Advertised Summary Job Description: The Information Security Risk Specialist will report to the IT Risk Manager within the Information Security Office (ISO). The analyst will conduct initial risk analysis on information systems, platforms, and processes in accordance with established regulations and organizational standards. They will assist Analysts in evaluating IT infrastructure in terms of risk to the organization and establish controls to mitigate loss of data, confidentiality, integrity and availability, while aligning those initiatives to the core organizational mission of Research, Care and Education. They will determine and recommend improvements in current risk management framework and controls.
Responsibilities include: assisting in conducting IT risk analysis, evaluations and education on IT assets and processes as it pertains to the CUIMC's System Analysis Program; evaluating risks associated with the procurement of new IT products/systems as well as those associated with the use of third-party IT vendors (business associates); researching and proposing solutions to mitigate risks under the established risk management strategies, assisting constituents with remediation planning and ensuring identified gaps have been appropriately managed in order to achieve certification; assisting in the development of internal processes for streamlining risk analysis techniques; assisting in development of HIPAA Privacy and Security training content and initiatives; other duties as required.
General Minimum Qualifications: Requires a bachelor's degree or equivalent in education and experience, plus three years of related experience.
Additional Specific Minimum Qualifications:
Preferred Qualifications: It would be helpful if a candidate is familiar with these criteria: background in IT risk analysis, auditing and/or information security practices with significant experience in a complex, multi- platform, higher education or healthcare IT environment; understanding of regulatory compliance and industry best practices towards maintaining compliance with HIPAA/HITECH, 21 CFR Part 11, PCI, FERPA and GLBA; Familiarity with IT frameworks such as ISO, HITRUST, ITIL or COBIT; ability to develop remediation plans and guide departments with remediation strategy; strong service commitment, and verbal, writing, and reporting skills; high level of integrity, and sound judgment concerning security and privacy; ability to understand and work with healthcare professionals, educators and researchers.
While none of these qualifications are required, the more a candidate has the better; experience working in a HIPAA/HITECH/OMNIBUS-regulated environment; functional knowledge of other relevant compliance regulations (PCI, FERPA, Data Breach Acts, FISMA) and security standards (HITRUST, PCI-DSS, ISO 27001/2, NIST); experience working in an academic medical center or hospital environment a plus; the ideal candidate will understand the development of Information Security systems, the security issues of system deployment generally, and the security and development issues involved in integrating an environment of multiple complex systems; CISA/CISM, or GIAC certified penetration tester (GPEN), or Certified Ethical Hacker (CEH), or any relevant GIAC certifications, CISSP, or CISA.
As a member of the National Collegiate Athletic Association (NCAA) and the Council of Ivy Group Presidents (Ivy League), it is imperative that members of the Columbia University community, in all matters related to the intercollegiate athletics program, exhibit the highest professional standards and ethical behavior with regard to adherence to NCAA, Conference, University, and Department of Intercollegiate Athletics and Physical Education rules and regulations.
Columbia University is an Equal Opportunity/Affirmative Action employer.
Internal Number: 126_175098
About Columbia University
Columbia University is one of the world's most important centers of research and at the same time a distinctive and distinguished learning environment for undergraduates and graduate students in many scholarly and professional fields. The University recognizes the importance of its location in New York City and seeks to link its research and teaching to the vast resources of a great metropolis. It seeks to attract a diverse and international faculty and student body, to support research and teaching on global issues, and to create academic relationships with many countries and regions. It expects all areas of the university to advance knowledge and learning at the highest level and to convey the products of its efforts to the world.