The Human Genome Sequencing Center (HGSC) at Baylor College of Medicine is seeking an experienced Sr. Infrastructure Security Associate. This position will focus upon the design and management of IT Security for the HGSC by ensuring network and systems design and management comply to established standards. The individual will work closely with other HGSC groups to ensure the security model and implementation is successful.
The field of genomics is now in a new phase of exploring individual DNA sequence variation and its association with human diseases. In direct response to this new era, the HGSC operates the HGSC Clinical Lab (HGSC-CL), which has a complete infrastructure to support large-scale sequencing and genomics projects. This CAP accredited/CLIA certified group delivers clinical test grade data for to collaborating physicians. The computational environment is currently hybrid, with some components local while others are cloud-based. As current work involves the generation and management of sensitive personal information including genomic data and clinical records, there is a strong requirement for appropriate IT Security. This position will spearhead IT and Security Compliance and mitigate risk for Baylor College of Medicine infrastructure and systems.
This position is eligible to work a hybrid work schedule within the Greater Houston, TX area.
- Direct and deliver Center Security Compliance activities, including both business-as-usual processes and improvement initiatives as planned on an annual basis.
- Develop, implement, maintain, and oversee processes aimed at ensuring compliance with Baylor and HGSC security policies and procedures.
- Collaborate with the IT department to align the organization's IT infrastructure and systems roadmap with the security and compliance program and overall business strategy.
- Ensure that the design, implementation, and maintenance of IT infrastructure and systems (hardware, software, networks, servers, storage, and security) are in strict accordance with IT security standards.
- Work with the IT department to establish robust disaster recovery and business continuity plans for critical IT infrastructure and systems components in compliance with IT security requirements.
- Direct and provide support to regularly scheduled audits on HGSC internal IT systems and supporting third-party or customer audits as required to maintain certifications, attestations, and other Information Security compliance-related status attributes for HGSC.
- Conduct internal audits against conformity with NIH and Baylor standards.
- Ensure provision of Information Security support for annual compliance audits, attestations, and certification programs as applicable to HGSC IT infrastructure and systems.
- Provide regular status updates to senior management and other stakeholders on the performance and status of the IT infrastructure and systems.
- Manage audits on behalf of HGSC, act as the point of contact for all IT Security Compliance audit certification-related inquiries.
- Direct the Corrective and Preventive Actions (CAPA) coordination process to ensure both regulatory issues and compliance-related information security issues identified are resolved and closed in a timely manner delivering a sustainable solution.
- Engage with and direct activities of third-party specialist service providers where necessary to support Information Security Compliance-related activities.
- Report regularly to the Department Chair on the status of all Compliance-related activities including compliance processes metrics, issues, and remediation actions.
- Communicate with outside entities who require evidence of adequate IT Security protocols.
- Bachelor's degree. Four years of relevant experience may substitute for degree requirement.
- Four years of relevant experience.
- Six years of relevant experience.
- Professional certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or Certified Ethical Hacker (CEH)
- Proven experience in IT security management, including risk assessment, incident response, and security infrastructure management.
- In-depth knowledge of security frameworks, standards, and best practices (e.g., ISO 27001/27002, NIST Cybersecurity Framework).
- Strong understanding of network security, firewalls, intrusion detection/prevention systems, data encryption, and access control mechanisms.
- Familiarity with regulatory requirements, data privacy laws, and industry-specific compliance frameworks (e.g., HIPAA).
- Experience with security incident management and incident response planning.
- Excellent leadership and team management skills, with the ability to communicate effectively with technical and non-technical stakeholders.
- Strong analytical and problem-solving skills, with the ability to assess risks and develop appropriate mitigation strategies.
- Up-to-date knowledge of emerging security threats, technologies, and industry trends.
Baylor College of Medicine requires employees to be fully vaccinated -subject to approved exemptions-against vaccine-preventable diseases including, but not limited to, COVID-19 and influenza.
Baylor College of Medicine is an Equal Opportunity/Affirmative Action/Equal Access Employer.