Salary commensurate with education and experience.
UW Medicine's IT Services department is looking for an outstanding IT Security Risk Analyst to join the team! You're the type of person who gets excited at the mere thought of identifying and reducing risks to ensure your organization can complete its mission. You take the safekeeping of information very seriously and are likely very passionate about all things security. When you look at a system, you probably try to figure out all the ways it can be broken. In fact, when you hear words like clickjacking, and SQL injection, you might just start to geek-out a little. If you enjoy working with others to keep their systems and applications safe, we'd love to hear from you!
What are we looking for?
Patients Are First focus
Customer service mindset
Interpersonal skills and teamwork
Adaptability and flexibility
What are the perks?
Medical insurance at reasonable rates with TEN plans to choose from!
Dental Insurance at no cost to you OR your dependentsAND we have three plans for you to choose from!
10 paid holidays annually!
1 personal holiday every year!
Generous amounts of vacation and sick leave that you can feel good about taking (more than 5 work weeks in your first year) !
TWO Retirement plans to choose from one even matches 100% of your contributions with immediate vesting!
Voluntary Investment program to save more towards your retirement!
Deferred Compensation program to save even MORE towards your retirement!
Flexible Spending Account...Tax Exempt!
Dependent Care Assistance program!
On-site Childcare Centers!
Long Term Disability insurance!
Life and Accidental Death and Dismemberment insurance!
U-PASS transportation program and discounted parkingPRE-TAX!
Tuition Exemption program at the UW (and other colleges around the state)!
Housing resources and home buying options!
Auto, home, renter, and boat group insurance!
Valuable membership and merchandise discounts!
Federal student loan forgiveness under the Public Service Loan Forgiveness (PSLF) program!
For all of the specific details on these benefits and more, please visit click here.
What will you be doing? You'll provide security expertise to our internal customers, of course! Our Security team is accountable for information security governance, risk management, operations, and engineering across the entire organization. You'll be performing security risk assessments of internal, vendor-provided, and third party systems; conduct business impact assessments; assess the impact of security bulletins; conduct technical vulnerability assessments and penetration tests; and assist in development of assessment processes. Sounds exciting, right?
And now for some of the 'official' language:
As one of the largest healthcare systems in the Puget Sound region, UW Medicine is facing many technical and security challenges driven by rapid growth in the size and complexity of its network of affiliated organizations and increasingly rigorous policy requirements in the areas of security, compliance and patient privacy. With simultaneous increases in the importance and central role of computing technology to healthcare delivery and the UW Medicine mission, it has become essential to evaluate, design and implement and/or configure IT security safeguards, controls and protection solutions as part of the IT services and solutions delivery process to reduce or eliminate security threats, risks and vulnerabilities from being introduced into the production environments through code, new and existing mobile devices, applications, enhancements, 3rd party suppliers, configurations and more.
As part of the ITS Security Team, this position will track known and emergent threats to UW Medicine information assets to support institutional threat awareness, risk assessments, threat detection and analysis, incident response, cyber security operations, and security education and awareness. The position utilizes a wide variety of threat sources including raw data, computer log information, written reports and bulletins, and collaborations with both internal and external partners to develop threat profiles for UW Medicine information assets. With a strong understanding of information security risk management practices, the position will integrate threat information into institutional vulnerability assessments, and risk assessment and mitigation activities.
This position will be required to work and collaborate with a team of Information Security Engineers and Information Security Analysts but may be assigned to support a specific area within UW Medicine. The occupant in this position must have good situational awareness, problem-solving skills and a proven ability to communicate complex people, process and technology ideas, solutions and recommendations across technical and non-technical management, teams, faculty and staff. This position will require a solid foundation in engineering, testing and implementing security controls and solutions as well as a working knowledge of healthcare and security industry best practice models, methodologies and frameworks. This role will have a direct impact on UW Medicine's ability to protect patient health information, private financial information while achieving and assuring security regulatory compliance. This position will be required to gain a working knowledge of healthcare security issues, concerns and challenges associated with a multi-institutional and heterogeneous technical and academic environment in order to advise reasonable and appropriate security solutions.
