Information Security Policy, Compliance and Risk Analyst - Mansfield, United States - InsideHigherEd

Description

Search #: 498449
Work type: Full-time
Location: Storrs Campus
Categories: Information Technology

JOB SUMMARY

Under the direction of the Chief Information Security Officer, the Information Security Policy, Compliance and Risk Analyst (Information Security Analyst 2 or 3) is responsible for the development and operation of UConn's Information Security Governance, Risk, and Compliance Program. The analyst develops policy recommendations, standards, risk assessments, and technical solutions. This role will assess, develop, and maintain a set of defined control standards designed to improve UConn's information security posture through periodic assessments against the established standards and industry best practices.

The Information Security Policy, Compliance, and Risk Analyst is responsible for investigating a diverse range of policy, compliance, and technical issues across multiple platforms, working with a wide range of clients whose technical skills range from minimal to in-depth. The analyst works among a team of skilled information security and information technology professionals to assess and address problems within a complex network and cloud environment.

The Information Security Policy, Compliance, and Risk Analyst may specialize in a number of areas related to the continuous improvement of policy, compliance, monitoring, detection, and mitigation capabilities as part of the Information Security Office's mission. These include but are not limited to Policy, Compliance, Vulnerability Management, Application Security, Firewalls, VPN, and IDS/IPS, Security Architecture, and other related Information Security disciplines. The Analyst plans, organizes, and establishes priorities related to an assignment; works independently with minimal outside support; and handles sensitive information in a confidential manner.

DUTIES AND RESPONSIBILITIES

JOB RESPONSIBILITIES FOR INFORMATION SECURITY ANALYST 2

• Build, deliver, and manage an effective risk management program based on commonly accepted risk management strategies and frameworks and participate in the development and maintenance of relevant IT policy.
• Lead compliance initiatives such as: establishing security standards; performing periodic benchmarking assessments against chosen security standards and industry best practices; testing of controls; and engaging in incident response activities as required.
• Coordinate and participate in risk assessment activities and analyze the output of such activities.
• Produce and communicate recommendations to remediate risk in line with business objectives, and perform security assessments against systems and applications.
• Act as a liaison with third parties who are performing security or risk assessments and drive remediation of issues identified by the assessments.
• Research, evaluate, and recommend information security related hardware and software and produce, maintain, and update documentation.
• Manage key security processes to ensure the University's compliance with industry regulations (e.g. NIST , CMMC 2.0, DFARS xx, HIPAA, PCI-DSS) and maintain awareness of external regulations for new or changed requirements.
• Serve as a key operational member and compliance official for the university's Secure Research Infrastructure program.
• Draft and maintain systems security plans. Serve as subject matter expert regarding the sufficiency of controls and conformance to documented SSP(s) to address regulatory or compliance framework requirements.
• Use security tools (Firewall/VPN, Vulnerability Management, IDS/IPS, SIEM) in identifying and investigating threats to the environment, assessing compliance, and identifying risk reduction initiatives.
• Administer security tools (Vulnerability Management, IDS/IPS, GRC, VRM) to prevent threats and reduce risk in the environment.
• Monitor Security Information and Event Management (SIEM) platform and other logging environments for security events and alerts to potential (or active) threats, intrusions, and/or compromises.
• Triage and respond to service requests from customers and internal teams.
• Participate in incident response activities in the event of cyber security incidents.
• Identify system security gaps, perform risk assessments, and recommend solutions to ensure best practices and security measures are being met for university systems.
• Promote security awareness providing direction, advice, and insight in all areas of information security to faculty, staff, researchers, and students of the University community.
• Maintains awareness of potential and developing threats across applicable industries and disciplines.
• Other duties as assigned.

ADDITIONAL JOB RESPONSIBILITIES FOR INFORMATION SECURITY ANALYST 3

• Design, implement, and maintain new security solutions.
• Lead major projects/initiatives related to security.
• Integrate data for use between various applications.
• Identify enterprise level security gaps, perform risk assessments, and recommend solutions to ensure best practices and security measures are being met across and between enterprise level systems.
• Creates custom code, api/rest integrations, or other maintainable integrations to facilitate data gathering/sharing across applications and platforms.
• Ability to operate autonomously and with limited supervision.

