The Cybersecurity - Principal IT Risk Analyst provides leadership in application risk assessments delivered to application and business owners. Also provides leadership in performing security architecture, and 3rd party vendor risk assessments. Educates user community through information security training programs as needed. Participates in incident response activities when issues relate to systems or regulatory matters. Establishes automated and manual monitoring of systems for continuous monitoring of the risk management process.
This role will function as a security officer for a designated security domain working with business and IT contacts within the domain. This will include performing necessary risk management tasks and providing leadership to team members to ensure that the risk management program is operating effectively and efficiently.
Provides leadership for the management and implementation of risk management program activities.
Conducts program and system focused risk assessments and mentors peers through the process.
Assists system owners with security best practices.
Participates and promotes relevant security training for personnel with risk management process responsibilities.
Leverages IT risk management and reporting tools for use in the risk management program.
Reviews system security controls, including hybrid and inherited controls to test compliance with security requirements.
Assists with the development of security related policies, standards, or procedures as needed.
Monitors, evaluates and periodically tests system security controls and techniques to ensure they are effective.
Assesses risk-waiver requests and provides recommendations for risk acceptance and remediation strategies.
The responsibilities listed are a general overview of the position and additional duties may be assigned.
Organizational Impact: Manages the security and compliance related projects/assignments that have a direct impact on goals/objectives of the unit/department that the job is in.
Problem Solving/ Complexity of work: Conducts extensive analysis of situations or data to resolve numerous, complex issues; may involve the input/work of others. Makes judgements and recommendations for managing risk in complex situations.
Breadth of Knowledge: Has in-depth level of knowledge regarding cybersecurity and privacy, including in depth knowledge and awareness of applicable compliance frameworks. Has working knowledge of other areas, including applicable technology stacks for the systems in the unit/department that the job is in. Team Interaction: May lead mid-sized projects; Team lead; coaches and guides team members.
RISK ASSESSMENT (ADVANCED): Demonstrates familiarity with professional risk assessment processes and understands risk prioritization. Evaluates risks with an eye toward regulatory concerns while staying aware of current attack vectors. Identifies viable mitigation strategies that can be presented to business owners for consideration. Documents risk findings and suggested mitigations in a concise manner that can be clearly communicated to stakeholders.
REGULATORY AWARENESS (ADVANCED): Demonstrates knowledge of healthcare regulations and security best practices. Identifies appropriate sources of governmental and industry guidance. Interprets regulations and guidance to assist application and business stakeholders with compliance and security best practice efforts.
SECURITY CONTROL KNOWLEDGE (ADVANCED): Understands and has direct familiarity with common information security technical toolsets (e.g. firewall, SIEM, IPS, vulnerability scanner, etc.). Demonstrates knowledge of non-technical controls (e.g. physical and administrative). Able to effectively communicate with teams directly administering controls to identify suitable responses to identified risks.
INCIDENT RESPONSE (INTERMEDIATE): Understands incident response processes and is able to work in a professional manner during an incident. Serves as a liaison between technical and non-technical parties. Has an understanding of the forensic process and is able to identify appropriate skillsets necessary to handle investigative activity.
USER TRAINING (INTERMEDIATE): Conducts formal, ad-hoc, and covert user training activities. Effectively communicates security risks to users of every skill level. Utilizes technical toolsets to aid and report on the training process (e.g. LMS, phishing campaigns, etc.)
Organizational Impact: Delivers projects/assignments that have a direct impact on goals/objectives of the unit/department that the job is in.
Problem Solving/ Complexity of work: Conducts extensive analysis of situations or data to resolve numerous, complex issues; may involve the input/work of others.
Breadth of Knowledge: Has in-depth level of knowledge within a professional area and working knowledge of other areas.
Team Interaction: May lead mid-sized projects; coaches and guides team members.
