System/Application Security Analyst - Rockefeller Neuroscience Institute

System Application Security Analyst - Rockefeller Neuroscience Institute

West Virginia University Research Corporation is seeking applications for a hybrid System Application Security Analyst with the Rockefeller Neuroscience Institute.

Rockefeller Neuroscience Institute is the premier multidisciplinary institute for patient care, research, and teaching in West Virginia and the region. We celebrated the opening of our new Innovation Center on May 15, 2019. The RNI's flagship facilities are located on the Health Sciences campus in Morgantown. Find out more about our outstanding work and contributions today at:

About the Opportunity

Reporting to the HSC Director of Information Security, this position provides security analyst support for system and application security at the WVU Rockefeller Neuroscience Institute (RNI). This position is a key member of the Health Sciences Information Security team responsible for remediation plans for network and application vulnerabilities, securing sensitive information, leading department risk assessments, and monitoring, testing, and auditing applications to ensure they are meeting security and compliance requirements. The Security Analyst position works closely with product design and development staff to build security into web applications developed at RNI. This position will be responsible for maintaining secure development standards, conducting application scans, and documenting remediation steps for RNI developed applications, participating in hands-on training with development staff, and maintaining products and internally developed applications used by the RNI team.

At WVU Research Corporation, we strongly believe in work-life balance and keeping time for things we love outside our work. WVU Research Corporation offers a comprehensive benefits package with a variety of options to suit your needs:

* 13 paid holidays ()

* PTO

* 403(b) retirement savings with a fully vested 3% employee contribution match, (Employees have the option of contributing an additional 1-3% of their earnings to the plan, which is also matched by the WVURC)

* A range of

* Dependent Education Scholarship

* WVU Perks

* And More!!

What you'll do:

• Provides project management leadership for the department using industry proven security and compliance risk management methods and techniques. Strives to ensure delivery of high-quality IT infrastructure that will meet requirements of stakeholders budgets and schedules in project specification documentation.
• Manages security and compliance for projects from inception to completion, assist with developing System Security Plans and policies and procedures within the department.
• Review Data Usage Agreements and vendor contracts to ensure Research projects and contractual agreements between WVU and external/internal entities meet Information Technology security and privacy compliance requirements prior to finalizing agreements.
• Participate on research data committee and meetings. Coordinate with IRB, OSP, and PIs on appropriate data controls for research projects.
• Integrates new projects into ITS strategic and tactical plans tracking team progress.
• Work with project teams to develop, document, and execute test plans for accuracy of business processes, testing, setup, enhancements, customizations etc.
• Serve as a security and risk project management process authority, providing project status to HSC IT management and business areas.
• Independently analyzes, prioritizes and communicates project security and compliance risks to senior management. Responsible for anticipation, identification and position resolution of security risk from a project.
• Design and execute technical research projects
• Must maintain a flexible work schedule as some evening and weekend work may be required.
• Function as a lead point of contact on all security related issues and act as liaison between HSC Information Technology Services Help desk, WVUH Help Desk, and all other communication areas of the enterprise.
• Technical expertise in Cloud Computing technologies (design and/or implementation)
• Serve as a subject-matter expert around AWS security controls
• Understanding architectural implications of meeting industry standards such as HIPAA, and NIST/DoD frameworks.
• Utilize SAST/DAST and other products to identify security vulnerabilities

Must be on call to respond to network emergencies/helpdesk support 24 hours a day, seven days a week.

Must maintain a flexible work schedule as some evening and weekend work may be required.

• Bachelor's degree in Information Technology / Cyber Security, Computer Science, Computer Engineering, Information Systems, or related field and/or equivalent experience.
• Five (5) years related work experience and leads other Professional Technologists.
• Working knowledge of Microsoft Active Directory, Mac OSX, and Linux Operating Systems.
• General knowledge network protocols, including TCP/IP.
• Broad knowledge of computer security issues, requirements and trends, including awareness of data regulations and standards including but not limited to HIPAA, FERPA, GDPR, NIST 800-171, FISMA
• Technical expertise in Cloud Computing technologies
• Demonstrated ability to prepare technical documentation and justify approach used, resolve complex issues, explain and/or train staff on technical features of a system or process, and the ability to express technical information to non-technical users as well as gather information from them relating to system development to meet their business rules.
• Proven experience with security vulnerability management, anti-virus, and data loss prevention tools.
• Experience in delivering and supporting network systems with stringent security requirements meeting NIST and HIPAA security guidelines supporting HSC's clinical research environment.
• Proven ability to build collaboration and establish rapport with faculty, staff, students, and administrators.
• Proven ability to initiate best practice related to compliance.
• Strong working knowledge of information technology security and compliance.
• Intelligent, articulate, and persuasive leader who communicates information security-related concepts to a diverse range of technical and non-technical staff
• Experience with risk assessment and management; education, awareness building, and communications; policy, standard and procedure development and implementation
• Ability to manage projects
• Knowledge of design, installation, and implementation of complex networks in an educational or healthcare environment and awareness of information security laws such as HIPAA, and accepted industry practice.
• Demonstrated ability to supervise and train high level technology staff

• CISSP, CISM, CISA, CEH, or other applicable certifications preferred.

Why WVU Research Corporation?

WVURC was created as a not-for-profit corporation in 1985 to support research (R1) at West Virginia University. We provide evaluation, development, patenting, management, and marketing services for inventions of the faculty, staff and students of the University.

WVURC receives and administers funds awarded by external agencies for research and other activities and is responsible for helping protect intellectual property through patents, copyrights and licensing agreements for startup companies based on University research.

West Virginia University Research Corporation is proud to be an Equal Opportunity employer. We value diversity among its employees and invites applications from all qualified applicants regardless of race, ethnicity, color, religion, gender identity, sexual orientation, age, nationality, genetics, disability, or Veteran status.