Information Security Specialist

Company: Meharry Medical College
Location: Nashville, Tennessee, United States
Type: Full-time
Posted: 13.AUG.2021
< >


Information Security SpecialistInformation Technology Nashville, TN • ID: 997414 • Full-Time/RegularThe Information Security Specialist posi...


Information Security SpecialistInformation Technology Nashville, TN • ID: 997414 • Full-Time/RegularThe Information Security Specialist position presupposes strong analytical skills, understanding of technology infrastructure, ability to analyze and interpret information, and ability to work with cross-functional teams and to communicate with various constituencies. The School of Applied Computational Sciences (SACS) at Meharry Medical College (MMC) is building technology infrastructure that offers a multitude of high-touch, value-added, turnkey solutions that span Cloud Computing, Compliance, Cybersecurity, Big Data, Analytics and Data Science in medical and non-medical areas. Overall, the Information Security Specialist will provide technical expertise and implement technical security policies and procedures involving Personally Identifiable Information (PII) and Protected Health Information (PHI) in accordance with institutional and federal standards. The incumbent will monitor and support procedures and technical controls as directed within the areas of performance of ongoing risk assessment, vulnerability management, intrusion prevention and detection systems, logging correlations, operating systems, incident response development, audit/compliance activities, protocols, threats, antivirus, and firewalls.Evaluate and maintain security procedures to safeguard privacy and access to information throughout the MMC enterprise; Plan long-range security and compliance goals, define security strategies, metrics, reporting mechanisms and program services; and create maturity models and a roadmap for continual program improvements.Provide expertise and solutions to safeguard information assets (e.g., electronic health records, student data, nonclinical enterprise data, etc.) and protect and prevent inadvertent access or destruction.Work closely with the Office of Information Technology (OIT) and Systems Administrator to ensure all users in the organization have the appropriate levels of access to applications, systems, and data resources, and ensure compliance with security regulations and laws.Work closely with cross functional teams and across boundary organizations to gather requirements, define solutions, implement new tools and process, and provide ongoing support to these teams.Recommend and implement changes to enhance security controls and prevent unauthorized access.Responsible for role-based implementation, role management, and access governance.Promote a positive security culture for the organization by protecting the confidentiality, integrity, and availability of data and assets while assisting the SACS / MMC to successfully meet its strategic goals. Create education and awareness programs and advise operating units at all levels on security issues, best practices, and vulnerabilities.Manage risks through threat intelligence platforms and online sources and ensure information is provided to security solutions to reduce risk; Monitor and mitigate security violations for network, devices, servers and other assets.Engage in incident response activities and ensure security incidents are properly detected, contained, eradicated, and recovered.Ensure proper security logs are generated and sent to the organization's Security Information and Event Management (SIEM) system.Research emerging technologies in support of IT security enhancement and development efforts; Examine impacts of new technologies and establish processes to review implementation of those technologies to ensure the organization's overall information security and compliance.Drive efforts with identifying, remediating, and/or mitigating vulnerabilities in the environment, ensuring appropriate response to high risk and aged findings.Administer and measure company-wide Information Security governance processes; Assess, evaluate, and identify gaps; Make recommendations to management regarding the adequacy of the security controls and ensure deployment of solutions.Support others in performing forensic analysis and risk assessments for the entire infrastructure.Independently participate in requirements documentation, business systems configuration and defining/execution of acceptance criteria. Document issues and participate in their resolution.95%Performs other related duties as assigned.5%=100%Required Skills Must have a thorough working knowledge of cloud-based computing concepts related to the movement, transformation, processing, and storage of data with an emphasis on Azure Cloud offerings.In-depth knowledge on Linux and Unix scripting to troubleshoot known issues.Understanding of firewalls, proxies, SIEM (Security Information and Event Management), antivirus, and IDPS (Intrusion Detection and Prevention Systems) concepts.Should be able to speak specifically to security concepts on Virtual Machine, VPC & Associated Subnetting, Security Groups, Cloud based firewall concepts, ETL, API Gateway, Containers, Azure Sentinel, Azure Security Center and Azure Firewall.Must have a demonstrable and background working knowledge of traditional application stack development concepts in terms of a secure development life cycle process with particular focus on the Microsoft stack including, IIS, Certificate management MS SQL Server, .NET, Active Directory IntegrationMust have demonstrable knowledge of related technologies including: SFTP Servers, PGP processing and Key management strategies, Servers, Active Directory User and device Management, PKI / CA setup and management, VPN Concepts and Management including MAC Address Control, DLP Setup and Control, RDP Windows Servers and license management, Anti-Virus (Implementation, management, and control), email hardening tools and approach, Firewall managementBackground in information security workforce improvement programBackground in developing, testing, and revising Business Continuity Plans (BCP), Disaster Recovery Plans (DRP) and Disaster Recovery Plan Testing (DRT) for both traditional application stack and cloud-based technologiesOffice 365 Management, Office 365 ADFS management and concepts, ADFS IDP Setup for SAML authentication to third party software vendorsWindows EFS and Certificate and AD ManagementBit locker drive encryptionKnowledge and experience with NIST CSF (National Institute of Standards & Technology Cybersecurity Framework), HITRUST (Health Information Trust Alliance), or similar Information Security standards or frameworks, HIPAA (Health Insurance Portability and Accountability Act).Other desired skills include: Blockchain experience; PKI rollover management experience; Token based authentication concepts to integrate cross platform authentication of API calls; Azure Well Architected concepts; Azure setup, control, management & monitoring; Azure Cloud Formation & Network Isolation.Ability to use independent judgment, work calmly and effectively in pressure situations and changing environment, and to manage and impart confidential information.Cognizant of ethical concerns balancing data privacy and usability in relation to protecting and supporting underserved and exploited populationsAbility to understand technical specifications and analyze log files, and to develop and deliver presentations.Ability to work effectively with diverse populations.Ability to communicate effectively, both orally and in writing. Required Experience Bachelor's Degree or equivalent in Computer Science, Information Technology, Information Security, Engineering or a related technical field, with 3-5 years of experience in Healthcare industry or Academic Health Science environment.License and Certification preferred: CompTIA Security, GIAC Security Essentials (GSEC), CISSP (Certified Information Systems Security Professional).

Apply Now


Free eBook

Loader2 Processing ...