Welcome!! Register or Login

    Job details

Job Offer: Cyber Security Analyst:

Job description:

28 days old

Cyber Security Analyst

John Hopkins University
Baltimore, MD 43105

Add to Favorites
Share Job

Apply Now Apply on the Company Site

Classified Title: Cyber Security Analyst
function/Level/Range: ATP/04/PF
Starting income Range: $79,864.00 - $97,575.00
Employee Group: Full Time
Schedule: Monday - Friday, 8:30am - 5:00pm
Exempt Status :Exempt
Job location: School of Public Health, East Baltimore Campus
Department Name: Office of Information Technology, Information technology Operations
Personnel Area: School of Public Health

The Office of Information Technology is seeking a Cyber Security Risk and Compliance Analyst. This position is responsible for administration of a comprehensive information security program ensuring strategies and service align with the Johns Hopkins Bloomberg School of Public Health (the School) mission, goals, and objectives. This includes coordination across the School and with all connected stakeholders.

Responsibilities of this position include developing, documenting, implementing, and maintaining the security policies, standards, and procedures for the School, maintaining oversight of information custodians and security liaisons in carrying out their responsibilities, and providing support in developing and implementing a program to manage all aspects of compliance with the various regulations (e.g., HIPAA, HITECH, PCI). This position will assist with the planning, design, and implementation of technology and procedures designed to maintain the confidentiality, availcapability, and integrity of the information resources, computer, and networking systems of the School.

Job Scope/Complexity:
This individual will primarily be responsible to analyze and assess the privacy, protection, and use PHI/PII information house on School systems, mobile computing devices, or 3rd party environments regardless of format. Support projects and activities connected with the handling of records and information all over their entire life cycle management. Ensure the electronic records keeping systems are maintained in a state of compliance with established Johns Hopkins privacy, electronic communications, information protection, and records management policies.

Must have strong knowledge of domestic Information Protection and Data Privacy laws and considerations, and be well versed their international equivalents. The scope of the job currently includes the assessment and evaluation of processes, projects, and environments handling records and information at the School. Responsible for coordination and support of risk management programs affecting people and assets for the School.

Job Job responsibilities:
   » Provides recommendations for security compliance to technical and project leadership abilities located upon research and evaluation of legislation, regulations (HIPAA, HITECH, FISMA, PCI, DHS, ISO, NIST), and industry best practices.
   » Analyzes the security posture of information systems located upon industry best practices, standards & guidelines, and regulatory requirements including, but not limited to, NIST, COBIT, and ISO.
   » Performs Information Assurance Certification and Accreditation Process certifications, testing and evaluations on School information systems.
   » Provides network security risk assessments, vulnercapability assessments, network security analysis, and provides recommendations to cost effectively protect information system assets from intentional or inadvertent modification, disclosure, or destruction for larger systems and projects that are highly complex in nature. They may also involve sensitive info (PHI and PII).
   » Works with senior management and staff to develop and communicate security policies and establish procedures necessary to monitor and support compliance.
   » Provides tactical and strategic planning for continuing management of information systems platforms.

   » Researches, recommends, implements and supports new technologies, systems and/or processes to reduce the security threats to the Schools network and Information technology infrastructure. These include, but are not limited to, data loss, exposure of private data, inappropriate systems access, denial of service, computer viruses and Trojans, or any other indication of compromised systems.
   » Provides cyber security design consulting services, by independently interpreting complex requirements and providing recommendations to cost effectively protect information system assets from intentional or inadvertent modification, disclosure, or destruction for larger systems and projects that are highly complex in nature. They may also involve sensitive info (PHI and PII).
   » Develops new methods to improve service processes, performance, and functionality by examining system management tools and processes. Reviews new methods suggested by others and approves the work.

   » Coordinates with clients and JHU entities including, but not limited to, OHIA, ORA, and IRB to review security and privacy requirements and controls within research plans, data use agreements, and contracts.
   » Monitors the vulnercapability scanning programs and provides guidance and task assignment to technical engineers and administrators to design and implement controls to mitigate identified risks.
   » Maintains contact with outside contingency planning professional organizations and local/regional emergency response groups.
   » Represents Information technology cyber security risk management on institutional committees in the areas of Information technology security, privacy, and policy.

   » Develops and executes highly technical and/or complex project plans and systems located on knowledge of the business and information security needs of the School.
   » Represents Information technology cyber security risk management in business projects for security evaluations, risk assessments, data use agreement review and coordinates activities with customers.
   » Evaluates vendor proposals and selects the most appropriate vendor located on requirements.
   » Leads and provides direction to project team by reviewing work and adhering to institutional standards and guidelines to ensure collaboration and communication with team members and customers.
   » Provides knowledgeable technical and project management (full life-cycle) responsibilities in more than one information security discipline including, but not limited to, risk management, network intrusion detection and avoidance, security event/incident response, security policy, vulnercapability management, regulatory compliance, and encrypted and secure remote access.

