Advertised Summary Job Description: The IT Risk Analyst will report to the IT Risk Manager within the Information Security Office (ISO). The analyst will conduct risk analysis on information systems, platforms, and processes in accordance with established regulations and organizational standards. He/she will evaluate IT infrastructure in terms of risk to the organization and establish controls to mitigate loss of data, confidentiality, integrity and availability, while aligning those initiatives to the core organizational mission of Research, Care and Education. He/she will determine and recommend improvements in current risk management framework and controls.
Principle Duties include: conduct IT risk analysis, evaluations and education on IT assets and processes as it pertains to the CUMC's System Analysis Program; evaluate risks associated with the procurement of new IT products/systems; evaluate risks associated on the use of third-party IT vendors (business associates); evaluate and propose solutions to mitigate risks under the established risk management strategies; assist constituents with remediation planning and ensure identified gaps have been appropriately managed in order to achieve certification; perform technical testing of controls for assurance and validation of IT asset compliance; review compliance regulations and assist with updating organizational compliance initiatives; assist in the development of internal processes for streamlining risk analysis techniques; assist in development of HIPAA Privacy and Security training content and initiatives; other duties as assigned.
General Minimum Qualifications: Requires a bachelor's degree or equivalent in education and experience, plus four years of related experience.
Additional Specific Minimum Qualifications:
Preferred Qualifications: Experience in IT risk analysis, audit, compliance or information security, and/or system administration with significant experience in complex, multi-platform is preferred.
Must be proficient in Excel, macros, experience in VB, Pearl scripting.
Strong background in IT risk analysis, auditing and/or information security practices with significant experience in a complex, multi-platform, higher education or healthcare IT environment. Understanding of regulatory compliance and industry best practices towards maintaining compliance with HIPAA/HITECH, 21 CFR Part 11, PCI, FERPA and GLBA. Familiarity with IT frameworks such as ISO, HITRUST, ITIL or COBIT. Ability to prepare both executive and detailed reports on risk findings and status. Ability to develop remediation plans and guide departments with remediation strategy. Strong service commitment, and verbal, writing, and reporting skills. High level of integrity, and sound judgment concerning security and privacy. Ability to plan and execute project plans. Ability to understand and work with healthcare professionals, educators and researchers. Ability to work independently with minimal supervision as well as be creative and innovative at conducting a high volume of risk analyses while reporting accurate and relevant risks to the appropriate constituents.
CISA/CISM, or GIAC certified penetration tester (GPEN), or Certified Ethical Hacker (CEH), or Any relevant GIAC certifications, or CISSP
As a member of the National Collegiate Athletic Association (NCAA) and the Council of Ivy Group Presidents (Ivy League), it is imperative that members of the Columbia University community, in all matters related to the intercollegiate athletics program, exhibit the highest professional standards and ethical behavior with regard to adherence to NCAA, Conference, University, and Department of Intercollegiate Athletics and Physical Education rules and regulations.
Columbia University is an Equal Opportunity/Affirmative Action employer.
Columbia University is one of the world's most important centers of research and at the same time a distinctive and distinguished learning environment for undergraduates and graduate students in many scholarly and professional fields. The University recognizes the importance of its location in New York City and seeks to link its research and teaching to the vast resources of a great metropolis. It... seeks to attract a diverse and international faculty and student body, to support research and teaching on global issues, and to create academic relationships with many countries and regions. It expects all areas of the university to advance knowledge and learning at the highest level and to convey the products of its efforts to the world.