Information Security Analyst Pr/UKHC
The University of Kentucky HealthCare (UKHC) is seeking a Principal Information Security Analyst to lead the risk management and compliance function. Essential duties and responsibilities include but are not limited to:
• Developing and providing oversight of the risk management strategy and program
• Supporting the CISO in the formulation of information technology related policies
• Providing personnel management for GRC team
• Planning and conducting information security risk assessments to proactively identify, mitigate, and reduce risk to the organization
• Reviewing third party contracts for compliance with security requirements and recommending appropriate language as necessary
• Providing guidance and recommendations in order to comply with regulatory requirements including HIPAA, FDA, CMS, and PCI-DSS
• Preparing reports that identify technical and procedural findings, and providing recommended remediation strategies and solutions
• Communicating risk posture, security metrics, and security issues to leadership
• Guiding the development and implementation of appropriate security controls for information technology applications and infrastructure
• Collaborating with technical and non-technical teams to analyze and recommend actions related to vulnerabilities and control weaknesses
• Providing security requirements to be included in statements of work and other appropriate procurement documents
• Developing methods to monitor and measure risk, compliance, and assurance efforts
• Promoting security awareness across the organization
Information Security Analyst Pr/UKHC
Principle Information Security Analyst
H3997:EVPHA Information Technology
2317 Alumni Park Plaza
Type of Position
Position Time Status
Click here for more information about equivalencies:
Required Related Experience
Required License/ Registration/Certification
The physical requirements for this position include communicating effectively; building positive working relationships with individuals from diverse backgrounds; abiding by University guidelines; maintaining confidentiality; prioritizing and managing work effectively; providing exceptional customer service; performing work in a sedentary position; walking, standing, and sitting for extended periods of time; reporting to meetings at different locations both on and off campus; and interacting with individuals from various levels throughout the University.
Primarily days; 8:00 AM - 5:00 PM. However, this is an exempt position and may require additional time during evenings, weekends, and holidays to accomplish work goals.
• 6+ years experience in information security
• BS required, MS preferred, or equivalent experience
• CISSP required
• CISM required
• Expert knowledge of HIPAA, PCI, ISO 27001/27002, HITRUST, COBIT, ITIL, and risk management frameworks including ISO 27005/31000/31010, NIST SP 800-30, NIST SP 800-39 preferred
• Demonstrated ability to lead and perform risk assessment/management activities
• Strong analytical skills and the ability to resolve complex problems
• Ability to work independently
• Strong interpersonal and communication skills and ability to effectively communicate with management, staff and regulatory agencies
• Policy and procedure development
Does this position have supervisory responsibilities?
Degree in Information Technology or equivalent required.
Deadline to Apply
University Community of Inclusion
The University of Kentucky is committed to a diverse and inclusive workforce by ensuring all our students, faculty, and staff work in an environment of openness and acceptance. We strive to foster a community where people of all backgrounds, identities, and perspectives can feel secure and welcome. We also value the well-being of each of our employees and are dedicated to creating a healthy place to work, learn and live. In the interest of maintaining a safe and healthy environment for our students, employees, patients and visitors the University of Kentucky is a Tobacco & Drug Free campus.
As an Equal Opportunity Employer, we strongly encourage veterans, individuals with disabilities, women, and all minorities to consider our employment opportunities.
Any candidate offered a position may be required to pass pre-employment screenings as mandated by University of Kentucky Human Resources. These screenings may include a national background check and/or drug screen.
Posting Specific Questions
Required fields are indicated with an asterisk (*).
- * UK HealthCare recognizes the patient as our premier customer and promises to provide excellent customer services to patients, colleagues, co-workers and all others who seek our services. By applying for a position with UK HealthCare, I am indicating my commitment to service excellence and expressing my agreement to consistently recognize that: - Our customer is every person we come into contact with during our workday. - Service is being flexible, courteous and respectful while anticipating and fulfilling the needs of our customers. - Quality is the foundation of everything we do. It is our desire to provide exceptional service to every patient and customer we serve. - Careful, efficient and responsible management of our resources is vital to our success. - We want to attract, develop and retain highly skilled and competent co-workers, which will in turn achieve customer loyalty and promote the growth of UK HealthCare. By submitting my application for employment with UK HealthCare, I acknowledge that I will be held accountable to follow the UK HealthCare Behavioral Expectations if selected for a position with UK HealthCare. Do you agree to abide by the UK HealthCare Standards?
- * Where did you first see this position advertised other than on UK's online employment system?
- Diverseeducation.com (Diverse Issues in Higher Education)
- Institute for Diversity in Health Management
- A Colleague, Friend and/or Family Member
- None of the Above
- Cover Letter