View All Jobs/Careers

Mobile emory-healthcare Logo

Job Information

Emory Healthcare/Emory University Senior Information Security Specialist, Enterprise Policy and Awareness in Atlanta, Georgia

Discover Your Career at Emory University

Emory University is a leading research university that fosters excellence and attracts world-class talent to innovate today and prepare leaders for the future. We welcome candidates who can contribute to the diversity and excellence of our academic community.


We are seeking an Enterprise level Sr. Information Security Specialist of Policy and Security Awareness to serve as the subject matter expert on reviewing and writing cyber security policies, awareness, and compliance.

Experience creating and delivering security awareness campaigns and with IT Compliance and Risk Management methodologies is highly desirable, including Cyber Security Framework, NIST Standards, HIPAA, HITECH, PCI, FISMA,GLBA, or GDPR.


  • Responsible for drafting and reviewing information security policies, processes, and procedures; determines and documents information security requirements and controls necessary for the protection of information containing ePHI and PII.

  • Identifies opportunities to create additional policies as needed to bring the organization into the alignment with the Cyber Security Framework.

  • Manages the policy lifecycle to ensure all policies are reviewed with the appropriate stakeholders and renewed on time.

  • Prepares information security awareness and education materials and delivers it to the end users via in person (Zoom) events or via self-education courses.

  • Determines and documents information security requirements and controls necessary for the protection of information resources.

  • Provides guidance and assistance regarding information security matters such as the interpretation of information security policies and requirements or their applicability to particular situations.

  • Creates phishing and security awareness completion and compliance reports.

  • Identifies opportunities to improve security awareness program.

  • Stays informed about the latest security threats and vulnerabilities.

  • Supports, maintains, monitors, troubleshoots and enhances security infrastructure tools, methodologies, software, and hardware.

  • Independently develops tools and methodologies in support of Information Security functions.

  • Manages information security initiatives.

May assume or support additional responsibilities as related to the primary functions above:

  • Technical and thought-leadership responsibilities for multiple information security disciplines such as incident response, vulnerability management, intrusion detection and prevention, threat hunting, security operations, security policy, and awareness/education.

  • Oversees information security incident response activities, risk assessment and risk management activities, and vulnerability assessment and vulnerability management activities spanning University and Healthcare business units.

  • Manages detailed network, operating system, database, and application vulnerability assessments and security configuration audits.

  • Oversees operational tasks supporting information security functions such as intrusion detection and prevention, security event log analysis, management reporting, malware prevention and remediation, encryption, network segmentation, remote access, cloud security, and authentication.

  • Analyzes data from Information Security functions and provides reports and recommended response actions to Information Security management.

  • Represents Information Security to other organizations on information security related matters, as assigned.

  • Publishes regular status reports and submits to management.

  • Performs related responsibilities as required.


  • A bachelor's degree and five years of related IT experience including demonstrated technical expertise in multiple information security domains, OR an equivalent combination of education, training and experience.

  • Excellent team participation skills, as well as good written and verbal communication skills.

  • Strongly preferred qualifications include knowledge of information security technologies, methodologies, and best practices in the domains of: security incident response, vulnerability assessment and management, intrusion detection and prevention, system administration (Windows, OS X, Linux, etc.), security administration of networks, operating systems, databases and applications, access control, encryption, firewalls and proxies, networking, security event log analysis, malware prevention and remediation, cloud technologies, programming/scripting, and risk assessment and management.

  • Security certifications are a plus (e.g. SANS/GIAC, CISSP, CISA, CISM).


  • Expert level knowledge of writing Enterprise level Information Security policies.

  • Experience with IT Compliance and Risk management methodologies - Cyber Security Framework, NIST Standards, HIPAA, HITECH, PCI, FISMA, GLBA, GDPR.

  • Experience delivering security awareness campaigns.

  • Experience creating the security awareness training content.

  • Experience conducting end user training presenting in person (Zoom).

  • Excellent organization, attention to detail, and documentation skills.

  • Excellent written communication skills are critical to the success of this position.

  • Experience establishing interdepartmental relationships.

Security certifications that may or may not be relevant for this position, but not required, include:

  • GSEC – GIAC Security Essentials Certification

  • GSNA – GIAC Systems and Network Auditor

  • CISA – Certified Information Systems Auditor

  • CISSP – Certified Information Systems Security Professional

  • HCISSP – Healthcare Information Security and Privacy Practitioner

  • CHPSE – Certified HIPAA Privacy and Security Expert

  • CISM – Certified Information Security Manager

NOTE: This role will be granted the opportunity to work from home regularly but must be able to commute to Emory University on a flexible weekly schedule based upon business needs. Schedule is based on agreed upon guidelines of department of work. Emory reserves the right to change remote work status with notice to employee.

security awareness, cyber security, security policy, data privacy, acceptable use, mobile use, information security policy, information security policies

Emory Supports a Diverse and Inclusive Culture

To ensure the safety of our campus community, the COVID-19 vaccine is required. For more information on the University and Hospital policies and potential exemptions, please see our website.

Emory University is dedicated to providing equal opportunities and equal access to all individuals regardless of race, color, religion, ethnic or national origin, gender, genetic information, age, disability, sexual orientation, gender identity, gender expression, and veteran's status. Emory University does not discriminate in admissions, educational programs, or employment on the basis of any factor stated above or prohibited under applicable law. Students, faculty, and staff are assured of participation in University programs and in the use of facilities without such discrimination. Emory University complies with Executive Order 11246, as amended, Section 503 of the Rehabilitation Act of 1973, the Vietnam Era Veteran's Readjustment Assistance Act, and applicable executive orders, federal and state regulations regarding nondiscrimination, equal opportunity and affirmative action. Emory University is committed to achieving a diverse workforce through application of its affirmative action, equal opportunity and nondiscrimination policy in all aspects of employment including recruitment, hiring, promotions, transfers, discipline, terminations, wage and salary administration, benefits, and training. Inquiries regarding this policy should be directed to the Emory University Department of Equity and Inclusion, 201 Dowman Drive, Administration Building, Atlanta, GA 30322.

Emory University is committed to providing reasonable accommodations to qualified individuals with disabilities upon request. To request this document in an alternate format or to request a reasonable accommodation, please contact the Department of Accessibility Services at 404-727-9877 (V) | 404-712-2049 (TDD). Please note that one week advance notice is preferred.

Connect With Us!

Connect with us for general consideration!

Job Number 67760

Job Type Regular Full-Time

Division Office Information Technology

Department OIT: Enterprise IT Security

This position may involve the following Health and Safety issues: Not Applicable

Job Category Information Technology

Location : Name Emory Campus-Clifton Corridor

Campus Location (For Posting) : Location US-GA-Atlanta