Cybersecurity Risk Analyst IV

About The Position

Requirements

• Bachelor's degree in an appropriate area and four years of relevant experience; or a high school diploma or equivalent and eight years of relevant experience.
• Appropriate college coursework may substitute at an equivalent rate for the required experience, but does not negate the minimum degree requirements(s).

Nice To Haves

• Bachelors or Masters degree in Computer Science, Cybersecurity, or related field.
• Global Information Assurance Certification (GIAC) Security Essentials (GSEC) or equivalent (preferred), Certified Information Systems Auditor (CISA) or equivalent (preferred), Certified Information Systems Security Profession (CISSP or equivalent) (preferred)
• Minimum of 10 years of combined IT and security experience with a broad range of exposure to data, networks, systems, and web applications.
• Experience conducting cybersecurity risk assessments in large organizations.
• Excellent written and verbal communication skills, outstanding communicator; interpersonal skills; and the ability to work collegially and interact effectively with all constituencies.
• Excellent organizational skills and an ability to prioritize and complete simultaneous projects with minimal supervision.
• Accuracy, attention to detail and a customer service-oriented approach and mindset.
• Advanced level skills in analytical thought, problem-solving, leadership, teambuilding, conflict resolution, strategic planning, management, and IT project management.
• Knowledge of Security standards, applicable laws, and regulations (National Institute of Standards and Technology (NIST), Health Insurance Portability and Accountability Act (HIPAA), Health Information Technology for Economic and Clinical Health Act (HITECH), Payment Card Industry (PCI), Federal Educational Rights and Privacy Act (FERPA), Florida Statutes).
• Knowledge of Security issues, techniques, and implications across all existing computer platforms.
• Knowledge of client/server, network topology, network/infrastructure security, network operating systems, web technologies, and e-commerce operations preferred.
• Knowledge of IT auditing and risk management preferred.
• Broad knowledge of principles of a particular field of specialization.
• Awareness of current standards and trends in IT and emerging technology.
• Ability to work collaboratively and build strategic relationships with both internal and external clients.
• Ability to think critically and creatively, have a high standard of integrity and be motivated to incorporate best practices into the organizational structure.

Responsibilities

• Executes the UF information risk assessment process, which includes conducting risk assessments for internal information systems using established procedures and control baselines, conducting risk assessments on third-party products and services, developing remediation plans and recommendations to IT staff on how to address risks identified through the risk assessment, preparing executive-level residual risk reports to prompt risk disposition decisions, guiding units in creating security plans for all systems, and establishing and maintaining a non-technical monitoring program including measures of compliance and effectiveness for administrative processes as well as technical controls related to information security.
• Consults on security systems, tools, and procedures to meet defined security requirements and goals, including assisting units in selecting technology that best fit to UF’s information technology environment and supports UF information security goals, providing expert security guidance to help units improve security posture and reduce risk, guiding units in developing processes and procedures to implement UF information security policies and standards, and producing and publishing documentation and guidance to provide direction to units on complying with information security policies and standards.
• Contributes to development of the UF Information security risk management program, which includes evaluating and providing recommendations regarding legal, regulatory, and contractual information security compliance requirements, serving as subject matter expert on security control frameworks, establishing, and updating control baselines to be used at UF, optimizing procedures used to conduct information security risk assessments, contributing to the creation and modification of university information security policies and standards, collaborating and advising on changes and improvements to the university’s Governance, Risk, and Compliance (GRC) platform used to conduct risk assessments, training and mentoring junior risk analysts, interns, and distributed university IT staff on the risk assessment process, and contributing content and collateral material to information security training and awareness programs.

Benefits

• vacation
• sick leave
• holidays
• personal leave days
• paid family leave