ITS implements, deploys and manages highly complex system applications and applications to meet and exceed key IT initiatives that support UW Medicine entities. The need to provide and deploy security engineering services is to ensure that appropriate and effective security controls, techniques and solutions are identified and implemented ensuring confidentiality, integrity and availability of sensitive data. Additional applications and systems are supported through UW Medicine research affiliations such as Fred Hutchinson's Cancer Research Center, NIH and other grants, contracts, clinical affiliations and other School of Medicine activities; as well as medical training programs with other institutions such as the Veterans Administration and Madigan Army Medical Center. This position is needed in order to meet federal regulatory requirements under HIPAA, ISO, PCI and other security standards, as well as to ensure the security of systems. Failure to meet regulatory requirements may result in fines, sanctions, loss of public credibility, and other business risks.
Risk Management and Threat Assessment (50%)
Work closely with the CISO and the Information Security Manager on continuous identification and evaluation of emerging risks and evaluation of significance of events/incidents that impact the organization's risk posture.
Develop and provide reports to the CISO used in efforts to partner with senior management to ensure the information security risk assessment is reported and discussed in key governance forums and integrated with the enterprise risk assessment process.
Recommend security controls, including policies, procedures, security architectural design, and technology solutions to help mitigate risk to levels acceptable to the enterprise.
Monitor for and communicate significant risk to appropriate levels of management on an event-driven basis.
Maintain metrics and related baselines to measure and continuously monitor the information security risks to UW Medicine.
Build and maintain active partnerships with IT Services and other key departments as required.
Audit and Review of Information Security and IT Controls (25%)
Conduct audits and reviews of safeguards and internal controls for IT infrastructure, computer applications, desktop environments, mobile computing resources, etc.
Provide guidance and follow up for timely resolution of information security related issues, identified control gaps, and process improvements by developing corrective action plans with assigned responsibility and timelines.
Monitor corrective action plans and performance improvement of information security related issues communicated in internal and external assessments.
Incident Response (15%)
Respond to information security incidents and provide support as required.
Conduct monitoring, detecting, containing, investigating, reporting, and post-event follow-up activities on information security breaches.
Perform trend analysis and provide statistics reporting on information security incidents.
Follow CISO and compliance-directed investigation protocols and methods of logging Security and Incident/Investigations into applicable tracking systems.
Education and Outreach (10%)
Participate in ongoing information security education, awareness and outreach activities as required.
What you'll bring to the table: (minimum requirements)
Bachelor's degree in Computer Science, Information Technology, Business or other related field or equivalent combination of education/experience.
6+ years experience must include the following:
Demonstrated work experience in one or more of the following areas: Security Engineering, Security Analysis, Security Project Management, Security Architecture, and implementing best practices, tools and technology.
Demonstrated work experience designing, implementing and maintaining security tools (including threat assessment tools, risk management tools or vulnerability management scanning systems).
Demonstrated work experience conducting system security assessments, control analysis, risk assessment, vulnerability assessments or penetration tests.
Strong understanding of information security threats and vulnerabilities.
Strong understanding of and experience with security-related technologies, systems and tools.
Strong understanding of and experience with using computer programming techniques and languages.
Demonstrated work experience with major operating systems including Windows, Mac OS, Linux and Mobile Platforms.
Demonstrated work experience and proficiency using standard business productivity software and tools, including Microsoft Office, Word, Excel and PowerPoint, preferably in a Microsoft Windows environment.
The successful candidate will have demonstrated competencies and effectiveness in the following areas:
Understanding of information security regulations, standards, and best practices related to areas such as HIPAA, NIST, ISO, and PCI.
Understanding of common information security controls.
Ability to leverage tools related to security activities.
Able to participate in a highly collaborative peer environment.
