Join our Talent Network
Skip to main content

*Important Notice:

Applying for Jobs:

Thank you for your continued interest in career opportunities with UNC Health! Please note the following:

  • If you are a current State employee of UNC Health and are looking to apply to an NC Health position, please close this notice and continue your job search and application as an external applicant.
  • If you are a current NC Health employee of UNC Health and looking to apply to a State position, please close this notice and continue your job search and application as an external applicant.
  • If you are a State or NC Health employee of UNC Health applying to a position within your current payroll entity (example: State to State or NC Health to NC Health), please apply as an internal applicant through Employee Self Service.
  • If applying internally though Employee Self Service, please be sure to have your employee ID number and UNC Health email address readily available.

Discovery Employee Referral Program:

Current employees, looking to refer someone? Check out our Discovery Employee Referral Program to earn extra cash!

** Due to the recent switch in our HR and application systems, our HR team is working hard towards implementing a new and improved, mobile friendly Employee Referral solution expected to launch this summer. For applicable positions and referral guidelines, learn more here.

After reviewing the referral guidelines, in the interim, we ask that you submit your employee referral by filling out this form. Please ensure that you submit your referral before your referral has applied to the position. Thank you for your patience during this transition.

myCareer Development Resources:

Current UNC Health employees also now have access to our myCareer - Career Development Resources, which provide tools and guidance to employees to create a career plan.


Need further assistance? Please submit a request through the myHR Portal.

HCS Information Security Analyst Senior - EMR & Clinical Data Environment - IT Security

Job ID: 1138
Location: Morrisville, NC
Facility/Division: Shared Services
Status: Full Time
Shift: Day Job

Did you know UNC Health has Ranked #2 Most Trusted Healthcare Brand in the U.S.? The UNC Health brand was ranked as the #4 healthcare brand in the United States overall and the #2 most trusted healthcare brand, just after Johns Hopkins and before Mass General. Join our One-Great-Team!

Job Description


Become part of an inclusive organization with over 30,000 diverse employees, whose mission is to improve the health and well-being of the unique communities we serve.

This position may involve support of various hospitals and health care systems within the UNC Health Care System, but will be employed by Rex Hospital, Inc. (this includes, but is not limited to, for purposes of payroll, health benefits, retirement options, and applicable policies).

The Information Security Office of the UNCHCS Information Services Division is looking for an IT professional experienced in design, development, configuration, implementation and technical support of clinical systems with large medical databases. This role is intended to improve the UNCHCS security posture with continuous assessment and remediation of security flaws in the UNCHCS clinical data warehouse, EMR and medical data archive applications and databases, configuration, change and support process and privileged accesses. The focus of this position is on health care application software and databases security (versus infrastructure security). As such, the candidate filling this position will bring expert knowledge and experience of health care application and database security pitfalls and controls learned from experience performing design, development, configuration, implementation or technical support of health care applications and databases.

Description of Job Responsibilities:

1. Security Architecture, Consulting and Evaluation – Document and maintain security architecture of assigned UNCHCS health care applications and databases using diagrams and narratives. Maintain and improve standards, processes and tools to perform repeatable security evaluations on assigned UNCHCS health care applications and databases. Perform baseline and recurring security evaluations after major changes to applications and databases, and to the security threat landscape.

2. Information Security Risk Analysis – Develop, improve and apply tools, methods and processes to analyze risk from threats and vulnerabilities to assigned UNCHCS health care applications and databases. Write appropriate recommendations that will bring risks to an acceptable level. Develop and deliver audience appropriate information security assessment and recommendation presentations and reports. Work with applications and database support teams to plan and implement remediation actions. Establish and maintain sound metrics to track and demonstrate information security improvement and risk management of assigned UNCHCS health care applications and databases over time.

3. Vulnerability Management – Configure, improve and apply UNCHCS vulnerability management tools and processes to assigned UNCHCS health care applications and databases.

