Information Security Analyst Pr/UKHC

The University of Kentucky HealthCare (UKHC) is seeking a Principal Information Security Analyst to lead the risk management and compliance function. Essential duties and responsibilities include but are not limited to:

• Developing and providing oversight of the risk management strategy and program
• Supporting the CISO in the formulation of information technology related policies
• Providing personnel management for GRC team
• Planning and conducting information security risk assessments to proactively identify, mitigate, and reduce risk to the organization
• Reviewing third party contracts for compliance with security requirements and recommending appropriate language as necessary
• Providing guidance and recommendations in order to comply with regulatory requirements including HIPAA, FDA, CMS, and PCI-DSS
• Preparing reports that identify technical and procedural findings, and providing recommended remediation strategies and solutions
• Communicating risk posture, security metrics, and security issues to leadership
• Guiding the development and implementation of appropriate security controls for information technology applications and infrastructure
• Collaborating with technical and non-technical teams to analyze and recommend actions related to vulnerabilities and control weaknesses
• Providing security requirements to be included in statements of work and other appropriate procurement documents
• Developing methods to monitor and measure risk, compliance, and assurance efforts
• Promoting security awareness across the organization

Job Title
Information Security Analyst Pr/UKHC

Requisition Number

Working Title
Principle Information Security Analyst

Department Name
H3997:EVPHA Information Technology

Work Location
2317 Alumni Park Plaza

Grade Level

Salary Range

Type of Position

Position Time Status

Required Education


Click here for more information about equivalencies:

Required Related Experience

10 yrs

Required License/ Registration/Certification


Physical Requirements

The physical requirements for this position include communicating effectively; building positive working relationships with individuals from diverse backgrounds; abiding by University guidelines; maintaining confidentiality; prioritizing and managing work effectively; providing exceptional customer service; performing work in a sedentary position; walking, standing, and sitting for extended periods of time; reporting to meetings at different locations both on and off campus; and interacting with individuals from various levels throughout the University.


Primarily days; 8:00 AM - 5:00 PM. However, this is an exempt position and may require additional time during evenings, weekends, and holidays to accomplish work goals.


• 6+ years experience in information security
• BS required, MS preferred, or equivalent experience
• CISSP required
• CISM required
• Expert knowledge of HIPAA, PCI, ISO 27001/27002, HITRUST, COBIT, ITIL, and risk management frameworks including ISO 27005/31000/31010, NIST SP 800-30, NIST SP 800-39 preferred
• Demonstrated ability to lead and perform risk assessment/management activities
• Strong analytical skills and the ability to resolve complex problems
• Ability to work independently
• Strong interpersonal and communication skills and ability to effectively communicate with management, staff and regulatory agencies
• Policy and procedure development

Does this position have supervisory responsibilities?

Preferred Education/Experience

Degree in Information Technology or equivalent required.

Deadline to Apply

University Community of Inclusion

The University of Kentucky is committed to a diverse and inclusive workforce by ensuring all our students, faculty, and staff work in an environment of openness and acceptance. We strive to foster a community where people of all backgrounds, identities, and perspectives can feel secure and welcome. We also value the well-being of each of our employees and are dedicated to creating a healthy place to work, learn and live. In the interest of maintaining a safe and healthy environment for our students, employees, patients and visitors the University of Kentucky is a Tobacco & Drug Free campus.

As an Equal Opportunity Employer, we strongly encourage veterans, individuals with disabilities, women, and all minorities to consider our employment opportunities.

Any candidate offered a position may be required to pass pre-employment screenings as mandated by University of Kentucky Human Resources. These screenings may include a national background check and/or drug screen.

Posting Specific Questions

Required fields are indicated with an asterisk (*).

  1. * UK HealthCare recognizes the patient as our premier customer and promises to provide excellent customer services to patients, colleagues, co-workers and all others who seek our services. By applying for a position with UK HealthCare, I am indicating my commitment to service excellence and expressing my agreement to consistently recognize that: - Our customer is every person we come into contact with during our workday. - Service is being flexible, courteous and respectful while anticipating and fulfilling the needs of our customers. - Quality is the foundation of everything we do. It is our desire to provide exceptional service to every patient and customer we serve. - Careful, efficient and responsible management of our resources is vital to our success. - We want to attract, develop and retain highly skilled and competent co-workers, which will in turn achieve customer loyalty and promote the growth of UK HealthCare. By submitting my application for employment with UK HealthCare, I acknowledge that I will be held accountable to follow the UK HealthCare Behavioral Expectations if selected for a position with UK HealthCare. Do you agree to abide by the UK HealthCare Standards?
    • Yes
    • No
  2. * Where did you first see this position advertised other than on UK's online employment system?
    • (Diverse Issues in Higher Education)
    • Institute for Diversity in Health Management
    • A Colleague, Friend and/or Family Member
    • None of the Above

Applicant Documents

Required Documents
  1. Resume
  2. Cover Letter
Optional Documents