This Associate IT Risk Analyst will assist in application risk assessments delivered to application and business owners with some guidance. Associate IT Risk Analyst educates user community through information security training programs. Assists with incident response when issues relate to systems or regulatory matters. Assists with automated and manual monitoring of systems to detect suspect activity.
Assists with application focused risk assessments.
Assists application owners with security best practices.
Participates in incident response activities related to systems.
Participates in passive and active user training activities.
Monitors systems for suspect behavior.
The responsibilities listed are a general overview of the position and additional duties may be assigned.
DEPARTMENT / UNIT SUMMARY:
VUMC IT provides hardware, software and service solutions for the entire Medical Center. With over 40,000 workstations in the Medical Center, our teams can assist not only with hardware support, but also software and application support and services to enhance security and protection of your information. Click this link below to learn more:
RISK ASSESSMENT (FUNDAMENTAL AWARENESS):
- Demonstrates familiarity with professional risk assessment processes and understands risk prioritization. Evaluates risks with an eye toward regulatory concerns while staying aware of current attack vectors. Identifies viable mitigation strategies that can be presented to business owners for consideration. Documents risk findings and suggested mitigations in a concise manner that can be clearly communicated to stakeholders.
REGULATORY AWARENESS (FUNDAMENTAL AWARENESS):
- Demonstrates knowledge of healthcare regulations and security best practices. Identifies appropriate sources of governmental and industry guidance. Interprets regulations and guidance to assist application and business stakeholders with compliance and security best practice efforts.
SECURITY CONTROL KNOWLEDGE (FUNDAMENTAL AWARENESS):
- Understands and has direct familiarity with common information security technical toolsets (e.g. firewall, SIEM, IPS, vulnerability scanner, etc.). Demonstrates knowledge of non-technical controls (e.g. physical and administrative). Able to effectively communicate with teams directly administering controls to identify suitable responses to identified risks.
INCIDENT RESPONSE (FUNDAMENTAL AWARENESS):
- Understands incident response processes and is able to work in a professional manner during an incident. Serves as a liaison between technical and non-technical parties. Has an understanding of the forensic process and is able to identify appropriate skillsets necessary to handle investigative activity.
USER TRAINING (FUNDAMENTAL AWARENESS):
- Conducts formal, ad-hoc, and covert user training activities. Effectively communicates security risks to users of every skill level. Utilizes technical toolsets to aid and report on the training process (e.g. LMS, phishing campaigns, etc.)
Delivers job responsibilities that impact own job area/team with some guidance.
Problem Solving/ Complexity of work:
Uses existing procedures, research and analysis to solve standard job related problems that may require some judgement.
Breadth of Knowledge:
Requires subject matter knowledge within a professional area to meet job requirements.
Individually contributes to project/ work teams.
SUPPORTING COLLEAGUES (P1):
Develops Self and Others:
Continuously improves own skills by identifying development opportunities.
Builds and Maintains Relationships:
Seeks to understand colleagues' priorities, working styles and develops relationships across areas.
Openly shares information with others and communicates in a clear and courteous manner.
DELIVERING EXCELLENT SERVICES (P1):
Serves Others with Compassion:
Invests time to understand the problems, needs of others and how to provide excellent service.
Solves Complex Problems:
Seeks to understand issues, solves routine problems, and raises proper concerns to supervisors in a timely manner.
Offers Meaningful Advice and Support:
Listens carefully to understand the issues and provides accurate information and support.
ENSURING HIGH QUALITY (P1):
Performs Excellent Work:
Checks work quality before delivery and asks relevant questions to meet quality standards.
Ensures Continuous Improvement:
Shows eagerness to learn new knowledge, technologies, tools or systems and displays willingness to go above and beyond.
Fulfills Safety and Regulatory Requirements:
Demonstrates basic knowledge of conditions that affect safety and reports unsafe conditions to the appropriate person or department.
MANAGING RESOURCES EFFECTIVELY (P1):
Takes responsibility for completing assigned activities and thinks beyond standard approaches to provide high-quality work/service.
