IT Security Compliance Analyst

UO HR Website•Eugene, OR

12h•$78,000 - $88,000

About The Position

Reporting to the Director of IT Security Risk & Compliance, the IT Security Compliance Analyst is part of the Information Security Office (ISO) team. This is a technical position, responsible for the development, assessment and evaluation of Identity and Access Management (IAM) security controls; implementation and evaluation of short-term and long-term goals and objectives, and for strategically aligning campus IT security and compliance needs with university policies, relevant laws, regulations, and requirements for the protection of enterprise systems and data, operational technologies (OT) and other internet of things (IoT) deployed at the University. The IT Security Compliance Analyst will maintain a clear understanding of the research, academic and operational needs of the university, including its infrastructure, assets, identities, and associated risks. This will involve working with various stakeholders, such as business units, IT teams, cybersecurity teams, risk managers, auditors, and vendors, to help drive security of access control initiatives in support of internal policies, regulatory compliance, and industry standards. In addition, maintain an overview of authentication processes of the new and existing systems deployed across campus and provide high-level situational awareness and warnings about any security lapses. As part of the ISO team, the person in this role will collaborate with other members of the team to tailor our risk management program, help prioritize actions, advise system owners, and contribute their expertise during assessment and remediation efforts. This position requires superior interpersonal skills, like empathy, tact, flexibility, and collaboration. Woven through these responsibilities and duties is the need for effective oral and written communication skills to successfully interact with the diverse range of stakeholders at the university. The array of tasks performed by this position requires good organization, the ability to work independently, and to manage multiple, and sometimes competing, priorities. Work is reviewed regularly by the supervisor to ensure it is performed efficiently, safely, and meets both expectations and applicable requirements. A performance appraisal is conducted annually. This unit may provide essential services during times of emergencies and inclement weather. This position may be required to fulfill essential services and functions during these times.

Requirements

Bachelor’s degree from an accredited college or university or demonstrated equivalent skills and experience.
Three years of experience working in an IT position with information security responsibilities; this may include responsibilities as a security professional or as an IT administrator (e.g., network, systems, application, or cloud administrator) with significant experience implementing or supporting security controls. An advanced degree (Master's) may be substituted for one year of experience.
Demonstrated expertise in Identity and Access Management (IAM), Security Assessment and Testing, and one or more of the following IT Security domains: Information Security, IT Systems and Operations, Network Security, Systems and Applications Security, Vulnerability Management, Cloud Security, Security and Risk Management.
Perform duties in a way that advances and supports the mission of the department and university.
Work effectively in a diverse team environment and create effective relationships for problem solving and positive interactions.
Ability to adapt within a rapidly changing technical environment.
Ability to explain technical concepts to audiences with a wide range of technical skills.
Ability to work independently and in a team-oriented, collaborative environment.
Demonstrated experience in current industry methods for evaluating, implementing, and disseminating information technology (IT) security assessment, monitoring, detection, and remediation tools and procedures utilizing standards-based concepts and capabilities.

Nice To Haves

Two years of experience in an operational information security role.
Working knowledge of laws, regulations and standards affecting information technology security in a higher education environment, including PCI-DSS, HIPAA, GLBA, HEOA, FERPA, and DMCA.
Certification in or progress toward at least one designation in an information security, risk, compliance or related discipline (e.g. CISSP, SSCP, CSA+, CASP, GESC, GCIA, CEH).