Information Security Analyst - Governance, Risk, Compliance (S04496P)
The University of Texas at Arlington
Arlington, TX
Job posting number: #7139529
Posted: April 12, 2023
Application Deadline: Open Until Filled
Job Description
Job Summarythe Information Security Analyst, GRC is responsible for supporting day-to-day information security governance risk and compliance activities and assigned projects. Major functions include information security risk management, security policy development and enforcement, 3rd party vendor management and incident response assistance. Assist with the development and delivery of risk assessments. Assist with the development, monitoring, and enforcement of policy and standards. Provide support for information security projects.
Essential Duties and Responsibilities
Support the mission of the UTA Information Security Office as a part of the Governance, Risk, and Compliance team.
Assess University compliance with regulatory requirements including, but not limited to, FERPA, PCI-DSS, HIPAA, and NIST 800-171.
Develop and maintain information security policies, standards, and procedures relating to organization-wide information security domains.
Assist with risk assessments, tracking risk mitigations and verification of security controls.
Assist in the generation of metrics and reports used to convey the status of the information security program to University leadership, UT System, and Texas Department of Information Resources.
Provide support for information security related customer questions and help requests.
Work closely with OIT, Internal Audit, and other University units to understand, assess, and develop plans for mitigating information security risk ·
Support the development, implementation, and delivery of security awareness training programs.
Assist with the management of the Incident Response Plan.
Assist with security training exercises, incidents and investigations as needed.
Other duties as assigned
Required Qualifications
Bachelor’s degree or relevant experience
Preferred Qualifications
Certifications related to the duties and responsibilities specified, including but not limited to: Security +, SSCP, CISSP, CISM, CRISC, and/or CISA.
Experience in Information Security Risk Management and the implementation of GRC strategies.
Knowledge regarding risk management practices and GRC concepts and automation tools.
Scripting and coding experience a plus.
Knowledge and practical experience with security frameworks, e.g. NIST 800 series, NIST CSF, ISO 20001, CIS Top 20, CMMC.
Technical knowledge of operating systems, defense-in-depth concepts, networks, security related technologies, and security configurations.
Knowledgeable of current advances in areas of information technology concerning vulnerabilities, security breaches or malicious attacks. Experience in Nessus and Splunk a plus
Experience in higher education and/or Experience in Texas State government.
Working Conditions
Special Conditions for Eligibility
Working Title
EEO Statement
UTA is an Equal Opportunity/Affirmative Action institution. Minorities, women, veterans and persons with disabilities are encouraged to apply. Additionally, the University prohibits discrimination in employment on the basis of sexual orientation. A criminal background check will be conducted on finalists. The UTA is a tobacco free campus.