COVID-19 (Coronavirus)

Due to the evolving situation with COVID-19, we are temporarily freezing our hiring process. At this time, we will only post limited and essential roles. Existing applicants who are scheduled for interviews or have received a job offer should contact their hiring manager or recruiter. For the latest updates, visit Columbia's COVID-19 Guidance. 


Search for staff jobs. You will create a profile with your first application submission. Questions? Ask HR.

Information Security Sys Spec

  • Requisition no: 508862
  • Work type: Full Time
  • Location: Medical Center
  • School/Department: CUIMC IT
  • Grade: Grade 104
  • Categories: Information Technology
  • Job Type: Officer of Administration
  • Regular/Temporary: Regular
  • Hours Per Week: 35

Position Summary

The Information Security Systems Specialist will report to the Information Security Operations Manager within the Information Security Office (ISO). The role is responsible for monitoring and evaluating data from SIEM (Security Incident and Event Management) systems in order to promptly identify, evaluate and respond to information security incidents impacting Columbia University Irving Medical Center.

The role will: contribute to security systems design, provide programming support, draft incident reports; contribute to the collection and analysis of data to provide accurate and useful security metrics, vulnerability management and threat modeling; interact with CUIMC technical resources and other key stakeholders to facilitate coordinated security operations between central and distributed IT; and assist in thought leadership activities which promote greater awareness of information security leading practices.  On-call hours are required for all operations staff.


  • Monitoring and evaluating data from sources of security event information in order to promptly identify, evaluation and respond appropriately to security events which impact the information infrastructure of Columbia University Medical Center and may be called upon to mobilize and participate in incident handling on short notice during off-shift hours. 35%
  • Contributing to the security systems design process as a programming resource 25%
  • Drafting formal incident reports, contributing to the preparation of vulnerability reporting metrics, threat intelligence, and other analysis 25%
  • Interfacing with IT resources and other key stakeholders in order to facilitate coordinated security operations 10%
  • Additional duties as assigned 5%

Minimum Qualifications

  • Bachelor’s degree or equivalent in education, training, and experience, plus three years of related experience

Preferred Qualifications

  • Relevant work experience either in applications development, IT operations, incident management, health care, research, institutes of higher learning, and/or technical writing. Additional evidence that technical skills are current is strongly favored
  • The ideal candidate will have an in-depth understanding of the HITRUST CSF based on practical working experiences and a functional knowledge of security standards such as HIPAA/HITECH, PCI-DSS, ISO 27001/2, NIST
  • Experience in information security technical vulnerability testing using Nexpose, Acunetix, NMAP, and other tools
  • Experience in network and applications security
  • Experience in securing, monitoring, and operational incident response on web applications, SMTP email services, and other critical I.T. services
  • Must be a clear technical writer capable of producing technical documentation, incident reports, and information security awareness materials
  • Ability to understand and work with healthcare professionals, educators and researchers
  • Ability to work independently with minimal supervision as well as be creative and innovative at conducting a high volume of risk analyses while reporting accurate and relevant risks to the appropriate constituents
  • Experience working in a HIPAA/HITECH/OMNIBUS-regulated environment. Functional knowledge of other relevant compliance regulations (PCI, FERPA, Data Breach Acts, FISMA) and security standards (HITRUST, PCI-DSS, ISO 27001/2, NIST). Experience working in an academic medical center or hospital environment a plus
  • The ideal candidate will understand the development of Information Security systems, the security issues of application development generally, and the security and development issues involved in integrating an environment of multiple complex systems
  • CISA/CISM, or GIAC certified penetration tester (GPEN), or Certified Ethical Hacker (CEH), or any relevant GIAC certifications, CISSP, or CISA


Equal Opportunity Employer / Disability / Veteran

Columbia University is committed to the hiring of qualified local residents.

Applications open: Eastern Daylight Time
Applications close:

Back Apply Share

Share this via:

| More
Back to Top