About the Department:
VUMC IT provides hardware, software and service solutions for the entire Medical Center. With over 40,000 workstations in the Medical Center, our teams can assist not only with hardware support, but also software and application support and services to enhance security and protection of your information.
Position Shift : Days
Discover Vanderbilt University Medical Center:
Located in Nashville, Tennessee, and operating at a global crossroads of teaching, discovery and patient care, VUMC is a community of individuals who come to work each day with the simple aim of changing the world. It is a place where your expertise will be valued, your knowledge expanded, and your abilities challenged. It is a place where your diversity -- of culture, thinking, learning and leading -- is sought and celebrated. It is a place where employees know they are part of something that is bigger than themselves, take exceptional pride in their work and never settle for what was good enough yesterday. Vanderbilt's mission is to advance health and wellness through preeminent programs in patient care, education, and research.
VUMC Recent Accomplishments
Because we are committed to providing the best in patient care, education and research, we are proud of our recent accomplishments:
US News & World Report: #1 Adult Hospital in Tennessee and metropolitan Nashville, named to the Best Hospitals Honor Roll of the top 20 adult hospitals, 10 nationally ranked adult specialty programs, with 3 specialties rated in the top 10 nationally, Monroe Carell Jr. Children's Hospital at Vanderbilt named as one of the Best Children's Hospital in the nation, with 10 out of 10 pediatric specialties nationally ranked.
Healthcare's Most Wired: Among the nation's 100 "most-wired" hospitals and health systems for its efforts in innovative medical technology.
Becker's Hospital Review: named as one of the "100 Great Hospitals in America", in the roster of 100 Hospitals and Health Systems with Great Oncology Programs and to its list of the 100 Hospitals with Great Heart Programs.
The Leapfrog Group: One of only 10 children's hospitals in the to be named at Leapfrog Top Hospital.
American Association for the Advancement of Science: The School of Medicine has 112 elected fellows
Magnet Recognition Program: Received our third consecutive Magnet designations.
National Academy of Medicine: 22 members, elected by their peers in recognition of outstanding achievement
Human Rights Campaign Healthcare Equality Index: 6 th year in a row that Vanderbilt University Medical Center was a Leader in LGBTQ Healthcare Equality.
Vanderbilt University Medical Center is home to Vanderbilt University Hospital, The Monroe Carell Jr. Children’s Hospital at Vanderbilt, the Vanderbilt Psychiatric Hospital and the Vanderbilt Stallworth Rehabilitation Hospital. These hospitals experienced more than 61,000 inpatient admissions during fiscal year 2015. Vanderbilt’s adult and pediatric clinics treated nearly 2 million patients during this same period. Vanderbilt University Hospital and the Monroe Carell Jr. Children’s Hospital at Vanderbilt are recognized again this year by U.S. News & World Report’s Best Hospitals as among the nation’s best with 18 nationally ranked specialties. Vanderbilt University Medical Center is world renowned because of the innovation, work ethic and collegiality of its employees. From our health care advances to our compassionate care, Vanderbilt owes its accomplishments and reputation to staff and faculty who bring skill and drive and innovation to the medical center day after day. World-leading academic departments and comprehensive centers of excellence pursue scientific discoveries and transformational educational and clinical advances across the entire spectrum of health and disease.As t...he largest employer in middle Tennessee, we welcome those who are interested in ongoing development in a caring, culturally sensitive and professional atmosphere. Most of us spend so much of our lives at work, we want to be part of maintaining a workplace in which people support one another and encourage reaching for excellence. Many high-achieving employees stay at Vanderbilt because of the professional growth they experience and because of their appreciation of Vanderbilt’s benefits, public events and discussions, athletic opportunities, beautiful setting and, above all, sense of community and purpose.Vanderbilt and its employees share a set of mutual expectations that have been created with productivity, legality, fairness and safety always in mind. We believe that our investment in training and compensating employees multiplies in value when we enable individuals to deliver their best performance for the benefit of us all.