Lead Security Analyst - IS-Security

Minimum Qualifications:

Bachelor’s degree and five (5) years of Information Security or Information Technology experience.  An equivalent combination of education and experience relevant to the role may be considered for this position.

Required:

Industry recognized cyber-security certification (CCSP, CISSP, CEH, CCIE).

Preferred Qualifications:

•  Master’s degree or equivalent.

•  8 years of Information Security or Information Technology experience.

•  Multiple industry recognized cyber-security certifications (CCSP, CISSP, CEH, CCIE).

Job Summary:

The Lead Security Analyst serves as a senior technical and operational leader within the organization's information security program, responsible for safeguarding sensitive clinical, academic, research, and administrative data across a complex healthcare, educational, and research environment. This role partners closely with the Chief Information Security Officer (CISO) to define strategic security requirements and drive the implementation of enterprise security initiatives.

Job Duties:

• Partner with the Chief Information Security Officer (CISO) to define and refine strategic information security requirements, ensuring alignment with organizational goals and regulatory obligations across healthcare and academic environments.

• Lead the development of project plans and oversee the execution of approved security initiatives, ensuring timely delivery, resource coordination, and effective risk mitigation.

• Provide advanced technical expertise to safeguard data confidentiality, system integrity, system reliability, and secure recovery capabilities, ensuring compliance with HIPAA, FERPA, and other applicable standards.

• Direct and conduct investigations into unauthorized access, data modification, disclosure, or destruction, and design preventive controls to reduce future risk.

• Oversee the evaluation, selection, deployment, and maintenance of security technologies, including software, utilities, and hardware, and guide remediation efforts for identified vulnerabilities.

• Serve as a primary authority on security architecture and design, ensuring that systems and solutions are resilient, scalable, and aligned with best practices.

• Develop and maintain technical security standards, monitoring frameworks, and incident investigation procedures to support institutional policies and regulatory requirements.

• Lead efforts to identify, analyze, and resolve security vulnerabilities, operational risks, and audit findings across applications, infrastructure, and legacy systems.

• Provide leadership, coaching, and mentorship to security team members, fostering professional growth and strengthening team capabilities.

• Lead or support investigations involving theft of information resources, misuse of systems, or violations of institutional information security or privacy policies.

• Oversee monitoring of enterprise systems for indicators of compromise, direct incident response activities, and perform trend analysis to proactively identify emerging risks.

• Collaborate effectively with cross-functional teams, serving as a senior technical resource and contributing to a culture of security across the organization.

Marginal or Periodic Functions:

• Participates as a team member.

• Adheres to internal controls and reporting structure.

• Performs related duties as required.

Knowledge/Skills/Abilities:

• Strong understanding of security operations, including SIEM monitoring, log analysis, threat detection, and incident response workflows.  

• Knowledge of network security concepts such as segmentation, firewalls, IDS/IPS, VPNs, and secure communication protocols.  

• Understanding of vulnerability management processes, scanning tools, patching cycles, and exploit behavior.  

• Familiarity with endpoint security technologies, including EDR, anti‑malware, disk encryption, and device control.  

• Familiarity with common attack vectors, threat actor tactics, and MITRE ATT&CK techniques.  

• Skilled in scripting or automation (PowerShell, Python, Bash) to streamline operational tasks. 

• Ability to conduct vulnerability assessments and coordinate remediation with system owners.  

• Skilled in documenting incidents, technical findings, and operational procedures clearly and accurately.  

• Ability to support secure system design and provide technical input during solution deployments.

Salary Range:

Actual salary commensurate with experience.