Req #: 234381

Department: UW MEDICINE IT SERVICES

Appointing Department Web Address: http://uwmits_hires.uwmedicine.org/

Job Location Detail: Primary work location may be fully remote within the US or at the Safeco Plaza Building on the corner of 4th and Madison in downtown Seattle.

Posting Date: 05/15/2024

Closing Info: Open Until Filled

Salary: $11,500 - $12,917 per month

Shift: First Shift

Notes: As an employee you will enjoy generous benefits and work/life programs. For detailed information on Benefits for this position, click here. (https://hr.uw.edu/benefits/wp-content/uploads/sites/3/2018/02/benefits-professional-staff-librarians-academi-staff-20210208.pdf)

UW MEDICINE IT SERVICES has an outstanding job opportunity for a LEAD, CYBER SECURITY ANALYST position.

WORK SCHEDULE

• 100% FTE – 40 hours per week

• Day Shift – UW MEDICINE ITS SERVICES CORE HOURS ARE 07:00 – 16:00 (PST), Monday-Friday POSITION HIGHLIGHTS

• Leading information security service delivery with a continuous improvement mindset and reporting metrics to directly impact business and leadership decisions.

• Overseeing team support for applications, infrastructure, and technology projects to ensure the use of secure designs and that technical solution architectures align with organizational risk management goals,

• Consulting with technical and non-technical stakeholders, including internal and external entities, on security best practices to reduce the risk of compromise across people, processes, and technology.

• Monitoring and developing monitoring to proactively identify and respond to threats, vulnerabilities, or risks within UW Medicine.

• Leading efforts to track and mitigate known and emergent threats to UW Medicine to support institutional threat awareness, risk assessments, threat detection and analysis, incident response, and cyber security operations.

• Collaborating with Cyber Security Engineers in information security incident triage, containment, and investigative activities, as needed, as part of the incident management process.

• Mentoring other Analysts and team members. DEPARTMENT DESCRIPTION UW Medicine IT Services (ITS) is a shared services organization that supports all of UW Medicine. UW Medicine is comprised of Harborview Medical Center (HMC), UW Medical Center-Montlake Campus (UWMC-Montlake), UW Medical Center-Northwest Campus (UWMC-NW), Valley Medical Center (VMC), UW Neighborhood Clinics (UWNC), UW Physicians (UWP), UW School of Medicine (SOM), and Airlift Northwest (ALNW). In addition, UW Medicine shares in the ownership and governance of Children’s University Medical Group and Seattle Cancer Care Alliance (a partnership between UW Medicine, Fred Hutchinson Cancer Research, and Seattle Children’s). ITS is responsible for the ongoing support and maintenance of the infrastructure and applications which support all these institutions, along with the implementation of new services and applications that are used to support and further the UW Medicine mission.

  PRIMARY JOB RESPONSIBILITIES

• You oversee the operational activities of the team, including: leading the delivery of information security services related to risk management, threat assessments, and security analysis; conducting risk and vulnerability assessments, analyzing findings, and determining levels of risk throughout the enterprise; developing, proposing, and monitoring organizational risk acceptance, mitigating and remediating activities in accordance with established procedures and ensuring risks are updated with relevant information and escalated to leadership when required; monitoring corrective action plans and performance improvement of information security related, communicating in internal and external assessments; ensuring services align with best practices, standards, and frameworks such as NIST, ISO, HITRUST, FAIR, PCI, and OWASP; maintaining understanding of threat actors, their tools, techniques and practices, and the assets they target; evaluating significance of threats to UW Medicine's risk posture; converting analyses and insights into actionable use cases and measurable improvements; and defining and maintaining compliance with reporting metrics in support of strategic program objectives.

• You develop and maintain strong team processes and capabilities through the enhancement, deployment, and maintenance of methods, metrics, tools, training, education, and communication.

• You create, advise, and ensure operational processes and procedures are in place and documented for the stability and reliability.

• You capture and report on teamwork assignments reflecting status, priority, capacity, and utilization.

