regulations so vulnerability assessments can be performed. Uses tools and processes to effectively carry out vulnerability testing. Interprets scanning or testing results and provides consultation to network, workstation, systems, or web-applications administrators regarding system and application weaknesses. Appropriately escalates issues presenting unacceptable risk to the institution. Monitors risk mitigation progress.
2. Security Architecture, Consulting and Evaluation - Assists in materializing security architecture into projects. Develops and maintains and applies tools, processes and procedures to evaluate suitability of security configuration and feature offerings of proposed systems.
3. Information Security Risk Analysis - Develops, maintains and applies tools, methods and processes to collect and assemble data for input into the risk analysis process. Makes recommendations for corrective action for vulnerabilities that present unacceptable risk to the organization. Monitors progress for corrective action and assists action teams in making progress.
4. Security Incident Prevention, Detection and Handling - Applies incident management policy, standards and procedures to real or potential security incidents. Assists in research, evaluation and implementation of security technologies such as web content filtering systems, email filtering systems, end point protection systems, network firewall systems, intrusion prevention and detection systems (IDS/IPS), data loss protection (DLP) systems, security incident event management (SIEM) systems to prevent, detect and respond appropriately to threats to confidential information and information resources. Monitors security systems; recognizes anomalies of various systems, and handles or escalates appropriately. Writes professional and factual incident reports. Makes recommendations for recovery and prevention process improvements.
5. Data Analysis - Tunes and calibrates security systems to improve effectiveness. Analyzes and correlates network dataflow logs, web logs, computer and application user activity logs, and security incident logs for information relevant to a real or potential information security or privacy breach or to support decision making and risk mitigation.
6. Project Work – Contribute expertise in discovery and information gathering sessions. Participate in alternatives analysis evaluating pros and cons, technical feasibility, risk and other information to support a decision to select the best solution. Complete assigned project tasks on time. Communicate issues for timely resolution. Work with other project team members to remove barriers to progress. Communicate progress with project leader.
7. Other – Trains and assists less experienced information security staff and IT staff regarding security methods for systems they support. Takes on-call for urgent security events.
Education Requirements:
● Bachelor’s degree in Computer Science, Information Systems Management or a related field (or an equivalent combination of education, training and experience) required.
Licensure/Certification Requirements:
● No licensure or certification required.
Professional Experience Requirements:
● If a Bachelor's degree: Four (4) years in professional IT positions, with 2 years of experience in related job functions required.
● If an Associate's degree: Six (6) years in professional IT positions, with 2 years of experience in related job functions required.
● If a high school diploma or GED: Eight (8) years in professional IT positions, with 2 years of experience in related job functions required.
Knowledge/Skills/and Abilities Requirements:
● Troubleshoot, analyze, and test solutions to technical problems.
● Ability to work well in a team environment.
● Ability to successfully manage multiple tasks simultaneously.
● Ability to write audience appropriate reports, standards, process, and procedures.
Legal Employer: NCHEALTH
Entity: Shared Services
Organization Unit: ISD Information Security
Work Type: Full Time
Standard Hours Per Week: 40.00
Salary Range: $35.52 - $51.05 per hour (Hiring Range)
Pay offers are determined by experience and internal equity
Work Assignment Type: Hybrid
Work Schedule: Day Job
Location of Job: US:NC:Morrisville
Exempt From Overtime: Exempt: Yes
This position is employed by NC Health (Rex Healthcare, Inc., d/b/a NC Health), a private, fully-owned subsidiary of UNC Health Care System, in a department that provides shared services to operations across UNC Health Care; except that, if you are currently a UNCHCS State employee already working in a designated shared services department, you may remain a UNCHCS State employee if selected for this job.
Qualified applicants will be considered without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.
UNC Health makes reasonable accommodations for applicants' and employees' religious practices and beliefs, as well as applicants and employees with disabilities. All interested applicants are invited to apply for career opportunities. Please email [email protected] if you need a reasonable accommodation to search and/or to apply for a career opportunity.
UNC Health is an equal opportunity employer.
Qualified applicants will be considered without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, genetic information, disability, status as a protected veteran or political affiliation.
All interested applicants are invited to apply for career opportunities. Please refer to our Employment Application Accessibility page if you need a reasonable accommodation to search and/or to apply for a career opportunity.
To verify employment eligibility, UNC Health is committed to Form I-9 and the E-Verify process.
Learn further E-Verify details in E-Verify (English) or E-Verify (Spanish).
UNC Health supports your right to work. View the Right of Work Statement (English) or Right of Work Statement (Spanish).
View the KNOW YOUR RIGHTS (English) or the KNOW YOUR RIGHTS (Spanish)posters.
View the PAY TRANSPARENCY (English) or the PAY TRANSPARENCY (Spanish)Nondiscrimination provision posters.
View the Federal Workplace poster. View our EEO/AA Policy Statement.
