Information Assurance Analyst 2
Job Title: Information Assurance Analyst 2
Location: Case Main Campus
Full/Part Time: Full-Time
Job ID: 8438
Under minimal supervision, works with the Information Security Team to protect the confidentiality and integrity of customer, employee, and business information in compliance with organization policies and standards. Performs daily security operational tasks including but not limited to security monitoring, administering user accounts, and respond to help desk tickets and delivery of basic security awareness training to individuals and small groups.
- Operate security tools and services to detect, protect, and defend the IT enterprise. (10%)Provide analysis of findings from security monitoring systems to recognize and respond to potential security violations and incidents. Report incidents, and take immediate action to mitigate adverse impacts. Acts with discretion when in support of investigations. (10%)
- Collect, analyze, correlate, and report on pertinent security metrics. (10%)
- Perform identity-based security functions supporting the user identity lifecycle including creation, removal, and update of user account information. (10%)
- Provide Tier 2 customer support from Help Desk calls for security related matters. (10%)
- Incident response team member. Respond to security incidents and events. Investigate and resolve incidents, executes action plans, communicates with end-users or other impacted parties. Takes lead on group-level investigation tasks. (10%)
- Assist the security team in the continuous review, evaluation, and rollout of security tools and security administration tools. (10%)
- Assist in planning and performing system risk assessments, including administrative, technical, physical controls reviews of new and existing IT infrastructure and facilities. (10%)
- Serve as a resource person in assessing systems, processes, and projects against compliance requirements, control objectives, and security best practices; interacts with internal and external technical staff and consults with project teams at various stages of project cycles. (10%)
- Consult with departments on security setup, products, services, and/or procedures to mitigate security risk. (5%)
- Create and deliver security technical and procedural training to campus wide information security awareness events and programs to ensure alignment of policy and practice of security among stakeholders. (5%)
Department: Regular contact with supervisor to review goals, achievements and overall performance. Daily contact with UTech managers and staff to address issues and opportunities collaboratively and to resolve any outstanding issues or challenges. Frequent contact with all other UTech staff to facilitate and promote joint action and cooperation to achieve results.University: Daily contact with faculty, staff, undergraduate, graduate and professional students to effectively understand and define internal customer requirements as they relate to assigned duties.External: Regular contact with vendor partners to manage the execution of tasks, coordinate efforts and learn about new capabilities. Occasional contact with peer institutions regarding best practices.Students: Daily contact to effectively understand and define internal customer requirements as they relate to assigned duties. Regular contact with UTech student employees.
May supervise student employees.
Education/Experience: Associate’s degree and 5 years progressive experience in a dedicated information security function or responsibility. Exposure to Information Technology concepts such as applications, security systems design, implementation and administration. – OR- a Bachelor’s Degree in an IT related field and 3 to 5 years progressive experience preferably in an IT-focused field or industry. Attainment and maintenance of Information Assurance certification appropriate to the position within 2 years of hire, if not currently certified (SANS GIAC, CISSP, Security+, or equivalent). Prefer Six-Sigma Green belt certification. Prefer relevant technology-based certification such as CISCO CCNA or CCNP, Microsoft, Apple, RedHat. Must successfully complete a criminal background check.
- Demonstrated understanding of system administration and network configuration for Microsoft Windows, Mac OX, or UNIX/LINUX systems.Demonstrated knowledge of security concepts including malware, intrusion detection, risk analysis, threat/vulnerability management, system hardening, and business continuity.Demonstrated knowledge of information security risk assessment and management processes and standards.Demonstrated working knowledge in at least three of the following infrastructure security concepts: Incident response practices, data encryption technologies and standards (email, transit, file, etc.), data loss protection systems and tools, Endpoint security software and management, firewalls and firewall techniques, vulnerability management, computer forensics practices, and virtual private networking.Experience with working independently on projects and achieving project objectives by required due dates.Prefer familiarity with current office software such as Microsoft Office, Open Office, and Google Apps.Prefer experience with commercial or open source security tools.
- Prefer intermediate knowledge of security processes and procedures relating to security compliance or controls management frameworks.
- Prefer experience with server administration for Microsoft, Mac OX, or UNIX/LINUX systems.
- Understanding of network protocols.
- Prefer understanding of various security and regulatory compliance standards, such as FERPA, HIPAA, FISMA, and PCI.
- Prefer data forensics and collection technologies, disk imaging, chain of custody records, handling sensitive information.
- Demonstrated ability to optimize time and resources, prioritize task, and ensure that deadlines are met. Ability to work independently on projects and achieve project objectives.
- Ability to work in a team environment, being able to play the roles of team leader and team player as required. Ability to actively listen, responsive to verbal and non-verbal clues.
- Strong writing and verbal communication skills demonstrated while communicating with diverse audiences.
- Demonstrated superior interpersonal skills, conflict resolution and negotiation skills.
- Demonstrated ability to identity problems, analyze courses of action, and propose solutions.
- Demonstrated ability to successfully handle sensitive discussions with discretion, strong personal ethics commitment, and demonstrated sound judgment.
- Consistently models high standards of honesty, openness, and respect for the individual. Experience working with diverse populations.
- Ability to meet consistent attendance.
- Ability to interact with colleagues, supervisors, and customers face to face.
Professional office setting. The position is required to be available to respond to emergency security issues and incidents on a 24/7/365 basis. On-call status and some off-hours work effort required. The employee will be required are to carry a cell phone, during and after their normal work hours, including weekends to attend to after-hours emergencies. There may be occasional pressure from demanding customers. Due to time constraints, many functions must be completed on set deadlines. Travel between various locations on campus may be required. The position requires typing on a computer keyboard and using a computer mouse and a printer. Office attire includes business casual dress.Diversity Statement
In employment, as in education, Case Western Reserve University is committed to Equal Opportunity and Diversity. Women, veterans, members of underrepresented minority groups, and individuals with disabilities are encouraged to apply.
Case Western Reserve University provides reasonable accommodations to applicants with disabilities. Applicants requiring a reasonable accommodation for any part of the application and hiring process should contact the Office of Inclusion, Diversity and Equal Opportunity at 216-368-8877 to request a reasonable accommodation. Determinations as to granting reasonable accommodations for any applicant will be made on a case-by-case basis.