Sr. IT ANALYST-Validation GxP
Sr. IT ANALYST-Validation GxP
DCRI - Information Technology
The Sr. IT Analyst - Validation - GxP provides support for a variety of operational and consultative functions as part of the Duke Health Information Security Office (ISO). As appropriate, helps design, implement, manage, and monitor security controls to protect the confidentiality, integrity, and availability of the organization's information assets in accordance with legal, regulatory, and institutional requirements and acts as a subject matter expert in relevant domains of knowledge, and will work in collaboration with IT, clinical, research, and management staff.
The Sr. IT Analyst - GxP Validation serve as SME in computer system validation, data integrity and electronic records and signatures for electronic systems used to support GCP activities at DHTS, including related audits and associated quality system processes within the DHTS Quality Management System (QMS). The audit responsibilities include performing internal audits of DHTS processes and audits of external service providers. Audit activities include all aspects of planning, execution, reporting, and procedural documentation associated with internal and external audits and resource planning necessary to conduct all audits. Scope includes internal teams and processes and external service providers. In addition to GCP, this position may be called upon to support audits for other regulatory compliance requirements, such as FISMA, HIPAA, PCI, or SOC-2.
Duties and Responsibilities
This position may include the following duties and responsibilities
- Provide support for inspections by regulatory agencies and audits by external entities, such as clinical trial sponsors and DCRI partners. Will provide senior management with updates and status of responses to regulatory inspections.
- Provide subject matter expertise for establishing and maintaining the DHTS QMS, including authoring policies, processes, and standards for the governance of the QMS, and developing training materials.
- Advise DHTS staff with QMS responsibilities on the development and maintenance of policies, processes, standards, work instructions, training, document management (SOPs and other controlled documents), change control, process improvement, and quality metrics.
- Act as liaison with DCRI Quality Assurance function to ensure compliance with GCP requirements.
- In areas where the QMS can be used to support other regulatory requirements such as HIPAA, FISMA, and PCI, work in conjunction with cross-functional teams to achieve and maintain compliance.
- Conduct risk assessments, and using output from risk assessments and requirements analysis, assist system, application, and data owners/managers with selecting security controls and documenting system security plans.
- Review existing security plans with system, application, and data owners/managers to ensure that controls are properly implemented, and to proactively identify any gaps that may result in non-compliance with regulatory requirements.
- Provide reports and presentations on the status of controls and industry trends to management and technical staff.
- Develop and deliver relevant awareness and training sessions to DHTS staff and end users.
- Participate in campus-wide information security events and programs to ensure alignment and knowledge sharing between departments.
- Respond to relevant service requests as needed.
- 24x7 on-call support rotation may be required.
- Limited travel may be required.
- Participate in other activities necessary to support the information security and QMS programs.
- Performs other related duties incidental to the work described herein.
2426 ANALYST, IT, SR
Job Family Level
Full Time / Part Time
Regular / Temporary
Bachelor's degree in computer science, information technology, engineering, science, or related field. An equivalent combination of relevant education and applicable job experience may be considered.
Minimum of 8 years of progressive IT industry experience is required, of which at least 5 years should have been in a role providing direct experience with GXP/ FDA quality systems & audit concepts as they apply to IT systems. Experience in the field of information security is also desirable.
Degrees, Licensure, and/or Certification:
One or more information security industry certifications (e.g. CISSP, HCISPP, CISM, CISA, Security+, or equivalent) are preferred but not required. Additional technical or management certifications (e.g. ITIL, PMP, MCSE, CCNP, CCNA, or CCIE) are desirable but not required.
Knowledge, Skills, and Abilities:
- The ideal candidate will have demonstrated the following characteristics and abilities through past professional and educational experiences:
- Excellent communication skills, both verbal and written
- Strong interpersonal skills and the ability to build relationships with colleagues, customers, vendors, and other third parties
- Ability to work independently as well as in a cross-functional, multicultural team
- Ability to independently interpret and apply practical knowledge of regulations and guidelines for the immediate resolution of compliance issues
- Ability to assess regulatory/compliance risk, identify areas of improvement and propose practical solutions
- Ability to effectively interact with internal and external groups and contacts such as business development, regulatory affairs, regulatory agencies, legal, compliance, risk management, audit, CROs, clinical investigators, etc.
- Skilled at negotiating with business partners or management and influencing senior level leaders regarding matters of significance to the organization
- Proficient at creating and communicating a clear vision among team members effectively aligning resources and activities to achieve functional area and/or organizational goals
- Demonstrate a broad understanding of multiple IT disciplines and technologies
- Strong focus on customer satisfaction
- Strong critical thinking, analytical, and problem solving skills
- Ability to effectively prioritize tasks with competing deadlines
- Ability to work with minimal direction
- Ability to work effectively across multiple technical disciplines
- Ability to maintain a positive attitude and demeanor under challenging circumstances
- A working knowledge of one or more of the following regulatory compliance requirements and IT management frameworks is desirable but not required:
- HIPAA Security and Privacy Rules
- HITRUST Common Security Framework (CSF)
- ISO 27000-series standards
- NIST SP800-53 and related standards
- PCI DSS
Duke University is an Affirmative Action/Equal Opportunity Employer committed to providing employment opportunity without regard to an individual's age, color, disability, genetic information, gender, gender identity, national origin, race, religion, sexual orientation, or veteran status.
Auto req ID
Duke University is an Affirmative Action/Equal Opportunity Employer committed to providing employment opportunity without regard to an individual's age, color, disability, genetic information, gender, gender expression, gender identity, national origin, race, religion, sexual orientation, or veteran status.
Essential Physical Job Functions: Certain jobs at Duke University and Duke University Health System may include essential job functions that require specific physical and/or mental abilities. Additional information and provision for requests for reasonable accommodation will be provided by each hiring department.