The Information Security Systems Specialist will report to the Information Security Operations Manager within the Information Security Office (ISO). The role is responsible for monitoring and evaluating data from SIEM (Security Incident and Event Management) systems in order to promptly identify, evaluate and respond to information security incidents impacting Columbia University Irving Medical Center.
The role will: contribute to security systems design, provide programming support, draft incident reports; contribute to the collection and analysis of data to provide accurate and useful security metrics, vulnerability management and threat modeling; interact with CUIMC technical resources and other key stakeholders to facilitate coordinated security operations between central and distributed IT; and assist in thought leadership activities which promote greater awareness of information security leading practices. On-call hours are required for all operations staff.
Monitoring and evaluating data from sources of security event information in order to promptly identify, evaluation and respond appropriately to security events which impact the information infrastructure of Columbia University Medical Center and may be called upon to mobilize and participate in incident handling on short notice during off-shift hours. 35%
Contributing to the security systems design process as a programming resource 25%
Drafting formal incident reports, contributing to the preparation of vulnerability reporting metrics, threat intelligence, and other analysis 25%
Interfacing with IT resources and other key stakeholders in order to facilitate coordinated security operations 10%
Additional duties as assigned 5%
Bachelor's degree or equivalent in education, training, and experience, plus three years of related experience
Relevant work experience either in applications development, IT operations, incident management, health care, research, institutes of higher learning, and/or technical writing. Additional evidence that technical skills are current is strongly favored
The ideal candidate will have an in-depth understanding of the HITRUST CSF based on practical working experiences and a functional knowledge of security standards such as HIPAA/HITECH, PCI-DSS, ISO 27001/2, NIST
Experience in information security technical vulnerability testing using Nexpose, Acunetix, NMAP, and other tools
Experience in network and applications security
Experience in securing, monitoring, and operational incident response on web applications, SMTP email services, and other critical I.T. services
Must be a clear technical writer capable of producing technical documentation, incident reports, and information security awareness materials
Ability to understand and work with healthcare professionals, educators and researchers
Ability to work independently with minimal supervision as well as be creative and innovative at conducting a high volume of risk analyses while reporting accurate and relevant risks to the appropriate constituents
Experience working in a HIPAA/HITECH/OMNIBUS-regulated environment. Functional knowledge of other relevant compliance regulations (PCI, FERPA, Data Breach Acts, FISMA) and security standards (HITRUST, PCI-DSS, ISO 27001/2, NIST). Experience working in an academic medical center or hospital environment a plus
The ideal candidate will understand the development of Information Security systems, the security issues of application development generally, and the security and development issues involved in integrating an environment of multiple complex systems
CISA/CISM, or GIAC certified penetration tester (GPEN), or Certified Ethical Hacker (CEH), or any relevant GIAC certifications, CISSP, or CISA
Equal Opportunity Employer / Disability / Veteran
Columbia University is committed to the hiring of qualified local residents.
Internal Number: 508862
About Columbia University
Columbia University is one of the world's most important centers of research and at the same time a distinctive and distinguished learning environment for undergraduates and graduate students in many scholarly and professional fields. The University recognizes the importance of its location in New York City and seeks to link its research and teaching to the vast resources of a great metropolis. It seeks to attract a diverse and international faculty and student body, to support research and teaching on global issues, and to create academic relationships with many countries and regions. It expects all areas of the university to advance knowledge and learning at the highest level and to convey the products of its efforts to the world.
BACK TO TOP
Technical Communication Career Center is Just One of the Benefits.
Discover what else STC has to offer!
The job you are trying to reach from was originally posted at Technical Communication Career Center.