Senior Information Security Analyst - Research (Remote)

Collaborates closely with the Research Information Security Specialist and the Enterprise Digital Services (EDS) IT Security team to develop and implement security measures and controls for research platforms and applications. Plans, designs, implements, and provides ongoing support for organizational security technologies. Assists other associates with training and work assignments.

1. Develops and executes audit plans focused on IT infrastructure and cloud environments.
2. Collaborates with stakeholders to establish audit objectives, scope, and timelines.
3. Ensures that IT infrastructure and cloud operations comply with relevant regulations, standards, and best practices.
4. Tests the effectiveness of IT controls related to security, performance, and data integrity in cloud-based environments.
5. Documents audit findings and prepares detailed reports outlining risks, control weaknesses, and recommendations.
6. Works closely with IT teams, management, and external auditors to communicate findings and recommend corrective actions.
7. Presents audit results and provides insights to senior management and relevant stakeholders.
8. Monitors systems for security breaches, investigates incidents, and recommends enhancements to improve Northwell’s research security posture.
9. Plans and delivers research-specific security awareness training for investigators and all Northwell employees involved in research.
10. Assists in requirements analysis for new applications and tools, recommending solutions aligned with research and Northwell policies.
11. Serves as a technical lead for hardware installation, configuration, and operational support of the security infrastructure, providing technical support to resolve security issues and support new solutions.
12. Provides support for IT Security technologies.
13. Evaluates new security technologies and recommends opportunities to enhance security architecture, ensuring security considerations are incorporated into all new and existing environments.
14. Oversees the build, configuration, and maintenance of security technologies within the environment.
15. Guides the development of security hardening guidelines for applications and systems.
16. Reviews and validates network infrastructure and endpoint device configurations against industry standards.
17. Recommends security enhancements and upgrades for network, infrastructure, and application environments.
18. Designs and implements security measures to protect systems, networks, and data.
19. Identifies and designs system security requirements and architecture.
20. Operates with limited guidance on moderately complex to complex issues, requiring in-depth evaluation of variables.
21. Performs related duties as required, considering all responsibilities as essential under the Americans with Disabilities Act.
Job Qualifications

• Bachelor's Degree or equivalent experience.
• 3-5 years of relevant experience.

• Healthcare industry expertise, understanding regulatory landscape including HIPAA, HITECH, FDA, IRB requirements.
• Risk assessment and mitigation skills.
• Continuous learning to stay updated on threats and regulations.
• Relevant certifications such as CISSP, CISM, CISA, or CRISC.
• Technical proficiency with security technologies like access control, DLP, IDS/IPS, encryption.
• Experience with research areas within healthcare and emerging technologies.
• Strong analytical, problem-solving, organizational skills, and ability to work independently or collaboratively.
• Proficiency with audit and compliance tools.

*Additional Salary Detail

The salary range listed is a good faith estimate and may be adjusted based on factors such as location, experience, education, and internal considerations.