IT Security Analyst Senior
Provides support for a variety of operational & consultative IT security functions. A shared function between the Office of Export Control Compliance (ECC) & UCF Information Security (IS) Office with broad awareness & understanding of IS, federal regulatory requirements & IT methods utilized to ensure compliance with university policies, state statutes, & federal regulations. Architects, implements, manages, monitors, & enforces IT security controls that protect the confidentiality, integrity, & availability of the organization’s controlled technical data assets in accordance with legal, regulatory, & institutional requirements; ensures users of controlled technical data & systems receive required security training; consults with Principle Investigators, university IT staff, & subject matter experts to identify, implement, monitor, & enforce compliance solutions; documents solutions; provides guidance & recommendations to the research community in area of data security; reviews new regulations to determine impact on the institution & applicable faculty, staff, or students.
Apply information security concepts, frameworks, regulations and guidelines to organizational requirements and document practices, procedures and policy. Convert IT/technical concepts into easily digestible and actionable policies and procedures with summaries that are accessible to audiences of varying technical aptitudes.
Working in conjunction with cross-functional teams (Sponsored Programs, Export Control, Principal Investigators and university IT), evaluate existing IT infrastructure resources for variances with NIST and other applicable standards, document variances, coordinate and architect solutions with university IT security solutions to meet NIST requirements, document security methods in a technology control plan (TCP), provide IT security training, and monitor compliance with the TCP.
Previous demonstrated experience developing, documenting and managing IT security TCP plans to attain and maintain compliance with various regulatory requirements, including but not limited to EAR, ITAR, OFAC, NARA, NIST, FIPS, etc.
Develop, document and manage IT security TCP plans to attain and maintain compliance with various regulatory requirements, including but not limited to EAR, ITAR, OFAC, NARA, NIST, FIPS, etc.
Conduct physical audits and inventories of IT assets used in restricted research activities, analyzing variances of IT assets with federal NIST standards.
Implement IT security compliance solutions and negotiating gaps with sponsors.
Conduct risk assessments, coordinate vulnerability scans, and penetration tests to identify security risks, and report on findings to system owners and management.
Use automated and manual testing, examination, scanning, interviewing, and discovery techniques to identify, validate, and assess security vulnerabilities.
Using output from risk assessments and requirements analysis, assist system, application, and data owners/managers with selecting security controls and documenting system security plans.
Develop and publish information security policies, standards, procedures and guidelines based on compliance requirements and latest security best practices and standards.
Review existing security plans with system, application, and data owners/managers to ensure that controls are properly implemented, and to pro actively identify any gaps that may result in non-compliance with regulatory requirements.
Assist in conducting forensic investigations, provide guidance on remediation planning, and prioritize remediation efforts.
Perform intermediate and advanced analysis and assessments of research and non-research related activities and necessary regulatory requirements to maintain institutional compliance in both research and non-research areas as required by export control laws and regulations.
Work directly with faculty, staff, and students to provide expert advice on both federal regulations, UCF policy and procedures, and IT security protocols implemented to achieve compliance.
Maintain the university loaner-laptop program for international travel by faculty, staff and students.
Provide maintenance and support for recordkeeping resources used to support the trade compliance function.
Manage all tasks associated with implementing IT security solutions on restricted research programs.
Implement, monitor and audit NIST 800-171 security controls.
Respond to relevant service requests received from end users conducting activities subject to IT security requirements.
Provide reports and presentations on the status of security controls and industry trends to management and technical staff.
Develop and deliver IT security awareness training for the organization’s staff, including required training sessions for research teams conducting restricted research.
Acquire and analyze regulatory updates impacts on university activities and provide guidance to UCF department, units, research centers and institutes and faculty, staff and students.
Maintain membership in export and security-related organizations and attend annual security briefings, conferences, trade-shows and training events.
Perform miscellaneous job duties as assigned.
Bachelor’s degree and two years of information technology experience.
5 years IT security, information technology, information assurance or related experience, with preferred service in a Federal Government or DoD Industrial Security environment. Experience with cybersecurity policies based on NIST800-53, NIST 800-171 and ISO 27001. Knowledge of complex government regulations, including the ITAR, EAR and OFAC.
Project Management Professional (PMP) Certification preferred.