Principal Information Security Analyst

The Principal Information Security Analyst provides senior-level leadership and hands-on oversight of the organizations incident response program ensuring consistent high-quality execution of the incident response process from intake and triage through investigation containment eradication recovery and closure. This role partners closely with SOC operations infrastructure and application protection teams IAM legal privacy and risk to coordinate timely response actions deliver clear incident communications and executive-ready reporting and ensure evidence and documentation meet internal standards and regulatory expectations. The Principal Analyst drives operational excellence through continuous improvement including root cause analysis after-action and lessons-learned reviews and remediation tracking while strengthening preparedness by coordinating tabletop exercises and conducting periodic process and playbook addition the role performs access reviews supports audits by compiling and validating control evidence and elevates team capability by assisting in development training for incident responders. Stays current with emerging threats attack techniques and AI/ML advancements in cybersecurity.

The Information Security Principal Analyst has a broad understanding of information security concepts and how to apply and implement them. They serve as a liaison between Information Security Information Technology business representatives and various oversight committees assisting with developing communicating and achieving Mayos Information Security goals. The Information Security Principal Analyst is considered an expert leader and mentor who is highly skilled in industry standard information security concepts with particular focus on the NIST Cybersecurity Framework or equivalent. The Information Security Principal Analyst is knowledgeable proficient and experienced in: Integrating multiple disciplines (e.g. business / systems process analysis data analysis data informatics cybersecurity concepts risk management regulatory requirements and technology) for strategic and operational planning. Using problem-solving methods planning techniques continuous improvement project management and analytical tools and methodologies to achieve Mayo goals. Leading risk analysis and information security assessments with focus on planning information gathering and remediation planning and monitoring. Serving as an expert for information security questions and inquiries. Ensuring appropriate management of cybersecurity risks in alignment with standards. Monitoring compliance to Mayos Information Security policies processes and procedures. Managing and administering Information Security processes and tools that enable the organization to operate securely effectively and efficiently. Creating coordinating conducting and/or evaluating training courses within pertinent subject domain. Creating policies processes and procedures and guiding them through the approval process. Managing a varied workload of complex projects with multiple priorities. Staying current on information security technology and healthcare trends and institutional changes. âExhibiting excellent interpersonal skills which include presentation negotiation influencing team facilitation and written communications. Effectively manages time provides mentorship and leadership to others. Communicating risk and complex cyber security topics to a diverse audience. Authoring high-level business and technical documentation. Additional qualifications may apply (see additional experience and/or qualifications): Organizational Change Management - particular focus on Procsis ADKAR model Project Management - particular focus on the Project Management Body of Knowledge (PMBOK) Business Analysis - particular focus is on the Business Analysis Body of Knowledge (BABOK).

Mayo Clinic will not sponsor or transfer visas for this position including F1 OPT STEM.

Masters degree in applicable field and 5 years experience or Bachelors degree in applicable field and 8 years experience. Pertinent fields of study and experience includes (but is not limited to) the following: information security operational analysis process change electronic systems implementation leadership systems analysis and project management with broad-based key enterprise initiatives.
Demonstrated history of continuing education in technology information security healthcare and business processes. Excellent interpersonal skills to include presentation negotiation influencing team facilitation and written communications skills are required. Experienced with committee and consensus-managed physician led organization. Exceptional time management and leadership skills are required.
Must have one of the following certifications (or equivalent) at time of hire. CISSP CISM HCISPP GSEC OSCP or equivalent.