• You lead the delivery of security consulting and technical services to technical, hospital, business, operations, and vendor staff and teams concerning implementation of UW Medicine security standards, processes, and best practices on secure system design and risk mitigation strategies.

• You lead specified efforts to design and implement recommendations to operational teams implementing and maintaining UW Medicine information security/technology infrastructure.

• You advise the enterprise on the secure design of technical solutions, applications, and network architecture.

• You lead research and review of security controls, information systems, and business practices for compliance with information security policies, standards, or regulatory requirements.

• You represent the Information Security team at technical advisory groups, project meetings, and other committees, as assigned, and provide transparent reporting on relevant issues and statuses.

• You support team efforts to respond to cyber security intrusions, investigations, and investigative reporting, as needed. REQUIRED QUALIFICATIONS

• Bachelor’s degree in Computer Science, Information Technology, HIM, or related field or equivalent education and/or experience.

• Currently certified in one or more of the following: CISSP; GIAC; CISM; CISA; SSCP; CEH; Security+; or other security certification.

• 6+ years of overall experience to include the below.

• 6+ years’ information security experience to include experience in several of the following areas: Risk Management; Audit; Compliance; Security Engineering; Project Management; Architecture; and Governance.

• 1+ year(s) of formal mentorship for technology professionals.

• Demonstrated experience leading team activities and initiatives in designing, implementing, or maintaining security tools (including threat assessment tools, risk management tools, or vulnerability management scanning systems).

• Demonstrated experience leading and mentoring others in security assessments, security control analysis, risk assessments, vulnerability assessments, or penetration tests of highly complex systems that support critical business operations (ex. Patient Care, Finance, HR).

• Advanced understanding of, and the experience mentoring others in, security-related technologies, systems, and tools.

• Demonstrated experience using, and the ability to lead a team in, threat modeling and vulnerability review to impact the design of highly interconnected enterprise systems.

• Advanced understanding of information security threats and vulnerabilities and how they translate to risks.

• Advanced knowledge of common information security regulations and/or standards such as NIST 800-53/CSF, ISO 27001/2, HIPAA, PCI DSS, and SOC and how to apply them.

• Demonstrated experience leading service delivery, team activities, and initiatives. CONDITIONS OF EMPLOYMENT

• This is an Information Technology deadline-driven work environment.

• The individual in this position is expected to work normal daytime hours. The work may be performed in either an office environment or by telecommuting with manager approval, during normal business hours; however, significant off-hours and weekends may be needed to resolve problems and respond to emergencies. This individual is expected to be available for emergencies (business continuity/disaster recovery efforts) on a 24x7 basis as needed.

• Must coordinate projects without direct supervisory authority.

• Must work within the constraints of multiple technical environments.

• The individual in this position must learn many organizational structures and cultures and continually foster collaboration.

• Ability to communicate effectively in English, both verbally and in writing. ABOUT UW MEDICINE - A HIGHER DEGREE OF HEALTHCARE UW Medicine is Washington’s only health system that includes a top-rated medical school and an internationally recognized research center. UW Medicine’s mission is to improve the health of the public by advancing medical knowledge, providing outstanding primary and specialty care to the people of the region, and preparing tomorrow’s physicians, scientists, and other health professionals.

All across UW Medicine, our employees collaborate to perform the highest quality work with integrity and compassion and to create a respectful, welcoming environment where every patient, family, student, and colleague is valued and honored. Nearly 29,000 healthcare professionals, researchers, and educators work in the UW Medicine family of organizations that includes: Harborview Medical Center, UW Medical Center - Montlake, UW Medical Center - Northwest, Valley Medical Center, UW Medicine Primary Care, UW Physicians, UW School of Medicine, and Airlift Northwest.

Become part of our team . Join our mission to make life healthier for everyone in our community. #monster

University of Washington is an affirmative action and equal opportunity employer. All qualified applicants will receive consideration for employment without regard to, among other things, race, religion, color, national origin, sexual orientation, gender identity, sex, age, protected veteran or disabled status, or genetic information.