Security Analyst - Risk Management

Security Analyst - Risk Management

The University of Tennessee Knoxville, Office of Innovative Technologies is seeking applicants for the position IT Administrator/Analyst 3.

Market Range: MR13

The IT Administrator/Analyst 3 will be an information security analyst directed by the IT Security Operations manager and Chief Information Security Officer. As a Security Analyst, you will play a pivotal role in safeguarding the University's digital assets and sensitive information. Leveraging your experience, you will assist with the development and implementation of robust security measures to identify, assess, and mitigate potential risks. Your general responsibilities will include incident response, analyzing vulnerabilities, and recommending effective countermeasures to ensure the integrity, confidentiality, and availability of our systems, particularly with respect to Governance, Risk and Compliance as it relates to information security. Collaborating closely with cross-functional teams, you will also provide guidance on emerging threats and contribute to the continuous improvement of our overall cybersecurity posture while meeting the business needs of the University of Tennessee Knoxville area campus.

Duties and Responsibilities:

• Participate in IT security incident response services for all UT Knoxville departments, units, and colleges

• Contribute to the design, deployment and management of technical security solutions, including systems, networks, SaaS, PaaS, and/or databases

• Engage directly with University of Tennessee, Knoxville personnel on problem resolution, training, and policy and procedure guidance regarding IT security

• Perform Risk Assessments for Cloud and On-premises deployments

• Evaluate SaaS security solutions including risk, costs to the university, and impact to the user community

• Provide guidance for cloud solutions such as Azure, AWS, GCP, and OCI

• Provide technical evaluation on IT security solutions, frameworks, techniques, and applications

• Provide guidance in the holistic development and enhancement of the IT Security Program

Required Qualifications:

• High School diploma or GED

• Two (2) years' experience providing Information Security services for enterprise

• Knowledge of advanced security concepts and enterprise responses

• Ability to produce highly technical reports and communicate importance to stakeholders

• Knowledge of Cloud security concepts

• Ability to correlate current security trends into protection mechanisms

• Ability to work independently and keep leadership informed of progress

• Advanced organization, communication, analysis, and troubleshooting skills

• Strong communication skills with both technical and administrative staff and faculty

Preferred Qualifications:

• Bachelor's Degree in IT related field

• Three (3) to five (5) years' experience providing Information Security services for enterprise

• Experience in Higher Education serving in a technical security role

• ISC2 CISSP (Certified Information Systems Security Professional)

• SANS Certification(s) particularly Risk Management focused

• Ability to interface with senior technical and business management

• Ability to create, communicate, and maintain policy/program-level documents

• Experience or certifications related to CIS Critical Security Controls