• Bachelor's degree in Computer Science, Engineering, Information Systems (or similar) OR 5+ years of relevant professional experience in Information Security or IT Risk Management, preferably in healthcare
• In-depth knowledge of research IT needs at an academic medical center and familiarity with vendors and purchasing processes.
• Relevant information security certifications preferred (e.g., CISSP, CISA, CISM, CRISC, or GIAC)
• Proven experience in cyber risk assessments, preferably within the healthcare or educational sector.
• Demonstrated skill in establishing and maintaining cooperative working relationships.
• A strong sense of customer service and attention to detail
• Ability to work independently, setting goals and priorities.
• Confidence to follow-up and champion critical findings, follow through and deliver timely results.
• Strong understanding of IoT/IoMT devices and their security implications.
• Excellent communication skills, both written and verbal, with the ability to effectively communicate technical concepts to diverse audiences.
• Strong interpersonal skills and the ability to collaborate and build partnerships with various stakeholders.
• Analytical mindset with the ability to think critically and assess complex cyber risks.
• Strong problem-solving skills and the ability to provide practical recommendations for risk mitigation.
• Proficient knowledge of hardware/software architecture and domains in IT operations with a focus on governance, risk and compliance.
• Ability to understand large, complex systems.
• An understanding of communications and network vulnerabilities.
• Knowledge of personal computer and mobile architectures, OS and applications.
• Understanding of legal and regulatory compliance standards and requirements against data and IT, including HIPAA, FERPA, Payment Card Industry Data Security Standard (PCIDSS), ISO27001, NIST and COBIT.
• Knowledge of products which protect systems, such as Intrusion Prevention Systems (host- and network-based), Firewalls, Security Event Management Systems, port scanning and vulnerability identification, monitoring and logging mechanisms, etc.
• Familiarity with multiple software types at the application and enterprise levels.
• Possess the verbal and written communication skills to work effectively with technical and non-technical personnel at various levels in the organization; ability to use standard English grammar and punctuation.
• Proficient in Microsoft Office product suite (MS Outlook, Word, PowerPoint, and Excel).