   » Coordinates Information technology Security consciousness and outreach programs (i.e. new employee orientation and specific compliance training programs) and assists with the training and education of employees on business continuity, preparedness, and their function during a crisis event. Creates audience-appropriate documentation to serve as technical and/or end-user reference.
   » Assists in the development and regular review of risk management and security artifacts for School facilities and infrastructure. These include, but are not limited to, policies, standard operating procedures, business impact analysis, systems design documentation, risk management plans, disaster recovery plans, and after action reports.
   » Implements and supports systems and/or processes to reduce the security threats to the Schools network and Information technology infrastructure. These include, but are not limited to, data loss, exposure of private data, inappropriate systems access, denial of service, computer viruses and Trojans, or any other indication of compromised systems.
   » Develops new methods to improve service processes, performance, and functionality by examining governance, risk management, and change (GRC) control process.
   » Develops and maintains metrics and assessments regarding the effectiveness of security controls for Information technology managed assets and provide reports and recommendations to senior management.
   » Maintains documentation library including all internal and external risk assessments, audits, Security and Privacy plans and mitigation response plans (i.e. SSP, PIA, POAM).
   » Evaluates and forecasts the need for Information technology Security to sustain security program effectiveness.
   » Communicates critical incident information efficiently with attention to confidentiality concerns.

Minimum Appropriate qualifications:
Bachelors degree in an Information technology or related field required. Advanced degree in Information technology or related field preferred.
Six years of progressively responsible practice in at least one of the following disciplines: enterprise networking (wired and wireless), computer system management and administration, enterprise information or network security, continuity management, network forensics, or technical risk assessment. Two years of practice in a hands-on technical leadership abilities function. Three years of project management and project team participation expertise.
Additional practice may substitute for education.

Preferred Appropriate qualifications:
Professional security training and/or certification (e.g. SANS/GIAC, CISA, CISM, CISSP) preferred. Possess an in-depth knowledge of information security and compliance practices and its various supporting technologies and platforms. capability to research risks and risk-related problems to the finest detail to identify related issues and solutions.

Knowledge, expertise, & Abilities (KSAs):
   » Must demonstrate strong critical thinking and analytical reasoning expertise.
   » capability to work on multiple priorities effectively and prioritize conflicting demands.
   » capability to independently execute assigned project tasks within established schedule.
   » capability to work collaboratively in a team environment.
   » capability to communicate effectively in the service of users and colleagues.
   » Writes and communicates clearly and concisely and possesses sound documentation expertise.
   » capability to maintain confidentiality.
   » Work requires a strong knowledge and broad work practice with at least two of ten ISC information security domains:
   » Access control
   » Application development security
   » Business continuity and disaster recovery planning
   » Cryptography
   » Information security governance and risk management
   » Legal, regulations, compliance, and investigations
   » Operations security
   » Physical (environmental) security
   » Security architecture and design
   » Telecommunications and network security
   » Working knowledge of various compliance legislation and industry standards (e.g. HIPAA/HITECH, PCI, and FERPA).
   » Knowledge and practice with information security technologies, methodologies, and practices including, but not limited to, risk assessment and management, intrusion detection and avoidance, vulnercapability assessment and management, system administration (Windows, OS X, Linux, Unix, etc.), security policy, standards, and best practices, security incident response, auditing and security administration of network security systems and operating systems, access control, encryption, firewalls, secure proxies, networking, database and application security, security event log analysis, virus avoidance and remediation, and custom programming/scripting.
   » Strong knowledge of TCP/IP, the OSI model, and appropriate standards and practices connected with a secure technical framework.

The prosperous candidate(s) for this position will be subject to a pre-employment background check.

If you are interested in applying for employment with The Johns Hopkins University and require special assistance or accommodation during any part of the pre-employment process, Contact Us by the HR Business Services Office at TTY users, call via Maryland Relay or dial 711.

The following additional provisions may apply depending on which campus you will work. Your recruiter will advise accordingly.

During the Influenza ("the flu") season, as a condition of employment, The Johns Hopkins Institutions require all employees who provide continuing services to patients or work in patient care or clinical care areas to have an annual influenza vaccination or possess an approved medical or religious exception. Failure to meet this requirement may result in termination of employment.

The pre-employment physical for positions in clinical areas, laboratories, working with research subjects, or involving community contact requires documentation of immune status against Rubella (German measles), Rubeola (Measles), Mumps, Varicella (chickenpox), Hepatitis B and documentation of having received the Tdap (Tetanus, diphtheria, pertussis) vaccination. This may include documentation of having two (2) MMR vaccines; two (2) Varicella vaccines; or antibody status to these diseases from laboratory testing. Blood tests for immunities to these diseases are ordinarily included in the pre-employment physical exam except for those employees who provide results of blood tests or immunization documentation from their own health care providers. Any vaccinations required for these diseases will be given at no cost in our Occupational Health office.

Equal Opportunity Employer
Note: Job Postings are updated everyday and remain online until filled.

EEO is the Law
Lgain more:
Important legal information


Job Category: Other [ View All Other Jobs ]
Language requirements:
Employment type:
Salary: Unspecified
Degree: Unspecified
Experience (year): Unspecified
Job Location: Other
Company Type Employer
Post Date: 02/11/2019 / Viewed 9 times
Contact Information
Contact Email:

Apply Online