JOB DESCRIPTION: ** This is a central OIT position ** The Senior IT Security Architecture Analyst, within Emory's Enterprise Information Security team, will be primarily responsible for working with the Enterprise Security and other Emory IT teams to identify, evaluate, and implement security controls for IT services. The services may be at the individual, department, division, or enterprise-levels in support of delivering the missions for both Emory University and Emory Healthcare.
Strong experience in current and historically relevant security concepts, IT security concepts and technologies. Progressive experience in a combination of IT architecture, engineering, information security, and risk management roles that demonstrate expertise. Supervises other information security professionals as needed.
Responsible for contributing to and performing security risk assessments for various IT solutions, including risk identification, analysis, and evaluation, identifying remediation and/or mitigation requirements and recommendations, and handing off the associated risks to the enterprise risk register management process. Provides advice, guidance, and direction to those internal and external customers based on policies, published guidelines, best practices, and industry recommendations. Helps to ensure that information security safeguards and controls are properly communicated and adhered to. Assessments include various IT solution providers, and the applications, processes, vendors, and technologies used by departments, divisions, or the enterprise in support of those solutions -- either on-premise, cloud-based, vender-hosted, or custom in-house developed. In addition to conducting risk assessments, this position contributes to the identification of improvements for multiple areas, to include the risk management process and tool improvements. Works closely with teams across enterprise information security, cloud engineering, IT, privacy, compliance, legal, procurement, research, and numerous business units to help protect assets for the institution. Applies background knowledge in IT, system architecture and security, and/or security vendor risk assessments and continually conducts research into new technologies and vulnerabilities across the industry. Contributes to development of risk analysis tools and provides functional guidance and direction to internal and external customer teams in overall security risk assessments of projects. Provides interpretation of information security policies and requirements or their applicability. Performs risk assessments of client vendors through risk assessment toolkit against various frameworks (HIPAA, HITRUST, SOC, NIST, etc.), collecting data and identifying areas of compliance/non-compliance through written assessment reports. Assesses risk for various components of a particular solution's architecture, such as: solution services, security controls, network, operating system, database, storage, application vulnerability assessments, security configuration settings, virus prevention and remediation, encryption, network segmentation, remote access, and authentication.
As a member of the Enterprise Security team, the position will also be tasked with other information security related tasks and projects as necessary. This position may be called upon to assist with information security activities with university or healthcare units across the enterprise. Performs other related duties as required.
Level: An experienced cybersecurity professional that applies advanced knowledge of job area typically obtained through advanced education and work experience. Exercises latitude and independence in assignments. Leads other team members on delegated tasks or projects. May represent associate director when they are unavailable. Problems faced are difficult to complex. Requires communication with cybersecurity and IT leadership and occasional communication with senior leadership across the enterprise. Work activities are performed under general guideline and direction, but in close collaboration within the analyst's own team.
MINIMUM QUALIFICATIONS: A bachelor's degree and six years of related IT experience including demonstrated technical expertise in multiple information security domains, OR an equivalent combination of education, training, and experience. A strong background in IT architecture and security concepts, and their development, deployment, and administration. Excellent team participation skills, as well as good written and verbal communication skills. |
Emory University is dedicated to providing equal opportunities to all individuals regardless of race, color, religion, ethnic or national origin, gender, age, disability, sexual orientation, gender identity, gender expression, veteran's status, or any other factor that is a prohibited consideration under applicable law. |
Human Resources