We are seeking a Cyber Security Analyst  who is responsible for administration of a comprehensive information security program ensuring strategies and service align with the Johns Hopkins Bloomberg School of Public Health (BSPH) mission, goals, and objectives. This includes coordination across BSPH and with all associated stakeholders. 

Responsibility of this position include developing, documenting, implementing, and maintaining the security policies, standards, and procedures, maintaining oversight of information custodians and security liaisons in carrying out their responsibilities, and providing support in developing and implementing a program to manage all aspects of compliance with the various regulations e.g., HIPAA, HITECH, PCI. 

This position will assist with the planning, design, and implementation of technology and procedures designed to maintain the confidentiality, availability, and integrity of the information resources, computer, and networking systems.

This individual will primarily be responsible to analyze and assess the privacy, protection, and use PHI/PII information house on BSPH systems, mobile computing devices, or 3rd party environments. This individual will support projects and activities associated with the handling of records and information throughout their entire life cycle management. 

This individual will provide recommendations to information system owners to ensure information systems are maintained in a state of compliance with established Johns Hopkins privacy, electronic communications, information protection, and records management policies. This individual must have strong knowledge of information protection and data privacy laws and considerations. 

The scope of this job includes assessment and evaluation of processes, projects, and environments handling records and information. This individual will be responsible for coordination and support of risk management programs affecting people and assets throughout BSPH.

Specific Duties & Responsibilities:

Risk Management:

• Provides recommendations for security compliance to technical and project leadership based upon research and evaluation of legislation, regulations, standards, frameworks, and best practices (ex. HIPAA, HITECH, PCI, ISO, and NIST).
• Analyzes the security posture of information systems based upon standards, frameworks, best practices, and regulatory requirements.
• Provides security risk assessments, vulnerability assessments, security analysis, and recommendations to cost effectively protect information systems and data from risks to confidentiality, integrity, and availability.
• Works with senior management and staff to develop and communicate security policies and procedures that support School goals and objectives.
• Provides tactical and strategic recommendations for ongoing management of information systems platforms.

Systems Analysis & Design:

• Researches, recommends, and supports new technologies, systems and/or processes to reduce the security threats to information systems and data.

• Provides cyber security design consulting services, by independently interpreting complex requirements and providing recommendations to cost effectively protect information system assets from risks to confidentiality, integrity, and availability.

• Recommends and assists in the development of new methods to improve service processes, performance, and functionality by examining system management tools and processes. 

Technical Collaboration:

• Coordinates with clients and JHU entities including, but not limited to, OHIA, ORA, and IRB to review security and privacy requirements and controls within research plans, data use agreements, and contracts.
• Monitors the vulnerability scanning programs and provides guidance and recommendations to design and implement controls that mitigate identified risks.
• Maintains contact with outside contingency planning professional organizations and local/regional emergency response groups.
• Represents BSPH IT on institutional committees in the areas of IT security, privacy, and policy.

Project Collaboration & Lifecycle Participation:

• Develops and executes highly technical and/or complex project plans and systems based on knowledge of the business and information security needs of BSPH
• Represents BSPH IT in business projects for security evaluations, risk assessments, data use agreement review and coordinates activities with customers.

• Evaluates vendor proposals and selects the most appropriate vendor based on requirements.
• Provides direction to project team by reviewing work and adhering to institutional standards and guidelines to ensure collaboration and communication with team members and customers.
• Provides knowledgeable technical and project management (full life cycle) responsibilities in more than one information security discipline including, but not limited to, risk management, network intrusion detection and prevention, security event/incident response, security policy, vulnerability management, regulatory compliance, and encrypted and secure remote access.

Security Administration:

• Coordinates IT Security Awareness and outreach programs (i.e. new employee orientation and specific compliance training programs) and assists with the training and education of employees on business continuity, preparedness, and their role during a crisis event.
• Creates audience-appropriate documentation to serve as technical and/or end-user reference.

• Assists in the development and regular review of risk management and security artifacts for BSPH facilities and infrastructure.  These include, but are not limited to, policies, standard operating procedures, business impact analysis, systems design documentation, risk management plans, disaster recovery plans, and after-action reports.
• Implements processes and supports systems  that reduce the security threats to the School's network and IT infrastructure. 
• Recommends and assists in the development of new methods to improve service processes, performance, and functionality by examining governance, risk management, and change (GRC) control process.

• Develops and maintains metrics and assessments regarding the effectiveness of security controls for information systems and provide reports and recommendations to senior management.
• Maintains documentation library including all internal and external risk assessments, audits, Security and Privacy plans and mitigation response plans (i.e. SSP, PIA, POAM).

• Evaluates and forecasts the need for IT Security to sustain security program effectiveness.

