Job Description

Job Summary
Are you an analytical and adaptable professional who thrives in ambiguous environments, enjoys identifying risk, and excels at solving complex problems? Do you have a talent for working with diverse stakeholders to clarify requirements and move work forward?

The Academic Applications team is seeking a Senior Business Systems Analyst to support information assurance activities for a portfolio of applications used across Michigan Medicine. This role focuses on facilitating and coordinating information assurance processes rather than providing application support, and reports to the Manager of the Academic Applications team.

Within HITS, the Academic Applications team oversees applications that support research and medical student education. In this role, you will serve as a key liaison for information assurance by coordinating assurance requests, supporting security control and risk assessments, and helping reduce risk and vulnerabilities for existing and new applications. You will work closely with data owners and stewards, Michigan Medicine Information Assurance teams, business owners, and vendors to ensure information assurance requirements are understood, documented, and addressed in a timely and consistent manner.

Who We Are
Department Overview

Health Information Technology & Services (HITS) plays a role in the success of Michigan Medicine by providing clinicians, educators, researchers, students, and staff with technology-related information, products, and support. HITS also provides institutional expertise related to IT strategy, security, infrastructure, and resource management.


Division Overview

The Academic IT (AcadIT) division in Health Information & Technology Services (HITS) serves both the education and research communities at the University of Michigan Medical School (UMMS). We engage faculty, students, and staff to provide a holistic portfolio of software and applications, infrastructure, device support, and custom projects to promote innovation and excellence. AcadIT is comprised of three areas that work in concert to provide support: 1) Application Services - focused on product management and support for vendor applications; 2) Software Delivery - focused on building custom applications when a vendor solution is not available and offering secure application environments; 3) Technical Services & Engagement - focused on providing support for high-performance computing, device management, data integration, and scientific programming and engagement and outreach with our customers.

Responsibilities*
Work with faculty, researchers, investigators, and application stakeholders to collect, clarify, and document information assurance and security-related requirements for systems.
Partner with Michigan Medicine Information Assurance (IA) teams to understand the impact and severity of reported vulnerabilities and to coordinate mitigation efforts with business owners and vendors.
Collaborate closely with IA to understand proposed remediation and mitigation strategies, support risk assessments, and assist Michigan Medicine service providers in bringing risk levels within acceptable thresholds.
Develop and maintain requirements and design documentation related to information assurance for new applications and for changes to existing applications.
Analyze existing processes, procedures, and systems to identify gaps, risks, and opportunities for improvement, and provide recommendations to enhance security posture and compliance.
Develop and maintain strong working relationships with internal and external partners by providing accurate, timely, and effective coordination and communication.
Serve as a central point of coordination for information assurance activities, ensuring issues are tracked, prioritized, escalated, and resolved in accordance with established policies and timelines.
Stay current on information security trends, regulatory requirements, and institutional policies through ongoing professional development, research, and engagement with the information assurance community.
Required Qualifications*
Senior Level

Bachelor's degree or equivalent years of experience in a related discipline.
5+ years of related experience supporting technology or business analysis.
2+ years of demonstrated knowledge or experience in a security-related area.

Intermediate Level

Bachelor's degree or equivalent years of experience in a related discipline.
4 years of related experience supporting technology or business analysis.
1+ years of demonstrated knowledge or experience in a security-related area.