Senior Information Security Analyst - Research (Remote)

Job Description

Collaborates closely with Research Information Security Specialist and Enterprise Digital Services (EDS) IT Security team to develop and implement security measures and controls for research platforms and applications. Plans, designs, implements, and provides ongoing support for the organization security technologies. Assists other associates with regard to training and work assignments.

Job Responsibilities

1. Develops and executes audit plans focused on IT infrastructure and cloud environments.
2. Collaborates with stakeholders to establish audit objectives, scope, and timelines.
3. Ensures that IT infrastructure and cloud operations comply with relevant regulations, standards, and best practices.
4. Tests the effectiveness of IT controls related to security, performance, and data integrity in cloud-based environments.
5. Documents audit findings and prepares detailed reports that outline risks, control weaknesses, and recommendations.
6. Works closely with IT teams, management, and external auditors to communicate findings and recommend corrective actions.
7. Presents audit results and provides insights to senior management and relevant stakeholders.
8. Monitors systems for security breaches, investigates incidents, and recommends enhancements to improve Northwell's research security posture.
9. Plans and delivers research-specific security awareness training for investigators and all Northwell employees involved in research.
10. Assists in requirements analysis for new applications and tools, recommending solutions aligned with research and Northwell policies.

Additional Responsibilities

• Serves as a technical lead for hardware installation, configuration, and operational support of security infrastructure; provides technical support to resolve security issues and support new solutions.
• Supports IT Security technologies, evaluates new security technologies, and recommends enhancements to security architecture.
• Oversees build, configuration, and maintenance of security technologies within the environment.
• Develops application/system-specific security hardening guidelines.
• Ensures network infrastructure and endpoint device configurations meet industry standards and frameworks.
• Recommends security improvements to network, infrastructure, and application environments.
• Designs and implements security measures for computer systems, networks, and information.
• Identifies and designs system security requirements and architecture.
• Works independently on moderately complex to complex issues involving in-depth analysis.
• Performs related duties as required, considering all responsibilities as essential functions under the Americans with Disabilities Act.

Job Qualifications

• Bachelor's Degree or equivalent experience.
• 3-5 years of relevant experience.

Highly Preferred

• Healthcare industry expertise, understanding regulatory landscape including HIPAA, HITECH, FDA, IRB requirements.
• Risk assessment and mitigation skills.
• Continuous learning to stay updated on threats, practices, and regulations.
• Relevant certifications such as CISSP, CISM, CISA, or CRISC.
• Technical proficiency with security technologies like access control, DLP, intrusion detection, and encryption.
• Experience with research areas within healthcare and emerging technologies.
• Analytical thinking, problem-solving, detail-oriented, organizational skills.
• Ability to work independently and in teams.
• Proficiency with audit and compliance tools.

*Additional Salary Detail

The listed salary range or hourly rate is a good faith estimate and may be adjusted based on factors like location, experience, education, and internal policies.