Logo
Houston Journal of Health Law & Policy

Enterprise IT Security Analyst 2

Houston Journal of Health Law & Policy, Houston, Texas, United States, 77246


Description

Under general direction of a manager, performs security risk analysis and assessments associated with information resources, risk management policy development and product assessments. Assists day-to-day responsibility for security issues involving university information assets.

Assists with security investigations and develops and implements appropriate procedures, policies and processes to prevent reoccurrence.Performs security risk analysis, intrusion detection and vulnerability assessments associated with information resources, risk management, policy development and product assessments.Researches, evaluates, recommends and administers information security software and computer systems to monitor, assist and improve the information security management and compliance of university network and computer systems.Responsible for collecting data for IT security metrics and assisting with state required information security reporting.Participates on projects and initiatives to provide technical guidance in all areas as it relates to information security risk management and information security project management.Performs other job-related duties as assigned.

EEO/AA

Qualifications

Bachelors and 3 years experience

Requires a thorough understanding of both theoretical and practical aspects of an analytical, technical or professional discipline; or the basic knowledge of more than one professional discipline. Knowledge of the discipline is normally obtained through a formal, directly job-related 4 year degree from a college or university or an equivalent in-depth specialized training program that is directly related to the type of work being performed. Requires a minimum of three (3) years of directly job-related experience.

ADDITIONAL POSTING INFORMATION:

Primary responsibilities for this position include compliance and third-party risk management.Compliance - assisting with compliance with information security state laws (e.g., TAC 202, TX-RAMP), and information security requirements of federal laws and regulations (e.g., HIPAA, GLBA, CJIS, NIST CSF) including ensuring university policies are in alignment with requirements and maintaining supporting documentation for requirements.Third-party Risk Management Program - developing standard operating procedures for the program, collecting necessary information from third parties for review and analysis to complete assessments, coordinating the review of information security requirements and specifications in compliance with relevant cybersecurity regulations, standards and best practices and maintaining an inventory of third-party risk assessments and ranking.Position is eligible for Alternative Work Arrangements (AWA).