DHTS INFORMATION SECURITY ANALYST

About the position

The Information Security Analyst at Duke Health plays a crucial role in supporting various operational and consultative functions within the Duke Information Security Office (ISO). This position is dedicated to the design, implementation, management, and monitoring of technical, administrative, and physical controls aimed at safeguarding the confidentiality, integrity, and availability of the organization's information assets. The analyst will collaborate closely with IT, clinical, research, and management staff across Duke to ensure robust security measures are in place. The role encompasses multiple domains of information security, with specific duties assigned based on the analyst's working title. The primary focus for this position, designated as Governance and Risk Security Analyst, involves regulatory compliance, particularly in highly regulated research environments associated with the Duke Health School of Medicine. Candidates with prior experience in an Academic Medical Center and familiarity with NIST SP 800-53 compliance are strongly preferred. In addition to governance and risk management, the analyst may engage in vendor risk assessments, exception management, and security policy management, ensuring alignment with HIPAA, NIST CSF, CIS, and other security frameworks. The position also includes responsibilities related to Identity and Access Management (IAM), penetration testing, vulnerability management, incident response, and business continuity planning. Analysts are expected to maintain a high level of communication and collaboration with various stakeholders to effectively address security vulnerabilities and implement necessary remediation measures. Overall, the Information Security Analyst is integral to advancing Duke Health's commitment to secure and innovative healthcare solutions, ensuring that all information security practices are not only compliant but also effective in mitigating risks associated with information technology.