Senior Information Security Analyst, GRC - Arlington, United States - The University of Texas at Arlington

Description

Senior Information Security Analyst, GRC

Bookmark this Posting | Print Preview | Apply for this Job

Please see Special Instructions for more details.

Applicants must include in their online resume the following information: 1)

Employment history:
name of company, period employed (from month/year to month/year), job title, summary of job duties and 2)

Education:
school name, degree type, and major.

Posting Details

Position Information

Posting Number S05361P

Position Title Senior Information Security Analyst, GRC

Department Information & Security Office

Location Arlington

Job Family Business Technology

Position Status Full-time

Work Hours Standard

Work Schedule

Monday-Friday; 8:00am-5:00pm.

Open to External and Internal

Salary Salary is commensurate based on qualifications and relevant experience.

Duration Funding expected to continue

Pay Basis Monthly

Benefits Eligible Yes

Benefits at UTA

We are proud to offer a comprehensive benefits package to all our employees at the University.

To help you understand the full value of these benefits, we have created a tool that calculates the total worth of your compensation package.

This tool takes into account all of the benefits that you are eligible for, including health insurance, retirement plans, and paid time off.

To access this tool and learn more about the total value of your benefits, please click on the following link:

University Information

The University of Texas at Arlington is located in the heart of the Dallas-Fort Worth-Arlington metroplex, a vibrant and diverse metropolitan area that is home to over 7 million people, one of the fastest-growing tech economies in the United States, and a wide array of arts, entertainment, and cultural activities.

UTA is a comprehensive teaching, research, and public service institution dedicated to the advancement of knowledge through scholarship and creative work.

The University is committed to providing access and ensuring student success, and to a culture of innovation, entrepreneurship, and commercialization of discoveries by our community of scholars.

With an enrollment of more than 40,000 students, UTA is the second largest in the University of Texas System.

As a result of its combination of rigorous academics and innovative research, UTA is designated as a Carnegie R-1 "Very High Research Activity" institution.

UTA ranks No.

4 nationally in Military Times' annual "Best for Vets:
Colleges" list and is among the top 30 performers nationwide for promoting social mobility of its graduates (U.S. News & World Report, UTA is designated by the U.S.

Department of Education as both a Hispanic-Serving Institution (HSI) and an Asian American and Native American Pacific Islander-Serving Institution (AANAPISI), and it has one of the top 5 most ethnically diverse undergraduate student bodies in the United States (U.S.

News & World Report, Its approximately 270,000 alumni, including some who occupy leadership positions at many of the 24 Fortune 500 companies headquartered in North Texas, contribute to UTA's $22.2 billion annual economic impact on Texas.

Furthermore, UTA is poised to experience widespread growth in the near future.

The university recently launched the first phase of its RISE 100 initiative aimed at recruiting 100 new tenure-system faculty to amplify research standing and position UTA as a leader in key scholarly areas; more details are available at .

The successful candidate for this position will have the opportunity to join UTA during an exciting period of growth and contribute as the university broadens its impact.

Job Summary

Responsible for leading in the design, implementation and management of the governance risk and compliance program for the Information Security Office.

Plan and develop information security risk assessments and assist Information Resource owners in completing required risk assessments. Manage the information security risk register, assist stakeholders in managing risk and document risk decisions.

Lead in the development, monitoring, and enforcement of security policy and standards and collaborate with business leaders to ensure information security compliance.

Lead the information security administrator work group and participate with the Information Security and Architecture Advisory Committee. Assist with the execution of the incident response plan.

Essential Duties and Responsibilities

Governance, Risk and Compliance (GRC) – Lead in the management of the information security GRC program, including the development and implementation of risk assessments, risk mitigation tracking and reporting of residual risk.

Manage risk assessments on new software, software renewals and 3rd party software.

Lead in developing and implementing policies and standards that ensure compliance with applicable state and federal requirements.

Manage the policy exception and risk acceptance process.

Provide risk consulting and/or training to stakeholders on remediation of risks and assist business owners with information security risk assessments and risk response.

Lead the information security administrator work group and assist with the Information Security Advisory & Architecture Committee.

Assist with metrics for the Information Security Program.

Assist with reports due to the state and UT System.


Projects and Research Support:
Lead with the development of requirements for, and take part in, information security and institutional technology projects.

Provide security consulting and support to institutional departments on security related issues and inquiries.

Lead support for research in the development and review of data management plans and technology control plans.

Assist research with security compliance requirements.


Security Controls & Testing:
Manage security controls requirements for UTA in accordance with applicable laws.

Perform security control gap assessments and audits of security controls as needed.

