The Senior Information Security Analyst completes procedures necessary to ensure the safety of information assets and to protect systems from intentional or inadvertent access, modification, disclosure or destruction. Collaborates with users to understand their security needs, provides assistance and implements practices and procedures as required. Ensures that users understand and adhere to security policy. Designs, develops, tests and deploys security for applications or systems. Oversees and manages domain access control. Ensures compliance with all security associated NU, state, and federal rules and regulations. Works closely with NU, individual school and/or department IT to ensure security measures are implemented and communicated effectively.
This role supports the planning, design, and integration of the information security program and security technologies for the Feinberg School of Medicine.
Participates in projects and assists in the execution of project plans to help ensure compliance with security policy and standards.
Collaborates with users to understand their security needs and provides assistance in remediation of security-related issues.
Develops a comprehensive approach to data and technical risk management with a strong focus on assessing risks of exposing protected health information (PHI), protected individual information (PII) and other confidential information.
Manages, leads and participates in complex security projects (e.g., Qualys for vulnerability management, Splunk for log management).
Partners with users to review and assess security architecture and recommends changes and enhancements to improve effectiveness and efficiency.
Monitors and enforces security policy, practice and procedures.
Creates training materials associated with security policy, practice, and procedures and instructs junior staff and users.
Gathers and organizes statistics as directed and for use by management.
Establish written technical security standards, policies, and guidelines. Advises technical teams and recommend security architecture and implementation options. Promulgate technical alerts and advisories to the FSM community.
Serve as a resource to faculty and staff to assist in helping them meet their research data security needs in a compliant, secure manner. Provide security awareness and training programs, providing overall guidance to central FSM and departments. Collaborate with other NU schools and FSM clinical partners (e.g., NM, Lurie Children’s, Shirley Ryan AbilityLab).
Administers all security aspects for users.
Designs and maintains security items such as roles, permission lists, query and report access, component interfaces, and batch process groups.
Perform reviews, audits and reporting on submitted data security plans for human subjects research. Provide guidance to principal investigators and other research staff on developing/revising plans. Develop and implement an audit program of compliance with data security plans policies/procedures.
Participates in or conducts investigations, including those requiring the application of forensic practice.
Prepares and executes security assessments, analysis and remediation.
Assists in the resolution of audit findings through analysis, problem determination and development of cost effective solutions.
Provides assistance in the resolution of security incidents and prepares activity, progress and management reports as required.
This program will include a continuous risk assessment and monitoring process, and an approach for measuring and reporting on remediation activities. Specifically this also includes implementing & operating a security vulnerability testing program (vulnerability assessment scans & remediation, log management, application penetration testing, external penetration testing).
Performs other duties as assigned.
Successful completion of a full 4-year course of study in an accredited college or university leading to a bachelor's or higher degree in a major such as computer science, information technology, or related; OR appropriate combination of education and experience.
4 years systems security or other relevant experience required.
Active directory design, administration
Amazon web Services (AWS)
Other: Qualys, Splunk, Microsoft Online Services
21 CFR Part 11
Other: FDA GCP
Collaboration and teamwork
Workflow development & documentation
Write proposals and project charters
Minimum Competencies: (Skills, knowledge, and abilities.)
Demonstrated history of career progression that illustrates a committed desire to achieve significant systems security experience.
Strong professional desire to work in a University-based healthcare research setting with a vision of collaborating and contributing toward better health outcomes for our research participants.
Preferred Qualifications: (Education and experience)
One or more security certification credentials such as CISSP, CISA, CISM, CRISC or a demonstrated desire to achieve certifications in the short term as will be defined in the incumbents professional development plan.
Clinical research and/or compliance experience from the pharmaceutical industry and/or higher education research institutions.
Technical expertise in networking, server-client technology, and operating systems.
Well-developed and proven analytical and persuasion skills, with ability to relate to technical and non-technical personnel at all levels within the organization.
Northwestern University is an Equal Opportunity, Affirmative Action Employer of all protected classes, including veterans and individuals with disabilities. Women, racial and ethnic minorities, individuals with disabilities, and veterans are encouraged to apply. Hiring is contingent upon eligibility to work in the United States.
Internal Number: 36236
About Northwestern University
Northwestern University is a major private research university with 12 academic divisions located on three campuses in Evanston, Chicago, and Education City in Doha, Qatar. We have approximately 2,500 full-time faculty members, 17,000 graduate and undergraduate students, and over 5,700 full and part-time staff. Northwestern University combines innovative teaching and pioneering research in a highly collaborative environment. It provides students and faculty exceptional opportunities for intellectual, personal and professional growth.