Job Description
Job Title-Analyst - Information Systems Security
Position Summary
Under general direction, develops, implements, and monitors security of all
hospital systems in order to centrally manage access rights, educate users of
individual responsibilities, and minimize the possibility of malicious access.
Guidelines include all departmental, hospital, and personnel policies and procedures.
Patient care contact: None
Position Accountabilities:
- Assists in enforcing EIA/TIA published standards for network equipment level security.
- Takes appropriate steps to document and investigate alarms. Reports such incidents
immediately to appropriate staff for action and resolution.
- Assists in the implementation and management of PC Network Security to include:
Novell's NetWare Directory Services (NDS) Security Model and Novell Auditing, Microsoft
Windows NT Security Model and PC virus detection and protection.
- Identifies network level security issues and coordinates resolution with the
appropriate network staff, including the network manager. Ensures that firewalls are installed,
configured, and maintained as necessary by appropriate MIS staff.
- Participates in the development, documentation, communication, testing, and
periodic review and revision of business continuity and disaster recovery plans.
- In cooperation with University Hospital Security Office staff, recommends physical
space security measures that will restrict and monitor access to areas of IS where equipment
and data are housed.
- Maintains up-to-date knowledge and skills regarding new technology and products
related to hospital systems, security, and other issues necessary to maintaining and advancing systems.
- Maintains hospital systems security including recommending and coordinating the use of physical
and protocol level security tools w/ appropriate staff(systems mgr.,network mgr.,PC systems mgr.) to
detect suspicious or unauthorized use of systems, internal/ext.
- Designs and delivers security awareness programs for users and IS staff.
- Maintains and administers an up-to-date listing of users and user access privileges
(as approved by user managers and supervisors), and administers user access passwords.
- Performs periodic security evaluations in order to identify needs for additional
or revised security measures. Updates documentation, and ensures appropriate individuals are informed.
- Conducts regular reviews to identify potential business risks related to information security and
develops, documents, implements and maintains security standards for University Hospital systems.
- Performs other related duties as assigned or requested.
Minimum Education:
- B.S. in computer science, electrical engineering, or a related field. Education
may be substituted by six to eight years of experience of which three years are specific to developing,
implementing and monitoring security systems.
Minimum Experience:
- Three years of progressively responsible systems security experience is required.
Preferred Field of Expertise:
- Hospital and clinical information systems security.
Vision Requirements:
- Must have good, correctable eyesight.
Physical Demands:
- Moderate physical effort (lift/carry up to 25 lbs).
Working Conditions:
- Occasionally subject to irregular hours.
- Occasional pressure due to multiple calls and inquiries.
- Regularly required to be on-call.
- Occasional travel with use of private vehicle required
Required Skill:
- Excellent human relation and oral/written communication skills.
- Must be a strong team player.
- Must have strong analytical skills.
- Personal computer skills
- Ability to lead work teams