MINIMUM QUALIFICATIONS

Note: Applicants must meet all minimum requirements of a specific level to be considered for the position.

• Must be a US Citizen and be eligible to apply for a security clearance.
• Associate's degree and four (4) years of related experience, OR Bachelor's degree and two (2) years of related experience, OR Six (6) years of related experience AND One (1) to three (3) years of experience working in an information security role or supporting an information security program.
• Demonstrable practical experience overseeing or participating in projects designed to improve institutional adherence to security policies or regulatory compliance.
• Experience administering an information security tool/platform and interpreting or leveraging the capabilities of that platform.
• Experience administering a data loss prevention system, governance, risk and compliance system, vulnerability management system, vendor risk management platform, or similar enterprise level platform.
• Knowledge of current security regulatory requirements including (but not limited to) HIPAA, CMMC 2.0, NIST , and PCI-DSS security requirements.
• Experience and competency in threat management and protection protocols.
• Excellent communication skills and attention to detail and the demonstrated ability to successfully interface with administrators, and technical and non-technical community members at all levels.
• Demonstrable understanding of common security controls (e.g. Firewalls, IPS/IDS, Network Architecture, Vulnerability Scanners, SIEM/SIM).
• Demonstrable ability to weigh business needs against security concerns.
• Demonstrable ability to operate under pressure and manage multiple priorities/deadlines.

ADDITIONAL MINIMUM QUALIFICATION FOR INFORMATION SECURITY ANALYST 3

• Associate's degree and six (6) years of related experience, OR Bachelor's degree and four (4) years of related experience, OR Eight (8) years of related experience AND Three (3) to five (5 )years of experience working in an information security role or supporting an information security program.
• Senior level practical and technical information security experience.
• Demonstrable experience leading compliance and certification efforts for CMMC, NIST /2, DFARS xx, HIPAA, or other complex regulatory frameworks which have resulted in successful certification or acceptance of a regulating authority or agency.

PREFERRED QUALIFICATIONS

• Relevant information security certification(s) in one or more applicable information security domains.
• Experience in higher education.
• Enterprise scale project management experience.

ADDITIONAL PREFERRED QUALIFICATIONS FOR INFORMATION SECURITY ANALYST 3

• Master's degree in information security, computer science, information management, or a related discipline.
• CISSP/CISA/CISM certification or equivalent.

APPOINTMENT TERMSThis is a full-time, permanent position. The University offers a competitive salary, and outstanding benefits, including employee and dependent tuition waivers at UConn, and a highly desirable work environment. For additional information regarding benefits visit: Other rights, terms, and conditions of employment are contained in the collective bargaining agreement between the University of Connecticut and the University of Connecticut Professional Employees Association (UCPEA).

TERMS AND CONDITIONS OF EMPLOYMENT

Employment of the successful candidate is contingent upon the successful completion of a pre-employment criminal background check.

TO APPLYPlease apply online at , Staff Positions, Search #498449 to upload a resume, cover letter, and contact information for three (3) professional references.

This job posting is scheduled to be removed at 11:55 p.m. Eastern time on June 24, 2024.

All employees are subject to adherence to the State Code of Ethics which may be found at

All members of the University of Connecticut are expected to exhibit appreciation of, and contribute to, an inclusive, respectful, and diverse environment for the University community.

The University of Connecticut aspires to create a community built on collaboration and belonging and has actively sought to create an inclusive culture within the workforce. The success of the University is dependent on the willingness of our diverse employee and student populations to share their rich perspectives and backgrounds in a respectful manner. This makes it essential for each member of our community to feel secure and welcomed and to thoroughly understand and believe that their ideas are respected by all. We strongly respect each individual employee's unique experiences and perspectives and encourage all members of the community to do the same. All applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status.

The University of Connecticut is an AA/EEO Employer.

Advertised: Jun Eastern Daylight Time
Applications close: Jun Eastern Daylight Time