Senior Manager, Information Security and Risk Management
Posting Number: req11094
Department: COM Info Technology Services
Location: UAHS - Tucson
Address: 1501 N Campbell Avenue, Tucson, AZ 85724 USA
Position HighlightsThe University of Arizona College of Medicine-Tucson Information Technology Services (COM-ITS) is currently seeking applicants for a Senior Manager of Information Security & Risk Management (UCAP Job Title: Information Security Analyst IV) to assist the department in representing the College of Medicine in many different levels of IT collaboration and cooperation among the College, UA Health Sciences, across campus, and with our Health Care partners.
The successful incumbent for this position will demonstrate a strategic mindset that can articulate multiple business objectives, at an executive level, while driving results and leveraging the team in every interaction with our customers.
Outstanding UA benefits include health, dental, and vision insurance plans; life insurance and disability programs; paid vacation, sick leave, and holidays; UA/ASU/NAU tuition reduction for the employee and qualified family members; state and optional retirement plans; access to UA recreation and cultural activities; and more!
The University of Arizona has been recognized for our innovative work-life programs. For more information about working at the University of Arizona and relocations services, please click here.
Duties & Responsibilities
- Evaluate and manage system security and investigate potential security incidents.
- Provide leadership and guidance on information security topics by developing, advising and collaborating on security processes, business continuity, and disaster recovery plans.
- Ensure information security concerns are integrated into college business strategies, requirements and projects.
- Monitor, document and report information system changes to ensure compliance with HIPAA, FERPA, PCI, and relevant regulations
- Create and update documentation for security-related technologies, procedures and/or processes to meet regulatory requirements including, HIPAA security standards, University research requirements and University Policies.
- Provide continuous monitoring of the information security program, create Corrective Action Plans (CAP) and manage CAP-related progress to completion, as needed
- Develop and implement information security architectures and solutions.
- Periodically review the college security control set and oversee introduction and implementation of new security tools and platforms.
- Develop and execute the security education and communication strategy for the college.
- Report information security program status to senior Leadership as appropriate, to include an annual enterprise risk assessment.
- Establish metrics and reporting framework to measure the efficiency, effectiveness, and maturity level of the security program
- Serve as a security expert in application development, database design, and networks.
- Collaborate with UITS ISO and the HIPAA Privacy Office as local liaison during any actual and potential information security events.
- Monitor external threat environment for emerging threats and advise relevant stakeholders on appropriate courses of action.
- Serve as the primary Information Security liaison with the Information Security Office, the University Privacy Program Office and other regulatory entities.
- Analyze business impact and exposure based on emerging security threats, vulnerabilities, and risks.
- Conduct, manage and review regular vulnerability scans and logs and assign remediation tasks.
- Participate in developing data management plans for researchers to ensure information security and HIPAA compliance.
- Research, design, and advocate for new technologies.
- Advocate and enforce Information Security training activities for the HIPAA Privacy and Information Security Awareness programs.
- Stay informed of current trends and news in all areas of Information Technology concerning HIPAA compliance, vulnerabilities, security breaches or malicious attacks.
- Bachelor's degree or equivalent advanced learning attained through professional level experience required.
- Minimum of 8 years of relevant work experience is required.
*Knowledge of common information security management frameworks/guidelines, such as ISO/IEC 27001 and the NIST SP 800 series. *Knowledge and understanding of relevant legal and regulatory requirements/standards, including but not limited to: HIPAA Security Rule, FERPA, PCI, and other relevant compliance standards. *Willingness to work on-call in the event of a security breach or other emergency. *Ability to work in a team environment, as well as the ability to take independent initiative when needed. *Excellent written and verbal communication and inter-personal skills. *Working knowledge and experience in most of technology areas such as, windows, Linux, IOS, web, database, and application development. *Outstanding problem-solving, critical-thinking, and customer service skills. *Customer-oriented mindset in delivering service. *Open-minded and positive altitude to work. *Ability to adapt and learn quickly. *Ability to lead and influence others. *Ability to explain highly technical concepts in simple terms. *Good research and analysis skills. *Demonstrate high expectations of self and others by holding self and others responsible to meet commitments, find solutions, and own outcomes.
Full Time/Part Time: Full Time
Number of Hours Worked per Week: 40+
Job FTE: 1.0
Work Calendar: Fiscal
Job Category: Information Technology
Benefits Eligible: Yes - Full Benefits
Rate of Pay: $89,740 - $122,495
Compensation Type: salary at 1.0 full-time equivalency (FTE)
Career Stream and Level
Type of criminal background check required: Fingerprint criminal background check (security sensitive due to job duties)
Number of Vacancies: 1
Contact Information for Candidates
Casandra Sanchez | email@example.com
Open Until Filled: Yes
Documents Needed to Apply: Resume and Cover Letter
At the University of Arizona, we value our inclusive climate because we know that diversity in experiences and perspectives is vital to advancing innovation, critical thinking, solving complex problems, and creating an inclusive academic community. As an Hispanic-serving institution, we translate these values into action by seeking individuals who have experience and expertise working with diverse students, colleagues, and constituencies. Because we seek a workforce with a wide range of perspectives and experiences, we provide equal employment opportunities to applicants and employees without regard to race, color, religion, sex, national origin, age, disability, veteran status, sexual orientation, gender identity, or genetic information. As an Employer of National Service, we also welcome alumni of AmeriCorps, Peace Corps, and other national service programs and others who will help us advance our Inclusive Excellence initiative aimed at creating a university that values student, staff and faculty engagement in addressing issues of diversity and inclusiveness.