CYBERSECURITY ANALYST: RISK MANAGEMENT
JOB NO.: 91581-AS
Work Type: Staff-Full Time
Categories: Information Systems/Technology
Employment Class: Academic Staff-Renewable
Position Vacancy ID: 91581-AS
Working Title: Cybersecurity Analyst: Risk Management
Official Title: SR IS SPECIALIST(S45BN) or IS SPECIALIST(S45DN)
Hiring Department: A060370-INFORMATION TECHNOLOGY/SEC/CYBERSECURITY
Anticipated Begin Date: SEPTEMBER 15, 2017
Term: This is a renewable appointment.
Minimum $81,000 Maximum $95,000 ANNUAL (12 months)
Depending on Qualifications
Degree and Area of Specialization:
Bachelor's Degree in Information Technology Security or related discipline and two years' experience. OR Five or more years of applicable professional services and/or information security experience and expertise.
Minimum number of years and type of relevant work experience:
* Minimum of three years' experience conducting risk assessments against recognized standards (e.g. HIPAA, NIST, COBIT or ISO).
* Must hold, or be able to obtain within six months, a management oriented security certification (e.g., CISSP, CISM or GSEC). Demonstrated knowledge or professional certification in Information Security or IT Audit is a strong addition.
* Detailed understanding of network design, security protocols and systems administration with excellent analytical and problem solving skills.
* Experience working independently to conduct technical investigations with diverse constituents, providing detailed written reports and presentations in a higher education, research, or healthcare environment.
* Experience using standard industry applications to create or update current documents to meet compliance reporting requirements and to track detected failures and validate mitigation and solutions within timelines in standard documentation.
* Must display working knowledge of PCI Data Security, HIPAA and NIST standards along with virtual environment and cloud computing services.
* Experience executing project management skills including design review, threat modeling and risk profiling while working across a large, distributed organization that is representative of a diverse IT community to include policy, regulations and compliance requirements.
* Highly advanced skills in PC/Macintosh/Unix workstation, Internet software skills, groupware, office productivity software, project management software, and architecture tools (e.g. Visio, etc.).
See Additional Information for additional Preferred Qualifications.
The Office of Cybersecurity supports the CIO and the campus by leading and managing campus efforts to reduce risk. Strategies include appropriate handling of data, continued diagnostics and good processes and procedures to manage our intellectual property and other sensitive information.
This position provides risk analysis and compliance program support for the Governance, Risk and Compliance (GRC) domain of the UW-Madison Office of Cybersecurity. Responsibilities include evaluating security risks and compliance strategies; offering direction, guidance and consultation; and making recommendations for the improvement in information security of IT systems primarily for University of Wisconsin-Madison and for the University of Wisconsin System upon request. The incumbent coordinates implementing university-wide, proactive and distributed information security management programs to ensure the continuous availability, confidentiality, and integrity of information assets owned and used by the university community, consistent with university management's informed risk tolerance.
This position also serves as the campus technical expert and authority on information security risk analysis and compliance matters. As a trusted advisor and partner with campus researchers, Primary Investigators, program managers and system owners, the incumbent works with the entire university community in a consultative manner. The incumbent should understand organizational missions, values and goals, analyze information risks which threaten those objectives, recommend and guide large cross-functional and campus-wide teams towards appropriate security control solutions, and assist in implementing and auditing those solutions to materially reduce operational and compliance based exposures. This position reports to the UW-Madison Deputy Chief Information Security Officer.
Additional Preferred Qualifications:
* Demonstrated experience applying standards and practices for risk management and compliance, including:
- National Institute for Standards and Technology (NIST) - 800 series Special Publications
- International Standards Organization (ISO) 27001 - Information Security Management and 27002 - Information Technology - Security.
- Open Security Architecture (OSArc).
- Familiarity with and validation skills using Open Web Application Security Project (OWASP) principles.
* Experience with typical application components such as web servers, application servers, database software (Oracle and SQL), middleware and underlying infrastructure devices (WAN and LAN devices, operating systems for server platforms, workstations, and a broad range of applications, host and network security devices. Solid understating of manual, automated application penetration skills, vulnerability scanning and analysis as well as skill in careful, limited live testing in live production environments.
Instructions to applicants:
Please note that DoIT is not able to provide sponsorship for this position.
In order to be considered for this position, applicants must upload a resume and cover letter. Your cover letter should specifically address the Required Qualifications listed in the Relevant Work Experience section.
Additional Link: Full Position Details
NOTE: A Period of Evaluation will be Required
The University of Wisconsin is an Equal Opportunity and Affirmative Action Employer.
The Annual Security and Fire Safety Report contains current campus safety and disciplinary policies, crime statistics for the previous 3 calendar years, and on-campus student housing fire safety policies and fire statistics for the previous 3 calendar years. UW-Madison will provide a paper copy upon request; please contact the University of Wisconsin Police Department.
Advertised: 03 Aug 2017 Central Daylight Time
Application Close: 4 Sep 2017 11:55 PM Central Daylight Time