Cybersecurity Analyst, Senior

About The Position

Requirements

• Bachelor's degree and five (5) years of experience appropriate to the area of assignment/field; OR, Any equivalent combination of experience and/or training from which comparable knowledge, skills and abilities have been achieved.

Nice To Haves

• Professional Certifications: Certifications demonstrating strong skills in governance, risk, compliance, and audit are highly preferred. Relevant credentials include ISC² CISSP or CCSP, ISACA CISM, CRISC, or CISA, ISO 27001 Lead Implementer/Lead Auditor, HITRUST, or similar GRC-related certifications. Certifications like CompTIA Security+ may also be considered if combined with proven experience in risk management, compliance oversight, and security governance. These credentials show a commitment to professional development and expertise in organizational security assurance.
• Frameworks and Compliance Experience: Hands-on experience with cybersecurity frameworks and compliance programs, such as direct involvement in NIST RMF processes, CMMC readiness or audits, ISO 27001 implementation, or similar risk management and compliance efforts. Practical experience ensuring compliance with data protection regulations (HIPAA, FERPA, etc.) is a plus.
• Enterprise Environment Experience: Experience working in a large enterprise or higher-education environment is preferred. Understanding the complexities of a distributed, diverse IT environment (such as a university with research labs, academic and administrative networks, and varied user populations) will help the candidate quickly adapt to ASU’s landscape.
• Project Leadership: Proven experience leading cybersecurity projects or initiatives. This includes successfully driving security improvements from concept to completion, such as deploying new security tools, leading incident response enhancement projects, or conducting campus-wide risk assessments. Experience should involve coordinating across multiple teams or departments.
• Communication and Training: Experience in developing and delivering security training or awareness programs is advantageous. The ability to create informative presentations or workshops for end-users or technical teams, along with public speaking or security advocacy experience, will help promote ASU’s security culture.
• Demonstrated ability to model empathy, compassion, and emotional intelligence.
• Experience in a values-driven organization with a strong commitment to inclusion and belonging.
• Ability to cultivate a psychologically safe environment where all team members can thrive.
• Capacity to inspire and drive meaningful change in individual, institutional, and corporate behaviors to support a more sustainable environment.
• Commitment to leading by example through effective communication, active participation, and advocacy for the institution’s sustainability programs.

Responsibilities

• Vulnerability Management: Manage the vulnerability program, including regular scanning, identification, and assessment of vulnerabilities in systems and applications. Prioritize and coordinate fixes by working with system owners and IT teams, ensuring timely patching or mitigation. Monitor and report progress on remediation efforts (using tools like ServiceNow for ticketing and workflow) and confirm that the fixes are effective.
• Governance, Risk & Compliance: Contribute to governance, risk, and compliance efforts for the cybersecurity program. Conduct risk assessments and security control evaluations for critical systems and third-party solutions, aligning with established frameworks (e.g., NIST RMF) and emerging compliance standards (such as CMMC for relevant research projects). Ensure that security practices and controls meet applicable regulations and data protection requirements – including HIPAA (health data), FERPA (student records privacy), GLBA (financial data protection), GDPR (EU personal data privacy), and PCI-DSS (payment card data security). Collaborate closely with compliance, legal, and privacy teams to address regulatory obligations and to prepare for or support audits and assessments.
• Process Improvement & Automation: Proactively identify opportunities to enhance security operations processes and workflows. Automate routine procedures and controls using scripting and security orchestration tools (SOAR) as well as AI to boost efficiency and consistency in incident response, monitoring, and compliance reporting. Create scripts or playbooks for tasks like vulnerability management, risk assessment, compliance assessment, and digital privacy impact assessments.
• Security Tools Enhancement: Evaluate, tune, and recommend enhancements to enterprise security tools and capabilities. Supervise the tuning and optimal setup of systems, including endpoint detection and response tools (e.g., CrowdStrike) and threat intelligence feeds. Ensure that security tools produce actionable insights for intelligence sharing with multiple teams across the organization. Identify new data sources or technologies that could improve ASU's security posture and maturity.
• Cross-Team Collaboration: Collaborate closely with various university teams such as IT operations, network engineering, application developers, and data governance to develop a strong understanding of the threat landscape and business environment within a large, complex academic setting. Act as a security expert in cross-departmental meetings and projects, effectively communicating risks and requirements. Promote a culture of cybersecurity awareness by guiding stakeholders on security best practices and emerging threats.
• Policy and Program Development: Contribute to the development and continuous improvement of cybersecurity policies, standards, guidelines, and procedures. Draft and update documentation, including incident response plans, standard operating procedures (SOPs), security standards, and runbooks, to ensure they reflect current best practices and organizational changes. Assist in creating training and awareness materials to educate the university community on security policies and safe computing practices. By developing clear documentation and guidance, support the overall governance of information security at ASU.
• Mentorship and Leadership: Provide leadership and mentorship within the cybersecurity team. Guide junior analysts and incident responders, leading by example in technical investigations and project execution. Share knowledge and train teammates in areas of expertise (for instance, by demonstrating how to use advanced features of tools such as ServiceNow GRC modules or CrowdStrike). Help prioritize team tasks to align with ASU Enterprise Technology (ET) initiatives while maintaining transparency and engagement with stakeholders. Leverage AI in routine tasks and contribute ideas for using AI to improve the unit’s efficiency and overall performance. Take responsibility for fostering a positive culture, upholding organizational values, and championing engagement in all its forms. Collaborate across teams and actively participate in ET/ASU events and programs.
• The Senior Cybersecurity Analyst will take on other duties as assigned and is expected to adapt to the evolving needs of the cybersecurity program. In all responsibilities, they will maintain a high standard of quality, integrity, and professionalism to protect the university’s information assets.

Benefits

• professional development
• tuition breaks