Perform periodic testing of institutional information resources and supporting security infrastructure to ensure security controls are in place and effective.

Incident Response:
Manage the Incident Response Plan and oversee annual updates.

Participate as a member of the incident response team.

Assist with security incidents and investigations as needed.

Assist in planning cybersecurity incident tabletop exercises.


Security Awareness:
Support the development and implementation of security awareness training programs.

Performs other duties as assigned.

Minimum Qualifications

Bachelor's degree with demonstrated information security knowledge and experience or equivalent relevant experience.

Four (4) years of progressively responsible and demonstrated information security work experience, including experience in designing, implementing, auditing and/or managing information security or risk management programs including qualitative and quantitative risk assessments.

Must have CISSP or CRISC certification or ability to obtain the certification within 1 year from hire.

Demonstrated experience with developing and maintaining information security policies.

Extensive knowledge of and experience in information security risk management.

History of communication with and presenting to stakeholders regarding risks and remediation.

In depth knowledge and practical experience with implementing or auditing risk frameworks, e.g. NIST 800 series, ISO 20001, CIS Top 20, and CMMC.

Preferred Qualifications

Master's degree.

Certifications related to the duties and responsibilities specified, including but not limited to:

CISM, and/or CISA.

Experience in the protection of research data and intellectual property, implementing NIST 171 controls and/or familiarity with CMMC a plus.

Technical knowledge of operating systems, defense-in-depth concepts, networks, security related technologies, security configurations, and application security best practices.

Knowledge of common GRC tools such as Logic Manager, RSA Archer, ISORA, or ServiceNow Governance Risk and Compliance.

Knowledge and implementation of CIS benchmarks.

Experience in the implementation of GRC strategies.

Solid knowledge regarding risk management practices and GRC concepts and automation tools.

Knowledgeable of current advances in all areas of information technology concerning vulnerabilities, security breaches or malicious attacks.

Experience in higher education and/or Experience in Texas State government.

Knowledge, Skills and Abilities

Must have excellent interpersonal, verbal and written communication skills.

Successful experience working, collaborating and establishing credibility and relationships with senior leadership, colleagues and customers.

Ability to translate technical language to common language for non-technical users.

Attention to detail and documentation skills will be required for this position.

Comfortable using Microsoft Office Suite (Word, Excel, Outlook, PowerPoint, Visio, etc.).

Advanced Microsoft Office Suite, Teams, and SharePoint skills.

Other Requirements

Working Conditions

Position is expected to perform their assigned duties in a manner consistent with professional standards, with full awareness of responsibilities toward managing personal and institutional data, with priority regard to delivering excellent customer service.

Special Conditions for Eligibility

CBC Requirement

It is the policy of The University of Texas at Arlington to conduct a criminal background check on any applicant who is under final consideration for employment with the University.

EEO Statement

It is the policy of The University of Texas at Arlington (UTA or The University) to provide an educational and working environment that provides equal opportunity to all members of the University community.

In accordance with federal and state law, the University prohibits unlawful discrimination, including harassment, on the basis of race, color, national origin, religion, age, sex, sexual orientation, pregnancy, disability, genetic information, and/or veteran status.

The University also prohibits discrimination on the basis of gender identity, and gender expression.

Retaliation against persons who oppose a discriminatory practice, file a charge of discrimination, or testify for, assist in, or participate in an investigative proceeding relating to discrimination is prohibited.

Constitutionally-protected expression will not be considered discrimination or harassment under this policy. It is the responsibility of all departments, employees, and students to ensure the University's compliance with this policy.

ADA Accommodations

The University of Texas at Arlington is committed to providing reasonable accommodation to individuals with disabilities.

If you require reasonable accommodation in completing this application, interviewing or otherwise participating in the employee selection process, please direct your inquiries to or email .

Posting Detail Information

Number of Vacancies 2

Open Until Filled

Minimum Number of References Required 3

Maximum Number of References Accepted 3

Special Instructions to Applicants

Applicants must include in their online resume the following information: 1)

Employment history:
name of company, period employed (from month/year to month/year), job title, summary of job duties and 2)

Education:
school name, degree type, and major.

Requirement Questions

Required fields are indicated with an asterisk (*).

*What is the highest level of education attained?


GED
High School Diploma

Associate's Degree

Bachelor's Degree

Master's Degree

PhD or equivalent

*How many years of professional experience do you have in the related field?

None/less than 2 years

2 to 3 years

4 to 5 years

6 years or more

*What certifications, if any, have you obtained?(Open Ended Question)

Documents Needed To Apply

Required Documents

Resume or CV

Cover/Interest Letter

Optional Documents