Third Party Security Risk Analyst
Location Type: Remote Eligible
Job Number: 809127
Category: Information Technology
Job Number: 809127
Category: Information Technology
With over 75 years of excellence in Dallas-Fort Worth, Texas, UT Southwestern is committed to excellence, innovation, teamwork, and compassion. As a world-renowned medical and research center, we are looking for strategic thinkers who will help assure the security and compliance of UT Southwestern. With a career in our Information Technology department at UT Southwestern, you will be able to help with our mission to provide exceptional clinical care and create cutting-edge research programs as you grow your IT and security career. We invite you to be a part of the UT Southwestern team where you’ll discover a culture of teamwork, professionalism, and a life-changing career!
UT Southwestern is in search of a Third-Party Security Analyst. This position ensures that standards, procedures, and activities align with regulatory mandates and internal policies while actively utilizing Third-Party Risk Management tools. The analyst establishes and enforces vendor security requirements, monitors and reports on vendor compliance with security standards, and recommends actions to reduce and manage risk. Additionally, the analyst conducts regular risk and vulnerability assessments, develops and manages risk mitigation strategies, ensures compliance with cybersecurity laws and standards, participates in incident response and post-incident analysis, assesses cybersecurity governance frameworks, implements continuous monitoring processes, develops and reports on cybersecurity performance metrics, and plays a crucial role in fostering a culture of security awareness within the organization. This position requires at least one related industry certification is required (e.g., CISSP, GIAC, CEH, CISA, CISM, CRISC).
MUST LIVE IN THE DALLAS METRO OR SURROUNDING AREA – NO RELOCATION PROVIDED
Minimum Requirements
Third-Party / Vendor Risk Management:
IT Systems Risk Assessment, Management, and Cyber Framework Alignment:
Compliance Management:
Incident Response and Management:
Security Governance:
Continuous Monitoring and Improvement:
Security Awareness and Culture:
Knowledge, Skills & Abilities
Work requires troubleshooting skills for complex technical environments. Work requires proven experience in cybersecurity governance, risk, and compliance. Strong understanding of cybersecurity laws, regulations, and standards. Experience with risk assessment methodologies and tools. Knowledge of incident response procedures and best practices. Work requires familiarity with vendor risk management frameworks. Work requires excellent oral and written communication skills. Work requires the ability to collaborate with various levels of staff and management. Work requires the ability to multi-task and prioritize projects in a fast-paced environment. Work requires an understanding of compliance-driven environments and established frameworks (e.g., HIPAA, CIS, NIST RMF, etc.). Work requires technical system vulnerability, configuration assessment, and hardening guidance for multiple platforms.
Working Conditions
Work is performed primarily in an office or computer lab/system environment with occasional exposure to noise and moving mechanical and electrical parts.
To learn more about the benefits UT Southwestern offers visit https://www.utsouthwestern.edu/employees/hr-resources/
For general COVID-19 information, applicants should visit https://www.utsouthwestern.edu/covid-19/work-on-campus/
This position is security-sensitive and subject to Texas Education Code §51.215, which authorizes UT Southwestern to obtain criminal history record information. UT Southwestern Medical Center is committed to an educational and working environment that provides equal opportunity to all members of the University community. As an equal opportunity employer, UT Southwestern prohibits unlawful discrimination, including discrimination on the basis of race, color, religion, national origin, sex, sexual orientation, gender identity, gender expression, age, disability, genetic information, citizenship status, or veteran status.
At UT Southwestern, we need the best and brightest minds in information technology to meet the many demands of our thriving academic medical institution. Whether you are creating pathways for patients to more easily access their medical records or helping physicians and researchers maintain their cutting-edge equipment, the challenges and opportunities abound in our IT department.
The vast computer networks and technical infrastructure of our health system, medical school, research units, and workforce affect every patient and employee at UT Southwestern. That makes any position in the IT department vital to our mission of providing exceptional clinical care and creating a fast-paced, flexible environment for more than 18,000 employees and medical students.
Careers in Information Technology range from business analyst to database engineer, technical support to software system specialists, information resources to biomedical technicians. There has never been a better time to be an IT specialist in the world of health care, and there is no more exciting place to be than UT Southwestern to enrich your career.