4. Data Analysis - Analyze security threat intelligence sources pertinent to assigned UNCHCS applications and databases.

Select log data from multiple sources (i.e. dataflow logs, web logs, application logs, database logs, user and administrator activity logs) for security event information management (SIEM) system ingest, that are relevant to a real or potential information security breach to assigned UNCHCS health care applications and databases, or to support decision making and risk mitigation. Tune and calibrate SIEM system inputs and output algorithms for early detection of threats to assigned UNCHCS applications and databases.

5. Security Incident Prevention, Detection and Handling – Apply UNCHCS and Information Services Division incident management policy, standards and procedures. Research, evaluate, recommend, design, implement or utilize security solutions to prevent and detect security incidents that target health care applications and databases. Such tools include but are not limited to, data loss protection (DLP) systems, security incident event management (SIEM) systems, and security functionality built into health care applications and databases (i.e. security event logging, configuration management.) Monitor application and database log data and SIEM outputs, recognize anomalous behavior, and research, handle and escalate security incidents appropriately. Write professional and factual incident reports. Make and implement recommendations for assigned UNCHCS applications and database security incident preparedness, recovery and prevention.

6. Project Management - Lead discovery and information gathering sessions. Perform alternatives analysis documenting pros and cons, cost, feasibility, risk and other information to support a decision to select the best solution. Manage small to medium projects; assemble project participants to organize work to complete specific tasks on projects. Organize and facilitate meetings to identify and remove barriers, and to progress work that advances the security agenda. Follow-up with assignees on incomplete tasks and open issues. Provide detailed communication between disparate teams to keep project moving.

7. Other – Train and assist less experienced staff with respect to health care application and database security pitfalls and controls. Take on-call for urgent security events.

Other Information

Other information:
Education Requirements:
● Bachelor’s degree in Computer Science, Information Systems Management or a related field (or an equivalent combination of education, training and experience) required.
Licensure/Certification Requirements:
● No licensure or certification required.
Professional Experience Requirements:
● If a Bachelor's degree: Eight (8) years in professional IT positions, with 4 years of experience in related job functions required.
● If an Associate's degree: Twelve (12) years in professional IT positions, with 4 years of experience in related job functions required.
● If a high school diploma or GED: Sixteen (16) years in professional IT positions, with 4 years of experience in related job functions required.
Knowledge/Skills/and Abilities Requirements:
● #NAME?

Job Details

Legal Employer:

Entity: Shared Services

Organization Unit:  

Work Type: Full Time

Standard Hours Per Week: 40.00

Work Schedule: Day Job

Location of Job: US:NC:Morrisville

Exempt From Overtime: Exempt: Not Applicable

This position is employed by NC Health (Rex Healthcare, Inc., d/b/a NC Health), a private, fully-owned subsidiary of UNC Health Care System, in a department that provides shared services to operations across UNC Health Care. This is not a State employed position.
Share: mail
Testimonial: Alan Ulrich image
Testimonial: Alicia Crutchfield image
Testimonial: Erik Hernandez image
Testimonial: Melissa Veg image
Testimonial: Ray Olivo image
Testimonial: Trent Abraham image
Testimonial: Yessenia Rodriguez image
Recent Job Searches
Recently Viewed Jobs

Diversity Statement

The UNC Health System and the UNC School of Medicine are committed to valuing all people throughout our organization, regardless of background, lifestyle, and culture. A diverse and inclusive work environment for staff and culturally appropriate care for our patients, are essential to fulfilling our UNC Health vision of improving the health of all North Carolinians.

Equal Employment Opportunity

UNC Health is an equal opportunity employer. As such, UNC Health offers equal employment opportunities to applicants and employees without regard to race, color, religion, sex, national origin, age, genetic information, disability, sexual orientation, gender identity or political affiliation.

To verify employment eligibility, UNC Health is committed to Form I-9 and the E-Verify process. Learn further E-Verify details in English or Spanish.

UNC Health supports your right to work. View the Right to Work Statement in English or Spanish.