IT Risk Analyst (Remote Available)

Vanderbilt University Medical Center•Nashville, TN

15h•Remote

About The Position

Located in Nashville, Tennessee, and operating at a global crossroads of teaching, discovery, and patient care, VUMC is a community of individuals who come to work each day with the simple aim of changing the world. It is a place where your expertise will be valued, your knowledge expanded, and your abilities challenged. Vanderbilt Health is committed to an environment where everyone has the chance to thrive and where your uniqueness is sought and celebrated. It is a place where employees know they are part of something that is bigger than themselves, take exceptional pride in their work and never settle for what was good enough yesterday. Vanderbilt’s mission is to advance health and wellness through preeminent programs in patient care, education, and research. Organization: VEC ClinicalCyberRisk Job Summary: This position will conduct application risk assessments crucial to enterprise-wide systems. This position will provide support in security architecture and participate in incident response as dictated. This position will leverage IT risk management tools to determine appropriate measures for risk mitigation as needed. The position will be part of the Clinical Cyber Risk assessment team and is a critical component of processing assessments in a timely fashion and providing enhanced user training for VUMC employees and contractors.

Requirements

Risk Assessment (Novice): Demonstrates familiarity with professional risk assessment processes and understands risk prioritization. Evaluates risks with an eye toward regulatory concerns while staying aware of current attack vectors. Identifies viable mitigation strategies that can be presented to business owners for consideration. Documents risk findings and suggested mitigations in a concise manner that can be clearly communicated to stakeholders.
Regulatory Awareness (Novice): Demonstrates knowledge of healthcare regulations and security best practices. Identifies appropriate sources of governmental and industry guidance. Interprets regulations and guidance to assist application and business stakeholders with compliance and security best practice efforts.
Security Control Knowledge (Novice): Understands and has direct familiarity with common information security technical toolsets (e.g. firewall, SIEM, IPS, vulnerability scanner, etc.). Demonstrates knowledge of non-technical controls (e.g. physical and administrative). Able to effectively communicate with teams directly administering controls to identify suitable responses to identified risks.
User Training (Novice): Conducts formal, ad-hoc, and covert user training activities. Effectively communicates security risks to users of every skill level. Utilizes technical toolsets to aid and report on the training process (e.g. LMS, phishing campaigns, etc.)
Incident Response (Novice): Understands incident response processes and is able to work in a professional manner during an incident. Serves as a liaison between technical and non-technical parties. Has an understanding of the forensic process and is able to identify appropriate skillsets necessary to handle investigative activity.
Certifications: CompTia Security+ - Licensure-Others
Work Experience: Relevant Work Experience
Experience Level: 2 years
Education: Bachelor's

Responsibilities

Conducts application focused risk assessments.
Assists application owners with security best practices.
Participates in incident response activities related to systems.
Executes passive and active user training activities.
Monitors systems for suspect behavior.
The responsibilities listed are a general overview of the position and additional duties may be assigned.

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume