Logo
University of Texas at Austin

Enterprise Information Security Risk Analyst, Information Technology, Dell Medic

University of Texas at Austin, Austin, Texas, us, 78716


Contribute to maintaining and improving the Dell Medical School Cyber Security Governance, Risk, and Compliance program and further mature the Dell Medical Schools Risk and Governance capabilities. Work closely with various cybersecurity teams to track the effectiveness of security controls, map threats to controls, and properly prioritize the implementation of controls to reduce risk within the Dell Medical School environment. Conduct cybersecurity audits, assessments and support ongoing audit requirements for all systems. Refine security metrics and dashboards; and manage the cyber security risk register processes and risk profile.Work with technology and business partners to ensure compliance with security standards and regulations, such as HIPAA, FERPA, PCI DSS, ISO 27001, NIST, etc. Work closely with development and technical staff, as well as with other stakeholders to coordinate, track, and support the remediation of security issues and risks. Oversee and manage the compliance of key controls, reporting on remediation activities, and coordinate continuous risk remediation efforts. Ensure timely reporting and escalation to security and executive leadership. Analyze data to identify potential risks, aggregates data from multiple sources to provide a comprehensive assessment, creates reports, summaries, presentations, and process documents, collaborates with other team members to effectively analyze and present data.Conduct review of existing security policies, procedures, standards, and exceptions. Assist in the development of policies for conducting cyber security risk assessments and compliance audits. Assist in mapping Dell Medical Schools cyber security program to multiple industry security frameworks, regulations, and best practices (HIPAA, NIST, FERPA, Texas Cyber Security Framework). Contribute to the continuous improvement of the cyber security program and provide feedback and recommendations on security best practices and enhancements.Conduct review of third-party vendor assessment of services/contracts (applications, hosting, systems, etc.) that involve the collection, processing, transmission, or storage of all data types defined by the Universitys Data Classification standards; develop and implement an ongoing supporting documentation.Other related duties as assigned.