Texas Woman’s University Looking for Senior Information Security Analyst (Résumé and Cover Letter Required) – IRC50733 Full Time

EDUCATION

Bachelor’s degree required. Additional job-related experience may substitute for the required education on a year-for-year basis.

EXPERIENCE

Five years of relevant experience information and/or cyber security. CompTIA Security+ certification and/or other security or project management certifications, desirable. Additional job-related education may substitute for the required experience on a year-for-year basis.

REQUIREMENT

Regular and reliable attendance at the University during regular scheduled days and work hours is an essential function of this position. 

Work is performed under general supervision and performance is based on the effective completion of assignments and results obtained. The performance evaluation is conducted through the performance evaluation system and in accordance with the University Policies & Procedures. 

KNOWLEDGE, SKILLS, AND ABILITIES – The following are essential:

• Understanding of the theories, principles, practices, methods, and techniques used in the field of information security.
• Ability to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
• Develops and maintains project plans.
• Manages small to medium sized projects, system enhancements impacting information security.
• Ability to collect and utilize data (e.g. indicators of compromise) from a variety of cyber defense resources.
• Recognizing and categorizing types of vulnerabilities and associated attacks.
• Experience writing and reviewing information security policies and procedures.
• Experience with Information Technology auditing process and remediations.
• Strong written and oral communication skills (including ability to present ideas in user-friendly, business-friendly and technical language) and interpersonal skills with a focus on rapport-building, listening and questioning skills.
• Proven analytical and problem-solving abilities, including ability to anticipate, identify, and solve critical problems.
• Ability to build effective relationships and strong commitment to working collegially and collaboratively with constituents at all levels in a diverse and distributed environment.
• Familiarity with Texas Administrative Code (TAC 202) requirements.
• Ability to use a personal computer and other office equipment, including related university software and email. 

Additional/Desirable Skills & Abilities

• Knowledge of MITRE ATT&CK and SHIELD frameworks.
• Knowledge of an information security framework like ISO27001, NIST 800-53, or NIST 800-171.
• CompTIA Security+ certification, SSCP, CISSP, CISA
• Professional project management and/or IT certifications, such as PMP, ITIL, Six Sigma, agile.
• Experience in enterprise security document creation.
• Experience in delivering employee security awareness training.
• Experience in a higher education setting.
• Experience with implementing security controls in accordance with Texas Administrative Code (TAC 202).

PHYSICAL DEMANDS

The physical demands described in the Essential Duties and below are representative of those that must be met by an employee to successfully perform the essential duties of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential duties.

The employee may be required to travel. The employee may be required to work evenings, weekends, and holidays.

JOB SUMMARY

The Senior Information Security Analyst is responsible for analyzing and assessing the university’s information systems, policies, processes and procedures to identify gaps and weaknesses, and develop appropriate remediations to operate more securely, efficiently, and effectively. This position will work collaboratively with university stakeholders to implement new processes and procedures, and advocate for adoption of security best practices. Additionally, the Senior Information Security Analyst will act as a liaison between university stakeholders to coordinate compliance audits, policy changes, conduct university assessments and lead the security awareness and training efforts.

As a member of the IT Solutions (ITS) team, the Senior Information Security Analyst is expected to uphold the division’s mission to “empower an agile, digital university and elevate technology as a strategic institutional asset” and contribute positively to a collaborative, human-centered, innovative, accountable, transparent, and inclusive culture within ITS.

ORGANIZATIONAL RELATIONSHIPS

Reports to: Associate Director, Information Security

Supervises:No supervisory responsibilities

ESSENTIAL DUTIES –May include, but not limited to the following:

Information Security Analysis & Management (60%)

· Uses cyber defense tools for continual monitoring and analysis of system activity to identify malicious activity. Analyze identified malicious activity to determine weaknesses exploited, exploitation methods, effects on system and information.

· Examines the university’s enterprise architecture and systems to understand criticality and data flows, and identify security control improvements to reduce the risk of exposure and vulnerable attack surface.

· Creates, reviews, and maintains information security policy documentation consistent with university policies, Texas Administrative Code 202, and other state, federal, and industry-specific regulations and requirements.

· Works collaboratively with ITS and functional area subject matter experts to validate events, alerts, triage security incidents, and to identify areas for new or updated IT policies and/or awareness training.

· Coordinates with the university’s Compliance Officer on information security policy and/or policy compliance matters.

· Regularly audits the organization for compliance based on the defined administrative and operational requirements and escalates exceptions.

· Suggests overall security improvements by assessing current situations, evaluating trends, and anticipating requirements.

· Project manages the requirements gathering, design, development, implementation and delivery of security-related technologies and process improvements.

· Serves as the project lead for security remediation work identified as a result of internal or external audits, penetration testing, or other assessment.

· Provides high quality and timely IT security support, including responding to incident/problem tickets and troubleshooting errors and issues related to overall cybersecurity.

Assessment & Support (30%)

· Performs and maintains risk assessments on information security and data protection requirements for new software, systems or cloud-hosted services requests.

· Participates in assessments and audits to determine compliance with regulatory or university requirements, such as TAC 202, PCI, HIPAA, etc.

· Actively participates in the development and delivery of the information security training and awareness campaigns, as needed.

· Provides substantive content for the development of reports and briefings on policy, strategy, and audit/assessment activities.

· Keeps ITS leadership informed by preparing performance reports and communicating system status.

ADDITIONAL DUTIES

Participation & Support (10%)

• Maintains awareness of current practices and future trends in information and cyber security technology and best practices, as well as of state, federal, and industry-specific security regulations and requirements.
• Represents IT Solutions and participates in the campus community by serving on working groups, project teams, and university committees.
• Performs other duties as requested.