Well organized; ability to prioritize when managing multiple tasks and assignments.
Excellent critical thinking skills, problem analysis and problem-solving capabilities.
Ability to work independently with minimal supervision.
Ability to write clearly and concisely and use effective communication styles.
Ideally, you'll also have: (desired skills and experience)
Experience working in a large, academic healthcare system.
Demonstrated work experience with security incident response.
Demonstrated work experience designing, implementing and maintaining tools related to security information and event management, intrusion protection, governance.
IT Project management experience.
Network design and management experience.
What are some of the other tidbits that you might want to know?
The individual in this position is expected to work normal daytime hours. However, this position may be required to work evening, night and/or weekends in order to respond to security alerts, events or incidents and during implementation and maintenance activities.
This individual is expected to participate in 24x7 on-call rotation.
Must have access to quick transportation for both on and off-hours commuting to multiple sites within UW Medicine.
Ability to communicate clearly in English, both verbally and in writing.
Appointment to this position will be contingent upon successful completion of criminal background and reference checks.
This advertised job posting may not include the complete official job description for the role.
The application process for UW Medicine positions may include completion of a variety of online assessments to obtain additional information that will be used in the evaluation process (i.e. Work Authorization, Criminal Conviction History, Cover Letter and/or others). Any assessments that you need to complete will appear on your screen as soon as you select Apply to this position. Once you begin applying for a position, all assessments must be completed at that time. Please note that your application shows up in our system as ready to review regardless of whether or not all assessments have been completed. If the assigned Recruiter happens to review applications prior to all of your assessments being completed, there is a chance you could be 'Not Selected' due to an incomplete application. For this reason, we strongly encourage all applicants to ensure there is plenty of time to complete all of the assessments prior to clicking on Apply to this position.
Who are we and what do we do? UW Medicine's mission is to improve the health of the public by advancing medical knowledge, to provide outstanding primary and specialty care to the people of the region, and to prepare tomorrow's physicians, scientists and other health professionals. Our staff not only enjoys outstanding benefits and professional growth opportunities, but also an environment noted for diversity, community involvement, intellectual excitement, artistic pursuits, and natural beauty.
UW Medicine's Information Technology Services (ITS) department is a shared services organization that supports ALL of UW Medicine! UW Medicine is comprised of Harborview Medical Center, Northwest Hospital & Medical Center, Valley Medical Center, UW Medical Center, UW Neighborhood Clinics, UW Physicians, UW School of Medicine and Airlift Northwest. In addition, UW Medicine shares in the ownership and governance of Children's University Medical Group and Seattle Cancer Care Alliance (a partnership between UW Medicine, Fred Hutchinson Cancer Research and Seattle Children's). ITS is responsible for the ongoing support and maintenance of the infrastructure and applications which support all of these institutions, along with the implementation of new services and applications that are used to support and further the UW Medicine mission.
The University of Washington is an affirmative action and equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, gender expression, national origin, age, protected veteran or disabled status, or genetic information. To request disability accommodation in the application process, contact the Disability Services Office at 206-543-6450 / 206-543-6452 (tty) or click here to send an email.
The University of Washington is a leader in environmental stewardship and sustainability, and committed to becoming climate neutral. #monster #dice
Founded in 1861, the University of Washington is one of the oldest public institutions in the west coast and one of the preeminent research universities in the world. The University of Washington is a multi-campus university comprised of three different campuses: Seattle, Tacoma, and Bothell. The Seattle campus is made up of sixteen schools and colleges that serve students ranging from an undergra...duate level to a doctoral level. The university is home to world-class libraries, arts, music, drama, and sports, as well as the highest quality medical care in Washington State and a world-class academic medical center. The teaching and research of the University’s many professional schools provide undergraduate and graduate students the education necessary toward achieving an excellence that will serve the state, the region, and the nation. As part of a large and diverse community, the University of Washington serves more students than any other institution in the Northwest.