Senior Information Security Analyst

Company: PCORI
Location: Washington
Posted on: January 26, 2023

Job Description:

Senior Information Security Analyst










Post Date

12/13/2022





Job Location

1333 New Hampshire Avenue, NW, Washington , District of Columbia






Department: Information Security
Reports to: Associate Director, Information Security


About Us
The Patient-Centered Outcomes Research Institute (PCORI) is an independent nonprofit organization authorized by Congress in 2010. Its mission is to fund research that will provide patients, their caregivers and clinicians with the evidence-based information needed to make better-informed healthcare decisions. PCORI is committed to continually seeking input from a broad range of stakeholders to guide its work.



Position Summary
The Senior Information Security Analyst will be part of the DIGITAL (Data, IT, Technology, Security and Analytics) leadership team reporting to Associate Director, Information Security and will be responsible for supporting the implementation of the enterprise information security program at PCORI.

This Senior Information Security Analyst role is critical to ensure PCORI's informational assets and associated data, technology, applications, systems, infrastructure, and processes are secured and protected. They will proactively work with all PCORI business units to implement practices, policies, infrastructure, and standards for information security and data privacy.

Duties and Responsibilities
The core duties and responsibilities of Senior Information Security Analyst are -

• 
  
• Developing the PCORI Information Security Framework:
  
  • 
    
  • Develop and enhance PCORI's Information security framework based on industry standards [e.g., ISO 2700X, ITIL, ENISA, ISA-62443, COBIT/Risk IT, CIS and NIST Cybersecurity Framework]
    
  • Create and manage a unified and flexible, risk-based control framework to integrate and normalize the wide variety and ever-changing requirements resulting from US laws, standards, and regulations
    
  • Develop and maintain a document framework of continuously up-to-date information security policies, standards, and guidelines. Oversees the approval and publication of these information security policies and practices
    
  • Create a framework for roles and responsibilities regarding information ownership, classification, accountability, and protection of information assets
    
  • Facilitate a metrics and reporting framework to measure the efficiency and effectiveness of the program, facilitates appropriate resource allocation, and increases the maturity of the information security, and reviews it with stakeholders at the executive and employee levels
    
    
    
    
    
    • 
      
    • Operationalize PCORI Information Security Framework:
      
      • 
        
      • Create a risk-based process for the assessment and mitigation of any information security risk across PCORI
        
      • Ensure all information owned, collected or controlled by or on behalf of PCORI is processed and stored in accordance with applicable laws and other regulatory requirements, such as data privacy
        
      • Partner with PCORI legal team to define and facilitate the processes for information security risk and for legal and regulatory assessments, including the reporting and oversight of treatment efforts to address negative findings
        
      • Ensure Information security is embedded in the project delivery process by providing the appropriate information security policies, practices, and guidelines
        
      • Oversees technology dependencies outside of direct organizational control. This includes reviewing contracts and the creation of alternatives for managing risk
        
      • Manage information security incidents and events to protect corporate IT assets, intellectual property, regulated data, and the company's reputation
        
      • Monitor the external threat environment for emerging threats, and advises relevant stakeholders on the appropriate courses of action
        
      • Develop and oversee effective disaster recovery policies and standards in partnership with Admin Services team to align with the enterprise business continuity management (BCM) program
        
      • Coordinate the development of implementation of incident response plans and procedures to ensure that business-critical services are recovered in the event of a security event; provides direction, support, and in-house consulting in these areas
        
      • Facilitate and support the development of asset inventories, including information assets in cloud services and in other parties in the organization's ecosystem
        
        
        
        
        
        • 
          
        • Data Governance & Data Privacy:
          
        • Supports the Data Governance initiative for PCORI. Data Governance will need orchestration of people, processes, and technology to plan, guide, implement, and monitor DATA strategies, policies, and standards at PCORI. Data Governance will ensure effective usage, consistency, security, compliance, accuracy, and control of PCORI's data.
          
          
          
          Incumbent(s) in this position may be required to perform other duties and special assignments not specifically stated above.
          
          Statements outlined in this section are designated as essential job functions in accordance with the Americans with Disabilities Act of 1990.
          
          
          
          
          
          
          
          
          
          Required Skills
          
          The Senior Information Security Analyst will lead and manage critical and complex function (within the newly formed DIGITAL team) to ensure all PCORI's information assets are secured and protected.
          
          • 
            
          • Ability to be both a strategic thought leader and have hands-on expertise in information security.
            
          • Ability to establish and operationalize the information security program at PCORI
            
          • Self-driven and empowered leader who will be accountable to establish and lead the Information Security Program.
            
            
            
            
            
            
            
            Required Experience
            
            
            • 
              
            • At least 6 to 8 years of progressive experience in implementing Information Security programs for organizations
              
            • Demonstrative experience in building information security programs and execution
              
            • Demonstrated knowledge of common information security management frameworks, such as ISO/IEC 27001, ITIL, COBIT, CIS, and NIST Cybersecurity Framework
              
            • Demonstrated knowledge of information security risk management and cybersecurity technologies
              
            • Excellent stakeholder and project management skills
              
            • Excellent analytical skills, the ability to manage multiple projects under strict timelines, as well as the ability to work well in a demanding, dynamic environment and meet overall objectives
              
            • Ability to design and implement data privacy and governance practices
              
            • Effective communication, collaboration, and negotiation skills; ability to work effectively and efficiently in a fast-paced and dynamic environment in the context of scaling and accelerating growth and adapting to change
              
            • Excellent verbal and written communication skills
              
            • Master's or bachelor's degree from an accredited Institution
              
            • Following Certifications preferred - Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC) or other similar credentials
              
              
              
              The health and safety of our employees is a top priority.As part of that commitment, PCORI requires all employees, regardless of remote work status, to be vaccinated against COVID-19. As a prospective and/or new employee at PCORI, you will be required to comply with PCORI's vaccination policy, report your vaccination status, and provide proof of vaccination.Compliance with the policy does allow for exceptions, but those exceptions will only be granted in circumstances related tomedical conditions, disabilities, and sincerely held religious beliefs. Continuing with this application indicates your intent to comply with PCORI's Mandatory COVID-19 Vaccination Policy.
              
              PCORI conducts background checks on all applicants.
              
              PCORI's Commitment to Diversity, Equity, and Inclusion:
              PCORI is an equal opportunity employer committed to diversity both internal and external to the workplace. You can learn more about our commitment to diversity, equity, and inclusion . All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, veteran status, or any other basis protected by law.
              
              #LI-VL1
              
              
              
              
              
              
              
              Tracking Code
              
              1240-858
              
              

Keywords: PCORI, Washington DC , Senior Information Security Analyst, Professions , Washington, DC