Stewards Organizational Resources:
Displays understanding of how personal actions will impact departmental resources.
Makes Data Driven Decisions:
Uses accurate information and good decision making to consistently achieve results on time and without error.
FOSTERING INNOVATION (P1):
Generates New Ideas:
Willingly proposes/accepts ideas or initiatives that will impact day-to-day operations by offering suggestions to enhance them.
Absorbs new technology quickly; understands when to utilize the appropriate tools and procedures to ensure proper course of action.
Adapts to Change:
Embraces change by keeping an open mind to changing plans and incorporates change instructions into own area of work.
Click here to view how Vanderbilt Health employees celebrate the difference they make every day: Celebrate 2019
Click Here To View The VUMC Promise of Discovery
Discover Vanderbilt University Medical Center:
Located in Nashville, Tennessee, and operating at a global crossroads of teaching, discovery and patient care, VUMC is a community of individuals who come to work each day with the simple aim of changing the world. It is a place where your expertise will be valued, your knowledge expanded and your abilities challenged. It is a place where your diversity — of culture, thinking, learning and leading — is sought and celebrated. It is a place where employees know they are part of something that is bigger than themselves, take exceptional pride in their work and never settle for what was good enough yesterday. Vanderbilt’s mission is to advance health and wellness through preeminent programs in patient care, education, and research.
VUMC Recent Accomplishments
Because we are committed to providing the best in patient care, education and research, we are proud of our recent accomplishments:
- US News & World Report: #1 Adult Hospital in Tennessee and metropolitan Nashville, named to the Best Hospitals Honor Roll of the top 20 adult hospitals, 10 nationally ranked adult specialty programs, with 3 specialties rated in the top 10 nationally, Monroe Carell Jr. Children’s Hospital at Vanderbilt named as one of the Best Children’s Hospital in the nation, with 10 out of 10 pediatric specialties nationally ranked.
- Healthcare’s Most Wired: Among the nation’s 100 “most-wired” hospitals and health systems for its efforts in innovative medical technology.
- Becker’s Hospital Review: named as one of the “100 Great Hospitals in America”, in the roster of 100 Hospitals and Health Systems with Great Oncology Programs and to its list of the 100 Hospitals with Great Heart Programs.
- The Leapfrog Group: One of only 10 children’s hospitals in the to be named at Leapfrog Top Hospital.
- American Association for the Advancement of Science: The School of Medicine has 112 elected fellows
- Magnet Recognition Program: Received our third consecutive Magnet designations.
- National Academy of Medicine: 22 members, elected by their peers in recognition of outstanding achievement
- Human Rights Campaign Healthcare Equality Index: 6th year in a row that Vanderbilt University Medical Center was a Leader in LGBTQ Healthcare Equality.
Bachelor's Degree (or equivalent experience) and < 1 year information security experience
Physical Requirements/Strengths needed & Physical Demands:
Sedentary category requiring exertion up to 10 lbs. of force occasionally and uses negligible amounts of force to move objects. Sedentary work involves sitting most of the time.
Standing: Remaining on one's feet without moving.
Walking: Moving about on foot.
Lifting under 35 lbs: Raising and lowering objects under 35 lbs from one level to another
Carrying under 35 lbs: Transporting an object holding in hands, arms or shoulders, with help of coworkers or assistive device.
Bending/Stooping: Trunk bending downward and forward by bending spine at waist requiring full use of lower extremities and back muscles
Reaching above shoulders: Extending arms in any direction above shoulders.
Sitting: Remaining in seated position
Reaching below shoulders: Extending arms in any direction below shoulders.
Fingering: Picking, pinching, gripping, working primarily with fingers requiring fine manipulation.
Bimanual Dexterity: Requiring the use of both hands.
Communication: Expressing or exchanging written/verbal/electronic information.
Auditory: Perceiving the variances of sounds, tones and pitches and able to focus on single source of auditory information
Vision: Clarity of near vision at 20 inches or less and far vision at 20 feet or more with depth perception, peripheral vision, color vision.
Smell: Ability to detect and identify odors.