Analyst, Network Security (DHS)

Item 3.J–March 4, 2011
To expedite and facilitate the PDQ review process, please send the PDQ and Org Chart electronically to for discussion and for initial review before routing PDQ for approval signatures.
Questions - call UNR Faculty HR at 682-6114
INSTRUCTIONS: See for complete instructions.
Incumbent(s) Name (if applicable): Mark Sexton (to be vacant)
Position #(s): 17353
Current Title: Manager, Information Systems (Savitt)
Current Range: 3
(JCC:77621;3J;CM5518;CC104;E )
Department: Computing and Telecommunications
College/Division: Information Technology
Account #(s): 1201-119-5022
Action Proposed: (check all that apply)
( ) New position: Proposed Range:
Proposed Title:
( X ) Title Change, Proposed Title: Analyst, Network Security (DHS)
( ) Proposed Reassignment from
( ) Revised PDQ only (no change in range or title)
( ) Line of Progression (show titles below)
JCC (Current
or new HR
I certify that the statements in this description are accurate and complete to the best of my knowledge.
Employee’s Signature
I/we have reviewed the statements in this form and they accurately reflect the job assignments.
Immediate Supervisor’s Signature Jeff Springer, Mgr, Network and Computer Security Date
Approved for Salary Placement Committee review.
Pres / Vice Pres / Vice Prov Signature Steve Zink, V.P. for Information Technology Date
Action Approved by the President (Completed by Faculty HR):
Position #: 17353
EEO Code: 3J
CUPA Code: CM5518
Exempt: Yes or No Census Code: 104
Job Class Code: 67079
Range: 3
Effective Date: 3/1/2011
Approved Title:
Employee Signature
(Employee signs and sends to HR for personnel file after PDQ has been “final” stamped for approval)
Position Description – Analyst, Network Security (DHS)
Pg 4
1. Summary Statement: State the major function(s) of the position and its role in the
university. Attach an organizational chart with positions, ranges, and names for the
division which reflects the position in it as well as those supervised in the department.
(This section is used for advertisement of the position.)
The Network Security Analyst for the Division of Health Sciences (DHS) is responsible for all
day-to-day security management duties. This position works closely with the Network and
Critical Systems management groups and the Helpdesk and Desktop support groups that
currently provide the majority of Information Technology (IT) services. In addition to regular
security monitoring the Analyst is the primary person responsible for ensuring compliance with
medical security information regulations. This position works with the University of Nevada
School of Medicine (UNSOM) Privacy Officer to assist in any IT related functions. This position
reports to the Network Security Manager for the University of Nevada, Reno (UNR).
2. List the major responsibilities, including percentage of time devoted to each. Provide
enough detail to enable a person outside the department to understand the job
(percentage first with heading and then bulleted information from greatest to least
40% - Audits and log review
 Review logs from various IT related systems for compliance and best practice related
security violations
 Perform regular onsite security audits of all clinical sites both in the North and the South
 Run regular penetration tests against both network and server systems
40% - IT infrastructure management and research
 Work with the Server and Network Administrators for DHS systems to secure, audit, and
manage the server or network related systems in a regulatory compliance oriented
 Research and develop security systems for the proper management of patient data and
medical related research data
 Work with the helpdesk and desktop support staff to assist in any security issues as they
20% - Policy development and end user training
 Train users on proper IT management of patient data
 Develop new, and maintain existing, IT related policies that relate to any required
medical regulation
3. Describe the level of freedom to take action and make decisions with or without
supervision and how the results of the work performed impact the department, division
and/or the university as a whole.
Level of freedom
This position exercises a high level of freedom to act and make decisions with minimal direct
supervision and is based on a high level of technical knowledge and expertise. While the
ultimate responsibility lies with the Network Security Manager, this position will be making
regular judgment calls on what is and what is not a security violation. As with any security
Position Description – Analyst, Network Security (DHS)
Pg 4
position related to patient care, the privacy of patient data is of utmost concern and this person
will be the primary initial contact for clinical and research personnel when dealing with this data.
The position is responsible for DHS computer security, including Medical School and clinics. In
addition to regular security monitoring, the position is responsible for ensuring compliance with
medical security information regulations.
Failure to perform regular computer and network security audits may result in a loss of patient
data. There are potentially serious negative consequences for HIPAA (Health Insurance
Portability and Accountability Act) violations for the patient and for the university -- including
fines, lawsuits, and loss of funding.
4. Describe the knowledge, skills (to include cognitive requirement and verbal and
written communication), and abilities (to include task complexity, problem solving,
creativity & innovation) essential to successful performance of this job (in bullet format).
Knowledge of:
 HIPAA and related regulations
 Proper management of patient data
 Firewall access control theory and best practice
 TCP/IP Network Protocols
 Identity Management systems such as Active Directory
 Penetration tools such as Nessus or Core Impact
 Intrusion Detection Systems
 Log aggregation and analysis systems
 Computing in Medical environment
 Written and verbal communication and presentation skills
 Interpersonal skills
 Problem solving skills
Ability to:
 Make good decisions under pressure and communicate rationale
 Speak about technical issues to non-technical audience
 Represent user needs to technical experts
 Demonstrate and establish working relationships with diverse groups of clients
colleagues, and partners
5. Describe the type of personal contacts encountered in performing the duties of the
job. Explain the nature and purpose of these contacts: i.e., to provide services, to
resolve problems, to negotiate.
Department/college faculty and
Reason for Contact
To present best IT practices within context of the overall
mission and goals of DHS, UNSOM, and university; to
problem solve; share information
Position Description – Analyst, Network Security (DHS)
Colleagues in IT
To determine hardware and security needs and system
requirements, resolve problems, share information
Reason for Contact
Pg 4
6. Indicate the minimum qualifications which are necessary in filling this position should
it become vacant. Please keep in mind the duties/responsibilities of the position rather
than the qualifications of the incumbent.
Minimum educational level, including appropriate field, if any.
Bachelor’s Degree from a regionally accredited institution
Minimum type and amount of work experience, in addition to the above
required education necessary for a person entering this position.
Bachelor’s Degree and four years or a Master’s Degree and two years of
experience in computer systems administration, security analysis, or network
Preferred licenses or certifications:
Certified Information Systems Security Professional (CISSP)
Indicate any license or certificate required for this position.