• Communicates critical incident information efficiently with attention to confidentiality concerns

Minimum Qualifications (Mandatory):

• Bachelor's Degree in an IT or related field
• Four years of progressively responsible experience in at least two or more of the following disciplines: enterprise networking (wired and wireless), computer system management and administration, enterprise information or network security, continuity management, network forensics, or technical risk assessment. 
• Two to three years of experience in a hands-on technical leadership role. 
• Two years of projection management and project team participation skills.
• Additional experience may substitute for education.*

* JHU Equivalency Formula: 30 undergraduate degree credits or 18 graduate degree credits = 1 year of experience. For jobs where equivalency is permitted, up to two years of non-related college coursework may be applied towards the total minimum education/experience required for the respective job.

** Applicants who do not meet the posted requirements but are completing their final academic semester/quarter will be considered eligible for employment and may be asked to provide additional information confirming their academic completion date. 

Preferred Qualifications:

• Advanced Degree in IT or related field
• Professional security training and/or certification (e.g. CIAC, CISA, or CISSP)

Special Knowledge, Skills & Abilities:

• Must possess in depth knowledge of information security and compliance practices and its various supporting technologies and platforms.
• Most possess ability to research risks and risk-related problems to the finest detail to identify related issues and solutions.
• Must demonstrate strong critical thinking and analytical reasoning skills.
• Ability to work on multiple priorities effectively and prioritize conflicting demands.
• Ability to independently execute assigned project tasks within established schedule.
• Ability to work collaboratively in a team environment.
• Ability to communicate effectively with a wide range of stakeholders throughout the Institution.
• Writes and communicates clearly and concisely and possesses sound documentation skills.
• Ability to maintain confidentiality.
• Work requires a strong understanding and extensive work experience with at least two of ten (ISC)2 information security domains:
  • Access control
  • Application development security
  • Business continuity and disaster recovery planning
  • Cryptography
  • Information security governance and risk management
  • Legal, regulations, compliance, and investigations
  • Operations security
  • Physical (environmental) security
  • Security architecture and design
  • Telecommunications and network security
• Working knowledge of various compliance legislation and industry standards (e.g. FERPA , GDPR, HIPAA/HITECH, NIST, and PCI).
• Knowledge and experience with information security technologies, methodologies, and practices including, but not limited to, risk assessment and management, intrusion detection and prevention, vulnerability assessment and management, system administration (Windows, OS X, Linux, Unix, etc.), security policy, standards, and best practices, security incident response, auditing and security administration of network security systems and operating systems, access control, encryption, firewalls, secure proxies, networking, database and application security, security event log analysis, virus prevention and remediation, and custom programming/scripting.
• Strong understanding of TCP/IP, the OSI model, and appropriate standards and practices associated with a secure technical framework.

Classified Title: Cyber Security Analyst
Role/Level/Range: ATP/04/PF 
Starting Salary Range: $81,471.60 - $111,988.80 (Commensurate with experience) 
Employee group: Full Time 
Schedule: M-F 8:30 - Pm 
Exempt Status: Exempt 
Location: Telecommute 
Department name: BSPH IT Operations 
Personnel area: School of Public Health

The successful candidate(s) for this position will be subject to a pre-employment background check.

If you are interested in applying for employment with The Johns Hopkins University and require special assistance or accommodation during any part of the pre-employment process, please contact the HR Business Services Office at jhurecruitment@jhu.edu. For TTY users, call via Maryland Relay or dial 711.

Johns Hopkins has mandated COVID-19 and influenza vaccines, as applicable. Exceptions to the COVID and flu vaccine requirements may be provided to individuals for religious beliefs or medical reasons. Requests for an exception must be submitted to the JHU vaccination registry. For additional information, applicants for SOM positions should visit https://www.hopkinsmedicine.org/coronavirus/covid-19-vaccine/ and all other JHU applicants should visit https://covidinfo.jhu.edu/health-safety/covid-vaccination-information/.

The following additional provisions may apply, depending on campus. Your recruiter will advise accordingly.

The pre-employment physical for positions in clinical areas, laboratories, working with research subjects, or involving community contact requires documentation of immune status against Rubella (German measles), Rubeola (Measles), Mumps, Varicella (chickenpox), Hepatitis B and documentation of having received the Tdap (Tetanus, diphtheria, pertussis) vaccination. This may include documentation of having two (2) MMR vaccines; two (2) Varicella vaccines; or antibody status to these diseases from laboratory testing. Blood tests for immunities to these diseases are ordinarily included in the pre-employment physical exam except for those employees who provide results of blood tests or immunization documentation from their own health care providers. Any vaccinations required for these diseases will be given at no cost in our Occupational Health office.

Equal Opportunity Employer
Note: Job Postings are updated daily and remain online until filled. 

EEO is the Law
Learn more:
https://www.eeoc.gov/sites/default/files/migrated_files/employers/poster_screen_reader_optimized.pdf