University of Rochester

University of Rochester logo

Job Information

University of Rochester Affiliate info Security Lead - 229810 in Rochester, New York

Affiliate info Security Lead Job ID 229810

Location Central Administration Full/Part Time Full-Time Favorite Job Regular/Temporary Regular Opening

Full Time 40 hours Grade 055 University IT / IS


8 AM-5 PM



The Affiliate Info Security Lead, serves as the principal advisor to the information system owners at the affiliates of the University of Rochester Medical Center and the Chief Information Security Officer on all matters, technical and otherwise, involving the security of the information system they reside over. The Affiliates Info Security Lead has the detailed knowledge and expertise required to manage the security aspects of the information systems. The Affliliate Info Security Lead builds relationships with key personnel who have the authority or ability to ensure compliance with security laws, regulations, guidance and requirements. Key people will differ depending on circumstances. The Affiliate Security Lead is encouraged to coordinate with appropriate contacts as determined by their components and different situations that arise with their areas of responsibility.


This section contains a description of the 4-7 separate duties and responsibilities that make up the position. Assign each responsibility a percentage of time (increments of 5% and no one responsibility greater than 25%) to total 100%. Select an indicator (Y/N) for essential function and remote work. Job Duties should be listed in order of percentage of time, with highest percentage first. When estimating percentage of time, it can be considered that 10% of a week is 5 hours or 5 weeks in a year.

Act as HIPAA Security Official for the Affiliates of the University of Rochester Medical Center.Coordinating efforts to execute the annual HIPAA Risk Analysis process for Affiliates.Create, conduct, and report compliance audits to ensure effectiveness of Information Security Controls on a periodic basis at affiliate organizations.Lead resource owners and IT staff in understanding and responding to security audit failures reported by auditors and other reviews.Creating and maintaining documentation related to remediation efforts for control failures and audit findings.

Work with various stakeholders to identify information asset owners to classify data and systems as part of a control framework implementation.Serve as an active and consistent participant in the information security governance process for affiliates.Provide support and guidance for legal and regulatory compliance efforts, including audit support.

Work with the Information Security Office to adapt the security program and security projects that address identified risks and business security requirements for affiliates.Participate in the process of gathering, analyzing and assessing the current and future threat landscape, as well as providing the Information Security Office with a realistic overview of risks and threats in the affiliate environment.Propose changes to existing policies and procedures to ensure operating efficiency and regulatory compliance.

Enforce a strong security culture set forth by the CISO, ensuring uniformity across the enterprise leadership, business units, employees and studentsFoster strong relationships with internal business units and external entities to maintain a strong network.Advise on enterprise-wide people, process and technology security recommendations. Provide security communication, awareness and training for audiences, which may range from senior leaders to field staff.Work as a liaison on behalf of affiliates with vendors and the legal and purchasing departments to establish mutually acceptable contracts and service-level agreements. Other duties as assigned.


  • A bachelor's degree in information systems or equivalent work experience;

  • and 4-5 years of related experience,

  • Or an equivalent combination of education and experience.

Required Technical Skills:

  • Expert knowledge of Microsoft Office Suite

  • Experienced in using ITSM Tool or ticketing system

  • Experienced in application configuration

  • Experience in IT and Information Security Risk

  • Experience in Risk Management Methodology and Frameworks

Required Business Skills:

  • Self-starter requiring minimal supervision

  • Superb analytical and research skills with the ability to comprehend complex data sets; demonstrate critical-thinking and problem-solving skills

  • Excellent interpersonal, written, and oral communication skills with strong attention to detail

  • Ability to execute multiple tasks in a fast-paced environment; perform under pressure and demonstrate adaptability and flexibility

  • Demonstrated ability to conduct independent research and reporting

  • Knowledge of computer networking concepts and protocols, and network security methodologies and relationship to laws, regulations, policies, and ethics surrounding cybersecurity and privacy.

  • Knowledge of the organization's core business/mission processes.



    How To Apply

All applicants must apply online.

EOE Minorities/Females/Protected Veterans/Disabled