Principal Information Security Analyst

Mayo Clinic•Rochester, MN

About The Position

The Principal Information Security Analyst provides senior-level leadership and hands-on oversight of the organization’s incident response program, ensuring consistent, high-quality execution of the incident response process from intake and triage through investigation, containment, eradication, recovery, and closure. This role partners closely with SOC operations, infrastructure and application protection teams, IAM, legal, privacy, and risk to coordinate timely response actions, deliver clear incident communications and executive-ready reporting, and ensure evidence and documentation meet internal standards and regulatory expectations. The Principal Analyst drives operational excellence through continuous improvement, including root cause analysis, after-action and lessons-learned reviews, and remediation tracking while strengthening preparedness by coordinating tabletop exercises and conducting periodic process and playbook reviews. In addition, the role performs access reviews, supports audits by compiling and validating control evidence, and elevates team capability by assisting in development training for incident responders. Stays current with emerging threats, attack techniques, and AI/ML advancements in cybersecurity. The Information Security Principal Analyst has a broad understanding of information security concepts and how to apply and implement them. They serve as a liaison between Information Security, Information Technology, business representatives, and various oversight committees, assisting with developing, communicating, and achieving Mayo's Information Security goals. The Information Security Principal Analyst is considered an expert, leader, and mentor who is highly skilled in industry standard information security concepts with particular focus on the NIST Cybersecurity Framework, or equivalent. The Information Security Principal Analyst is knowledgeable, proficient, and experienced in: Integrating multiple disciplines (e.g., business / systems process analysis, data analysis, data informatics, cybersecurity concepts, risk management, regulatory requirements, and technology) for strategic and operational planning. Using problem-solving methods, planning techniques, continuous improvement, project management, and analytical tools and methodologies to achieve Mayo goals. Leading risk analysis and information security assessments with focus on planning, information gathering, and remediation planning and monitoring. Serving as an expert for information security questions and inquiries. Ensuring appropriate management of cybersecurity risks in alignment with standards. Monitoring compliance to Mayo's Information Security policies, processes and procedures. Managing and administering Information Security processes and tools that enable the organization to operate securely, effectively and efficiently. Creating, coordinating, conducting and/or evaluating training courses within pertinent subject domain. Creating policies, processes and procedures and guiding them through the approval process. Managing a varied workload of complex projects with multiple priorities. Staying current on information security, technology and healthcare trends and institutional changes. Exhibiting excellent interpersonal skills which include presentation, negotiation, influencing, team facilitation and written communications. Effectively manages time, provides mentorship and leadership to others. Communicating risk and complex cyber security topics to a diverse audience. Authoring high-level business and technical documentation. Additional qualifications may apply (see additional experience and/or qualifications): Organizational Change Management - particular focus on Procsi's ADKAR model, Project Management - particular focus on the Project Management Body of Knowledge (PMBOK), Business Analysis - particular focus is on the Business Analysis Body of Knowledge (BABOK). Mayo Clinic will not sponsor or transfer visas for this position including F1 OPT STEM.

Requirements

Master's degree in applicable field and 5 years' experience, or Bachelor's degree in applicable field and 8 years' experience.
Pertinent fields of study and experience includes (but is not limited to) information security, operational analysis, process change, electronic systems implementation, leadership, systems analysis and project management with broad-based key enterprise initiatives.
Demonstrated history of continuing education in technology, information security, healthcare, and business processes.
Excellent interpersonal skills to include presentation, negotiation, influencing, team facilitation and written communications skills are required.
Experienced with committee and consensus-managed, physician led organization.
Exceptional time management and leadership skills are required.
Must have one of the following certifications (or equivalent) at time of hire: CISSP, CISM, HCISPP, GSEC, OSCP or equivalent.

Nice To Haves

Organizational Change Management - particular focus on Procsi's ADKAR model
Project Management - particular focus on the Project Management Body of Knowledge (PMBOK)
Business Analysis - particular focus is on the Business Analysis Body of Knowledge (BABOK)

Responsibilities

Provides senior-level leadership and hands-on oversight of the organization’s incident response program.
Ensures consistent, high-quality execution of the incident response process from intake and triage through investigation, containment, eradication, recovery, and closure.
Partners closely with SOC operations, infrastructure and application protection teams, IAM, legal, privacy, and risk to coordinate timely response actions.
Delivers clear incident communications and executive-ready reporting.
Ensures evidence and documentation meet internal standards and regulatory expectations.
Drives operational excellence through continuous improvement, including root cause analysis, after-action and lessons-learned reviews, and remediation tracking.
Strengthens preparedness by coordinating tabletop exercises and conducting periodic process and playbook reviews.
Performs access reviews.
Supports audits by compiling and validating control evidence.
Elevates team capability by assisting in development training for incident responders.
Stays current with emerging threats, attack techniques, and AI/ML advancements in cybersecurity.
Serves as a liaison between Information Security, Information Technology, business representatives, and various oversight committees, assisting with developing, communicating, and achieving Mayo's Information Security goals.
Integrates multiple disciplines (e.g., business / systems process analysis, data analysis, data informatics, cybersecurity concepts, risk management, regulatory requirements, and technology) for strategic and operational planning.
Uses problem-solving methods, planning techniques, continuous improvement, project management, and analytical tools and methodologies to achieve Mayo goals.
Leads risk analysis and information security assessments with focus on planning, information gathering, and remediation planning and monitoring.
Serves as an expert for information security questions and inquiries.
Ensures appropriate management of cybersecurity risks in alignment with standards.
Monitors compliance to Mayo's Information Security policies, processes and procedures.
Manages and administers Information Security processes and tools that enable the organization to operate securely, effectively and efficiently.
Creates, coordinates, conducts and/or evaluates training courses within pertinent subject domain.
Creates policies, processes and procedures and guides them through the approval process.
Manages a varied workload of complex projects with multiple priorities.
Stays current on information security, technology and healthcare trends and institutional changes.
Exhibits excellent interpersonal skills which include presentation, negotiation, influencing, team facilitation and written communications.
Effectively manages time, provides mentorship and leadership to others.
Communicates risk and complex cyber security topics to a diverse audience.
Authors high-level business and technical documentation.