Third Party Security Risk Analyst
Location: Dallas, TX
Location Type: Remote Eligible
Location Type: Remote Eligible
Job Number: 809127
Category: Information Technology
20930449
Responsibilities
Third-Party Security Risk Analyst – Information Security
Why UT Southwestern?
With over 75 years of excellence in Dallas-Fort Worth, Texas, UT Southwestern is committed to excellence, innovation, teamwork, and compassion. As a world-renowned medical and research center, we are looking for strategic thinkers who will help assure the security and compliance of UT Southwestern. With a career in our Information Technology department at UT Southwestern, you will be able to help with our mission to provide exceptional clinical care and create cutting-edge research programs as you grow your IT and security career. We invite you to be a part of the UT Southwestern team where you’ll discover a culture of teamwork, professionalism, and a life-changing career!
Job Summary
UT Southwestern is in search of a Third-Party Security Analyst. This position ensures that standards, procedures, and activities align with regulatory mandates and internal policies while actively utilizing Third-Party Risk Management tools. The analyst establishes and enforces vendor security requirements, monitors and reports on vendor compliance with security standards, and recommends actions to reduce and manage risk. Additionally, the analyst conducts regular risk and vulnerability assessments, develops and manages risk mitigation strategies, ensures compliance with cybersecurity laws and standards, participates in incident response and post-incident analysis, assesses cybersecurity governance frameworks, implements continuous monitoring processes, develops and reports on cybersecurity performance metrics, and plays a crucial role in fostering a culture of security awareness within the organization. This position requires at least one related industry certification is required (e.g., CISSP, GIAC, CEH, CISA, CISM, CRISC).
MUST LIVE IN THE DALLAS METRO OR SURROUNDING AREA – NO RELOCATION PROVIDED
Experience and Education
Minimum Requirements
- Bachelor’s degree in information security, risk management, governance, or related field; or equivalent work experience.
- Five (5) years of experience in cybersecurity risk and compliance, Information Security managing third-party vendors, conducting risk assessments, or related security experience.
- The preferred candidate will have diverse experience managing threats by using and administering security tools, systems, vendor partnerships, and analysis processes.
- At least one related industry certification is required (e.g., CISSP, GIAC, CEH, CISA, CISM, CRISC).
Job Duties
Third-Party / Vendor Risk Management:
- The Third-Party Security Analyst ensures that functional standards, procedures, and activities align with regulatory mandates and internal policies, procedures, best practices, and standards.
- Role will include actively leveraging Third-Party Risk Management tools and vendor services as an integral part of the day-to-day program responsibilities.
- The Third-Party Security Analyst will assess, analyze, and interpret operational third-party risk documentation to facilitate third-party risk management in collaboration with vendors and business lines.
- The Third-Party Security Analyst will safeguard information by identifying security risks, leveraging continuous monitoring, assessment activities and overall managing cybersecurity risks associated with third-party vendors.
- The Third-Party Security Analyst will establish, enforce, and monitor security requirements for vendors.
- The Third-Party Security Analyst will monitor, evaluate, and report on vendor compliance with security standards and recommend actions to reduce and manage risk.
IT Systems Risk Assessment, Management, and Cyber Framework Alignment:
- Identify and assess third-party cybersecurity risks to the organization.
- Conduct regular recurring risk assessments and vulnerability assessments.
- Develop third-party risk mitigation strategies and plans.
- Monitor and manage third-party risk mitigation activities.
Compliance Management:
- Stay abreast of relevant cybersecurity laws, regulations, and standards, specifically involving third parties and risks.
- Ensure the organization\’s compliance with applicable laws and standards. Conduct regular compliance assessments and partner with internal teams.
- Develop and maintain documentation to demonstrate compliance.
Incident Response and Management:
- Act as a core member of the incident response team for third party risk scenarios and incidents.
- Coordinate response efforts during cybersecurity incidents. Conduct post-incident analysis and implement improvements and requirements for third parties.
Security Governance:
- Assess against third-party cybersecurity governance frameworks.
- Ensure appropriate levels of oversight and accountability for controls.
Continuous Monitoring and Improvement:
- Implement continuous monitoring processes for third-party cybersecurity controls.
