Job Description

Job Summary:
The Information and Technology Services (ITS) organization at the University of Michigan has an exciting opportunity for a Research Data Security Analyst Intermediate to join the IT Security Design and Engineering Team within Information Assurance (IA). As part of a high performance team with expanding responsibilities, you will have the opportunity to work in a very collaborative and dynamic environment to perform risk and compliance assessments of critical systems to improve the security posture of the University's most sensitive assets, and provide security consulting for university systems and units.

For more information about ITS, please visit our website: http://its.umich.edu/

Positions that are eligible for hybrid or mobile/remote work mode are at the discretion of the hiring department. Work agreements are reviewed annually at a minimum and are subject to change at any time, and for any reason, throughout the course of employment. Learn more about the work modes.

Who we are:
Information and Technology Services (ITS) supports U-M faculty, researchers, staff, and students in their use of technology to teach, learn, research, and work, and be leaders in their fields. We are dedicated to creating cohesive digital experiences and promoting university wide innovations. ITS's mission is to be trusted enablers of technology for the U-M community. ITS works together to provide cohesive digital experiences and seamless support to the U-M community. For more information about ITS, visit: https://its.umich.edu/about

The Information Assurance (IA) Office:

Directs IT security, policy, compliance, privacy, enterprise continuity, and identity and access management (IAM) strategy across the entire university.
Proactively mitigates IT security risks in partnership with U-M's campuses: UM-Ann Arbor, UM-Dearborn, UM-Flint, and Michigan Medicine.
Collaborates with U-M units to:
Develop university IT security, privacy, and IAM strategy.
Implement best practice security, privacy, and IAM infrastructure and protocols.
Takes a risk-based approach to securing the university's most sensitive information assets that enables teaching, learning, research, and healthcare in a large open environment.
Provides operational information assurance and IAM services that enable the university to excel in its research, teaching, and patient care missions
Provides guidance to the entire university community on IT security and privacy compliance best practices to help individuals protect university systems and data, as well as their own personal information.
For more information about Information Assurance, please visit our website: https://safecomputing.umich.edu

Responsibilities:
Participate in the successful execution of a potentially wide range of security services and activities. Primary responsibilities include:
Research Support - Support U-M researchers in understanding and meeting compliance requirements including but not limited to HIPAA, CUI, and NIST 800-53 and 800-171 standards by performing compliance based risk assessments on research environments at U-M and developing and maintaining and risk assessment templates and proposed options to simplify the work researchers have to perform to obtain compliance approval for their research projects.
Risk Management - Use tools and methodology to assess the information security risks associated with sensitive and mission critical systems based on the NIST 800-53 security control framework and develop mitigation strategies to bring risk levels into an acceptable range.
Compliance - Determine applicability and scope of various regulations; interpret and implement technical requirements to ensure compliance.
System and Application Hardening - Develop, implement, and monitor secure system and application configuration standards in accordance with applicable policies, regulations, and laws
Education & Awareness - Support campus units through creation and delivery of education and awareness materials, security orientations and training.
Additional Duties may include the following based on skills and experience of the candidate -
Security Advising - Provide on-demand and in-depth ongoing security advising to campus units regarding security initiatives, systems procurement and hardening, handling sensitive data, system security plans, research proposals, and other security related topics.
Subject Matter Expert - Participate as an information assurance subject matter expert in the analysis and design of new enterprise systems and services; Participate in the design, implementation, and continuous improvement of security service offerings. Provide consulting services to campus units on your subject matter expertise.
Required Qualifications:
Bachelor's degree in Computer Science, Computer Engineering, or Information Assurance or an equivalent combination of education and experience
Minimum of 4 years information technology experience
Minimum of 2 years of experience applying security related technologies, practices, or services
1 to 2 years experience working with various regulatory and compliance requirements including Export Control, HIPAA, CUI, FISMA
System administration background with Microsoft, Macintosh or *nix environments
Solid understanding of fundamental Operating System and TCP/IP Networking concepts
Solid understanding of fundamental information security concepts including: Authentication, Authorization, Audit, Encryption, Firewalls
Extensive exposure to, experience with, responsibility for, and deep understanding of at least two security related technologies or practices including Risk Management, Incident Response, Vulnerability Management, Penetration Testing, IDS/IPS, System and Application Hardening, Identity and Access Management, Security Information and Event Management, Firewall management, IDS/IPS
A strong commitment to collaboration, teamwork, and continual improvement
Outstanding verbal, written, and presentation communication skills, including the ability to explain technical concepts to a non-technical audience
Demonstrated success working independently, and completing tasks within established deadlines
Desired Qualifications:
Experience performing information security risk assessments using an interview-based approach
Experience assessing the security architecture of proposed IT solutions
Information Security Certification. For example, CISSP