Educause Security Discussion mailing list archives
Job: InfoSec Senior Analyst at Boston University Medical Center
From: "Shamblin, Quinn" <qrs () BU EDU>
Date: Mon, 2 Apr 2012 12:56:46 +0000
Hi All We have a need for an Information Security person to fill a leadership position at the Boston University Medical Campus. The details are below. We are looking for someone that has proven their technical chops, but has the skills to engage with people at all levels. This position is to run a program on the med campus that is part of the larger InfoSec program here at BU. It reports to the Executive Director of Information Security for Boston University. Details are provided below and at the job posting site: BUMC Information Security Analyst<https://bu.silkroad.com/epostings/index.cfm?fuseaction=app.jobinfo&id=23&jobid=293544&company_id=15509&version=1&source=ONLINE&JobOwner=1016382&level=levelid2&levelid2=4280&parent=Boston%20University%20Medical%20Campus%3B%3B%3BInformation%20Technology&startflag=3> Feel free to reach out to me to discuss further. Warm Regards, Quinn R Shamblin ------------------------------------------------------------------------------------------------ Executive Director of Information Security, Boston University CISM, CISSP, GCFA, PMP - O 617-358-6310 M 617-999-7523 Working Title: BUMC Information Security Analyst<https://bu.silkroad.com/epostings/index.cfm?fuseaction=app.jobinfo&id=23&jobid=293544&company_id=15509&version=1&source=ONLINE&JobOwner=1016382&level=levelid2&levelid2=4280&parent=Boston%20University%20Medical%20Campus%3B%3B%3BInformation%20Technology&startflag=3> Level: Individual Contributor 3 Position Description This is a leadership position for the Information Security program at BUMC. The person in this position will represent the information security needs of BUMC to the Executive Director of Information Security and the will support and champion the needs of the larger information security program to BUMC. This position reports to both the Executive Director of Information Security for the University and to the Executive Director of Information Technology for the BU Medical Campus. This position requires a driven self-starter, who has a good grasp of the big picture and is goal-oriented. It requires someone who understands compliance and regulatory drivers, but also has tangible technical knowledge and experience, a person who can act mostly independently as a security advisor and consultant to BUMC in regulatory, procedural and technical arenas. High level responsibilities for this position include: architecture & consulting, awareness, compliance, governance liaison for BUMC information security, incident and investigation support, request management & operations, risk management, & vulnerability management. Complexity Advanced professional level role. Works on multiple projects as a project leader or frequently as the subject matter expert. Works on projects/issues of medium to high complexity that require demonstrated knowledge across multiple technical areas and business segments. Coaches and mentors more junior technical staff. Education Bachelor's or Master's Degree in Computer Science, Information Systems, or other related field. Or equivalent work experience. Information Security Certifications that include technical components (such as SANS GIAC, CISSP, etc.) preferred. Experience Typically has a minimum of 7 years of IT work experience or the equivalent with demonstrated knowledge in a specific IT discipline. Past experience and understanding of HIPAA and 21 CFA part 11 preferred. Background with REDCap, OpenClinica, or similar clinical information data capture tool will be helpful. Applicants must undergo a fingerprint-based background check prior to hire. The following represents an approximate breakdown of the areas of responsibility. [This is provided to give you a better idea of what this position will entail and does not imply any form of contract or restriction of job responsibilities to only these areas.] 1 Consulting and project management - Architecture and solution development consulting. Project and effort management in a matrixed environment. Leverage knowledge in the areas of compliance, technology and information security best practices, work with other members of the information security team, IT and the business to provide secure, business-focused solutions. Develop or assist with the development documentation needed to support grants or research: data management plans, etc. [50%] 50% 2 Awareness - Develop and run an active InfoSec awareness campaign at BUMC, one that is fully supported by senior management and targets members of the organization at all levels. Faculty, staff, students, researchers, administrators, etc. [20%] 20% 3 Representational and Functional Support - Participate in Information Security Governance process and committee, incident & investigation, request management & operations, support operational needs of BUMC systems such as REDCap and OpenClinica. [15%] 15% 4 Risk Management - Conduct or assist with Risk Assessments, Control Self-Assessments, Risk Acceptance Approvals, Vulnerability Management activities, etc. [10%] 10% 5 Maintain current industry knowledge - Build and maintain current knowledge in the areas of information security best practices, medical security trends and requirements, and regulatory requirements like HIPAA, HITECH, & Mass General Law. [5%] 5% 6 Other duties as assigned. Percentage of time spent on the various duties above is subject to change based on the needs of the organization.
Current thread:
- Job: InfoSec Senior Analyst at Boston University Medical Center Shamblin, Quinn (Apr 02)