Information Security Analyst Job Description Position Title by sa30230

VIEWS: 79 PAGES: 2

									                                          Information Security Analyst

                                                 Job Description

Position Title: Information Security Analyst

Reporting to the Associate Provost/Chief Information Officer, the Information Security Analyst
is responsible for information security policy development and maintenance; design of security policy
education, training, and awareness activities; monitoring compliance with university IT security policy and
applicable law; and coordinating investigation and reporting of security incidents. Working with the
Information Technology Services (ITS) Systems Support team, the incumbent will monitor, assess, and fine-
tune the UIS IT business continuity and disaster recovery program, perform network penetration tests,
application vulnerability assessment scans and risk assessment reviews.

Responsibilities:
   • Monitor and advise on information security issues related to the systems and workflow at UIS to ensure
      the internal security controls for the campus are appropriate and operating as intended.
   • Coordinate and execute IT security projects for the university.
   • Coordinate response to information security incidents.
   • Develop and publish Information Security policies, procedures, standards and guidelines based on knowledge of
       best practices and compliance requirements.
   •   Conduct campus-wide data classification assessment and security audits and manage remediation plans.
   •   Collaborate with IT management, the legal department, safety and security, and law enforcement
       agencies to manage security vulnerabilities.
   •   Create, manage and maintain user security awareness.
   •   Conduct security research in keeping abreast of latest security issues.
   •   Prepares ITS documentation, including department policies and procedures, campus notifications, Web
       content, and ITS alerts.
   •   Actively participate in the higher education security community such as Educause, REN-ISAC, Unisog,
       etc.
   •   Perform other related duties as assigned.

Requirements:
BA or BS in Computer Science, Management Information Systems, or related field. Advanced degree desirable.
Five+ years of progressive experience in computing and information security, including experience with
Internet technology and security issues. Experience in higher education preferred. Experience should include
security policy development, security education, network penetration testing, application vulnerability
assessments, risk analysis and compliance testing. CISSP, GIAC, or other security certifications desired.
Knowledge of information security standards (e.g., ISO 17799/27002, etc.), rules and regulations related to
information security and data confidentiality (e.g., FERPA, HIPAA, etc.) and desktop, server, application,
database, network security principles for risk identification and analysis. Strong analytical and problem solving
skills. Excellent communication (oral, written, presentation), interpersonal and consultative skills.
This position requires some weekend and evening assignments as well as availability during off-hours for
participation in scheduled and unscheduled activities.
                                        Information Security Analyst

                                           Position Announcement

Information Security Analyst - UIS is seeking an individual to assume responsibility for information security
policy development and maintenance; design of security policy education, training, and awareness activities;
monitoring compliance with university IT security policy and applicable law; and coordinating investigation
and reporting of security incidents. Working with the Information Technology Services (ITS) Systems Support
team, the incumbent will monitor, assess, and fine-tune the UIS IT business continuity and disaster recovery
program, perform network penetration tests, application vulnerability assessment scans and risk assessment
reviews.

Qualifications: BA or BS in Computer Science, Management Information Systems, or related field. Advanced
degree desirable. Five+ years of progressive experience in computing and information security, including
experience with Internet technology and security issues. Experience in higher education strongly preferred.
Experience should include security policy development, security education, network penetration testing,
application vulnerability assessments, risk analysis and compliance testing. CISSP, GIAC or other security
certifications desired. Knowledge of information security standards (e.g., ISO 17799/27002, etc.), rules and
regulations related to information security and data confidentiality (e.g., FERPA, HIPAA, etc.) and desktop,
server, application, database, network security principles for risk identification and analysis. This position
requires some weekend and evening assignments as well as availability during off-hours for participation in
scheduled and unscheduled activities. Salary is competitive and commensurate with experience and
qualifications.
Applications: email cover letter, resume, and the names and telephone numbers of three references to: Kelly
Walraven, kwalr2@uis.edu. Review of Applications will commence on October 13, 2008, and will continue
until the position is filled. UIS is an affirmative action/equal opportunity employer with a strong
institutional commitment to recruitment and retention of a diverse and inclusive campus community.
Persons with disabilities, women, and minorities are encouraged to apply.

								
To top