- Regularly evaluate and update security measures based on evolving threats.
- Participate in lessons-learned sessions to improve cybersecurity posture.
- Security Metrics and Reporting: Develop and report on key cybersecurity performance metrics.
- Communicate third-party cybersecurity status and risks to internal teams.
Security Awareness and Culture:
- Foster a culture of security awareness and responsibility throughout the organization.
- Performs other duties as assigned.
Knowledge, Skills & Abilities
Work requires troubleshooting skills for complex technical environments. Work requires proven experience in cybersecurity governance, risk, and compliance. Strong understanding of cybersecurity laws, regulations, and standards. Experience with risk assessment methodologies and tools. Knowledge of incident response procedures and best practices. Work requires familiarity with vendor risk management frameworks. Work requires excellent oral and written communication skills. Work requires the ability to collaborate with various levels of staff and management. Work requires the ability to multi-task and prioritize projects in a fast-paced environment. Work requires an understanding of compliance-driven environments and established frameworks (e.g., HIPAA, CIS, NIST RMF, etc.). Work requires technical system vulnerability, configuration assessment, and hardening guidance for multiple platforms.
Working Conditions
Work is performed primarily in an office or computer lab/system environment with occasional exposure to noise and moving mechanical and electrical parts.
To learn more about the benefits UT Southwestern offers visit https://www.utsouthwestern.edu/employees/hr-resources/
For general COVID-19 information, applicants should visit https://www.utsouthwestern.edu/covid-19/work-on-campus/
This position is security-sensitive and subject to Texas Education Code §51.215, which authorizes UT Southwestern to obtain criminal history record information. UT Southwestern Medical Center is committed to an educational and working environment that provides equal opportunity to all members of the University community. As an equal opportunity employer, UT Southwestern prohibits unlawful discrimination, including discrimination on the basis of race, color, religion, national origin, sex, sexual orientation, gender identity, gender expression, age, disability, genetic information, citizenship status, or veteran status.
Benefits
Benefits
- UT Southwestern is proud to offer a competitive and comprehensive benefits package to eligible employees. Our benefits are designed to support your overall wellbeing, and include:
- PPO medical plan, available day one at no cost for full-time employee-only coverage
- 100% coverage for preventive healthcare – no copay
- Paid Time Off, available day one
- Retirement Programs through the Teacher Retirement System of Texas (TRS)
- Paid Parental Leave Benefit
- Wellness programs
- Tuition Reimbursement
- Public Service Loan Forgiveness (PSLF) Qualified Employer
- Learn more about these and other UTSW employee benefits!
I.T. at UTSW
Staying Connected with Information Technology
At UT Southwestern, we need the best and brightest minds in information technology to meet the many demands of our thriving academic medical institution. Whether you are creating pathways for patients to more easily access their medical records or helping physicians and researchers maintain their cutting-edge equipment, the challenges and opportunities abound in our IT department.
The vast computer networks and technical infrastructure of our health system, medical school, research units, and workforce affect every patient and employee at UT Southwestern. That makes any position in the IT department vital to our mission of providing exceptional clinical care and creating a fast-paced, flexible environment for more than 18,000 employees and medical students.
Careers in Information Technology range from business analyst to database engineer, technical support to software system specialists, information resources to biomedical technicians. There has never been a better time to be an IT specialist in the world of health care, and there is no more exciting place to be than UT Southwestern to enrich your career.
Let’s Get Started
Employee Testimonials
Roland Brunette
Roland Brunette
Technical Support Specialist III – Information Resources
Technical Support Specialist III – Information Resources
What is extraordinary is the amount of people, their ideas, cultures and personalities. It is a wondrous thing to get to know your co-workers. This is part of what makes working at UT Southwestern a blast.
Glenn Philp
Glenn Philp
Information Resource Manager
Information Resource Manager
UT Southwestern Medical Center is a place that has inspired, challenged, and most of all helped me grow.
Brad Weber
Brad Weber
Commercialization Success Partner
Commercialization Success Partner
I am afforded the opportunity to make a significant difference in the wellbeing of patients served at UT Southwestern and worldwide. I can’t imagine doing anything more fulfilling.
