Position Summary:

Responsible for designing, implementing, and monitoring the IT security program with a focus on identifying server/web vulnerabilities, security awareness, Identity and Access Management (IAM), and implementation of information security solutions in support of the Information Security program and other supervisory responsibilities as assigned.

Your work location will be on the eighth floor of the University Center Tower. Some work can be done remotely, but this is a hybrid position – there will also be a need for the employee to meet with researchers throughout the university, which will involve going to their specific labs/work locations, which may be outside of the UCT building.

What we do here changes the world. UTHealth Houston is Texas’ resource for healthcare education, innovation, scientific discovery, and excellence in patient care. That’s where you come in.

Once you join us, you won't want to leave. It’s because we reward our team for the excellent service they provide. Our total rewards package includes the benefits you’d expect from a top healthcare organization (benefits, insurance, etc.), plus:  

100% paid medical premiums for our full-time employees   Generous time off (holidays, preventative leave days, both vacation and sick time – all of which equates to around 37-38 days per year)  The longer you stay, the more vacation you’ll accrue!  Longevity Pay (Monthly payments after two years of service)  Build your future with our awesome retirement/pension plan! 

We take care of our employees! As a world-renowned institution, our employees’ well-being is important to us. We offer work/life services such as... 

Free financial and legal counseling  Free mental health counseling services  Gym membership discounts and access to wellness programs  Other employee discounts include entertainment, car rentals, cell phones, etc.  Resources for child and elder care  Plus many more! 

Position Key Accountabilities:

Essential Functions

Provides technical leadership and support in selecting, configuring, and maintaining security and IAM software, utilities, and hardware. Manages projects and supervises Information Security Staff and/or resources relating to departmental projects and key initiatives as the Chief Information Security Officer requires. Maintains current understanding of IT audit techniques, information security, and IAM best practices, policies, and procedures, including Federal, State, and other applicable regulatory requirements and guidelines (HIPAA, FERPA, NIST, PCI DSS, TAC 202). Evaluates cost-effective alternatives to current information security program components. Participates in annual review of all information security policies, standards, procedures, and guidelines; recommends amendments; assures alignment with current regulatory requirements. Monitors and enforces compliance with information security policies, standards, procedures, and guidelines. Responsible for developing, implementing, and maintaining an ongoing IT security awareness and employee training program for the entire UTHSC-H. Conducts risk and security assessments, facilitates disaster recovery planning, and supports business continuity efforts for business-critical systems. Evaluates results with system owners and custodians. Provides information security consulting on a variety of technologies and processes. Performs periodic penetration tests and vulnerability scans. Review results for evidence of vulnerability or compromise; assist in or facilitate the implementation of resolution. Track the solution of findings and prepare reports. Manages enterprise configuration/vulnerability management program, web application firewalls, and security scans to identify and correct security gaps. Prepares remediation reports and provides technical mentorship and guidance for various levels of operations staff. Participates in, develops, and facilitates activities in support of Computer Security Incident Response Team (CSIRT) efforts. Coordinates initial assessments, including severity, potential impact, and resolution efforts with fellow CSIRT members. Provides guidance on integrating IAM tools and automation into new and existing applications. Works with clinical, academic, and administrative application groups to design, develop, and deploy IAM integration and automation solutions with minimum supervision. Provides support for enterprise account life-cycle management, including account provisioning, account de-provisioning, authentication, and authorization. Provides support, configuration, and maintenance for the IAM infrastructure, including, but not limited to, IDM, AM, SSO, Federated Authentication, LDAP, IAM application development, and support tools. Provide support for the Public Key Infrastructure system and process. System administration for a variety of Linux and Windows-based servers to support security and IAM tools. Monitors system log information for evidence of compromise; responds to and reports security incidents. Provides forensic analysis and support for compliance and other security-related investigations; provides summary analysis as necessary. Initiates and participates in periodic security audits and test controls, prepares reports, and makes recommendations as necessary. Performs other duties as assigned.

Certification/Skills:

Complex problem-solving skills; ability to think independently as well as work in a dynamic team group. Ability to work within tight deadlines; strong organizational skills. Excellent verbal and written communication skills. Ability to configure and administer Windows and VMware servers and desktops. Working knowledge of UNIX-based systems. Web application security; programming, Linux system administration, database administration. Network architecture design; incorporating security into SDLC. Training in information technology is required. CISSP Certified Information Systems Security Professional preferred Certified Information Systems Auditor (CISA) preferred CISM - Certified Information Security Manager preferred

Minimum Education:

Bachelor's Degree required May substitute required education with equivalent years of experience beyond the minimum experience requirement.

Minimum Experience:

2 years of experience in information technology support or information technology auditing required 1 year to two years of direct involvement with security platforms deployed as part of an enterprise-level information security program required

Physical Requirements:

Exerts up to 50 pounds of force occasionally and/or up to 20 pounds frequently, and/or up to 10 pounds constantly to move objects.

Security Sensitive:

Security Sensitive: This job class may contain positions that are security sensitive and thereby subject to the provisions of Texas Education Code § 51.215

Residency Requirement:

Employees must permanently reside and work in the State of Texas.