Job: InfoSec Senior Analyst at Boston University Medical Center

["Shamblin, Quinn" <qrs () BU EDU>]

Hi All

We have a need for an Information Security person to fill a leadership position at the Boston University Medical 
Campus.  The details are below.  We are looking for someone that has proven their technical chops, but has the skills 
to engage with people at all levels.  This position is to run a program on the med campus that is part of the larger 
InfoSec program here at BU.  It reports to  the Executive Director of Information Security for Boston University.

Details are provided below and at the job posting site: BUMC Information Security 
Analyst<https://bu.silkroad.com/epostings/index.cfm?fuseaction=app.jobinfo&id=23&jobid=293544&company_id=15509&version=1&source=ONLINE&JobOwner=1016382&level=levelid2&levelid2=4280&parent=Boston%20University%20Medical%20Campus%3B%3B%3BInformation%20Technology&startflag=3>

Feel free to reach out to me to discuss further.  Warm Regards,

Quinn R Shamblin
------------------------------------------------------------------------------------------------
Executive Director of Information Security, Boston University
CISM, CISSP, GCFA, PMP  -  O 617-358-6310  M 617-999-7523


Working Title:           BUMC Information Security 
Analyst<https://bu.silkroad.com/epostings/index.cfm?fuseaction=app.jobinfo&id=23&jobid=293544&company_id=15509&version=1&source=ONLINE&JobOwner=1016382&level=levelid2&levelid2=4280&parent=Boston%20University%20Medical%20Campus%3B%3B%3BInformation%20Technology&startflag=3>

Level:                            Individual Contributor 3

Position Description
This is a leadership position for the Information Security program at BUMC.  The person in this position will represent 
the information security needs of BUMC to the Executive Director of Information Security and the will support and 
champion the needs of the larger information security program to BUMC.  This position reports to both the Executive 
Director of Information Security for the University and to the Executive Director of Information Technology for the BU 
Medical Campus.

This position requires a driven self-starter, who has a good grasp of the big picture and is goal-oriented.  It 
requires someone who understands compliance and regulatory drivers, but also has tangible technical knowledge and 
experience, a person who can act mostly independently as a security advisor and consultant to BUMC in regulatory, 
procedural and technical arenas.

High level responsibilities for this position include: architecture & consulting, awareness, compliance, governance 
liaison for BUMC information security, incident and investigation support, request management & operations, risk 
management, & vulnerability management.
Complexity
Advanced professional level role. Works on multiple projects as a project leader or frequently as the subject matter 
expert. Works on projects/issues of medium to high complexity that require demonstrated knowledge across multiple 
technical areas and business segments. Coaches and mentors more junior technical staff.
Education
Bachelor's or Master's Degree in Computer Science, Information Systems, or other related field. Or equivalent work 
experience.  Information Security Certifications that include technical components (such as SANS GIAC, CISSP, etc.) 
preferred.
Experience
Typically has a minimum of 7 years of IT work experience or the equivalent with demonstrated knowledge in a specific IT 
discipline.  Past experience and understanding of HIPAA and 21 CFA part 11 preferred.  Background with REDCap, 
OpenClinica, or similar clinical information data capture tool will be helpful. Applicants must undergo a 
fingerprint-based background check prior to hire.

The following represents an approximate breakdown of the areas of responsibility.
[This is provided to give you a better idea of what this position will entail and does not imply any form of contract 
or restriction of job responsibilities to only these areas.]

1

Consulting and project management - Architecture and solution development consulting. Project and effort management in 
a matrixed environment. Leverage knowledge in the areas of compliance, technology and information security best 
practices, work with other members of the information security team, IT and the business to provide secure, 
business-focused solutions.  Develop or assist with the development documentation needed to support grants or research: 
data management plans, etc.  [50%]

50%

2

Awareness - Develop and run an active InfoSec awareness campaign at BUMC, one that is fully supported by senior 
management and targets members of the organization at all levels.  Faculty, staff, students, researchers, 
administrators, etc.  [20%]

20%

3

Representational and Functional Support - Participate in Information Security Governance process and committee, 
incident & investigation, request management & operations, support operational needs of BUMC systems such as REDCap and 
OpenClinica.  [15%]

15%

4

Risk Management - Conduct or assist with Risk Assessments, Control Self-Assessments, Risk Acceptance Approvals, 
Vulnerability Management activities, etc.  [10%]

10%

5

Maintain current industry knowledge - Build and maintain current knowledge in the areas of information security best 
practices, medical security trends and requirements, and regulatory requirements like HIPAA, HITECH, & Mass General 
Law.  [5%]

5%

6

Other duties as assigned.  Percentage of time spent on the various duties above is subject to change based on the needs 
of the organization.