Cyber Security Analyst II

Posting Title

Cyber Security Analyst II

Overview

Technology Services serves the University by providing access to high quality, state-of-the-art, computing, communications and information resources through the Internet, local and wide area networks, databases and libraries, and by supporting the management information needs of the University. Design and implement security systems to protect organization's computer networks from cyber attacks, and help set and maintain security standards. Position is located on campus and is not remote.

• Protect against unauthorized access, modification, or destruction of data and information systems.- Work with business users and departments to determine their needs, implement policies or procedures, and track compliance throughout the organization.- Develop and enforce company-wide best practices for IT security.- Work with various IT teams to perform tests and uncover infrastructure vulnerabilities.- Monitor computer networks for security issues.- Fix detected vulnerabilities to maintain a high-security standard.- Investigate security breaches and other cybersecurity incidents.- Install security measures and operate software to protect systems and information infrastructure, including firewalls and data encryption programs.- Document security breaches and assess the damage they cause.- Performs yearly audits and monitors compliance.- Perform vulnerability assessment and penetration testing.- Research security enhancements and make recommendations to management.- Stay up-to-date on information technology trends and security standards.

Responsibilities

Design, implement, manage, and monitor technical, administrative, and physical controls to protect the confidentiality, integrity, and availability of the University's information assets.a. Maintain a current understanding of regulatory requirements governing the use, governance and availability of University information systems. b.

Analyze findings from security monitoring systems, and recommend and coordinate the implementation of any necessary remediation.c. Assist in the development of operating procedures and policies and the implementation of a unified approach to attaining, documenting, monitoring, and maintaining compliance with institutional policy and procedures.d. Develop and communicate business-based justifications for security initiatives.e.

Research and recommend security controls, information security tools and services and other information security initiatives.f. Assess systems, processes, and projects for compliance requirements, control objectives, and security best practices; including interacting with internal and external technical and functional staff.

Serve as a University resource for IT security operations and initiatives.a. Facilitate cross-functional teams to implement security controls and initiatives.b.

Assist system, application, and data owners/custodians with selecting and documenting controls, policies and procedures.c. Participate in campus-wide information security events and programs to ensure alignment and knowledge sharing between departments.d. Train and educate internal groups as required.

Design and implement information security projects for the Universitya. Design and develop project plans to enhance the information security capabilities; research methodologies and products, and establish technical requirements; define project scope, requirements, and deliverables, and develop a project plan to meet objectives.b. Coordinate project activities, including performing assigned tasks and coordinating with external providers or contractors, ensuring project remains on schedule and that work accomplished meets specifications.

Qualifications

A Bachelor's Degree and a minimum of five (5) years' progressive experience in IT information security, with materially demonstrable experience configuring systems for information security. Experience in higher education is preferred, but willing to consider experience in government and private sectors.

Mastery of, and skill in applying:● IT concepts, principles, methods, practice, and critical thinking.● Information security and risk management concepts, practices and standards (e.g., ISO 17799/27002, 27001, 310000/31010)● Regulations related to information security and data confidentiality (e.g., PCI-DSS, HIPAA, FISMA, GLBA, HEOA, FERPA, and DMCA)

● Identity and Access Management concepts, practices and standards● Quality management and quality assurance concepts, practices and standards (e.g., ISO 9000 and related in ISO/TC 176)● Microsoft Excel or Google Sheets, including advanced spreadsheet manipulation● Microsoft Visio, PowerPoint or other visual presentation tools

Knowledge of the following is highly desirable:● Relational data systems and concepts, including writing SQL queries; Oracle Database, Microsoft SQL Server experience is a plus● Oracle PeopleSoft, especially Campus Solutions, Human Capital Management, Financials● Project management concepts, practices and standards (e.g., PMI PMBOK)

Current security fundamentals/essentials-level certification is required (i.e., one of the following):● CompTIA Security+● GIAC Security Fundamentals (GISF)● GIAC Security Essentials (GSEC)

Current certification in one or more of the following is highly desirable:● CompTIA Advanced Security Practitioner (CASP)● Google Cyber Security● GIAC Information Security Professional (GISP)● ISACA Certified Information Systems Auditor (CISA)● ISACA Certified Information Security Manager (CISM)● (ISC)² Certified Information Systems Security Professional (CISSP)● CompTIA Network+● CompTIA Project+● GIAC Certified Project Manager (GCPM)● Project Management Institute Project Management Professional (PMP)

D. Other Knowledge, Skills and Abilities Needed:● Ability to work effectively in teams, both as a member and leader● Excellent written and verbal communication skills● Ability to communicate confidently at all levels of management● Extremely detail oriented and thorough● Strong analytical skills