Information Security Compliance Analyst

Job description

Posting Details

Job TitleInformation Security Compliance AnalystDepartmentInformation Security OfficeFull Time/Part TimeFull-TimeRequisition NumberS21135Open Date10/16/2020Close DateSalary Information

Salary Commensurate with Experience and Qualifications

Work Schedule

Business hours with occasional extended hours to meet deadlines.

Benefits EligibleYesEligible for OvertimeNoPosition Summary

The information security compliance analyst is responsible for managing security reviews and assessments and ensuring that internal systems and technologies are compliant with security standards and regulatory requirements. This role develops and implements campus-wide security initiatives helps researchers, departments, and organizations across campus to ensure compliance with industry and legal regulations, and works with those groups to develop policies, procedures, and technical solutions to achieve compliance. The role will work with groups to evaluate risk with contracts for new and existing services.

Education RequiredBachelor's DegreeMajor/DisciplineSubstitution for Education RequirementMay substitute additional related experience, above and beyond what is required, on an equivalent year for year basis in lieu of the education requirement.Education PreferredExperience Required5 yearsType of Experience

- Experience with auditing, evaluating, and advising on the implementation of security controls (administrative and technical)
- Experience analyzing and applying a variety of regulatory requirements to security practices
- Experience balancing the application of mitigating controls with non-compliance to effectively reduce overall risk
- Experience supporting research initiatives

Substitution for Experience RequirementMay substitute additional related education, above and beyond what is required, on an equivalent year for year basis in lieu of the experience requirement.Experience Preferred

Experience with government contracts and grants and working with Legal, Contracts, Grants, Purchasing, and IRB groups.

License/Certification RequiredLicense/Certification Preferred

CRISC, CGEIT, CISA, CISM, CISSP

Skills Required

- Knowledge of information security industry best practices is required
- Knowledge of industry and legal regulations is required, including PCI‐DSS, GLBA, HIPAA, FERPA, and other federal and state laws
- Must be able to work with people with varying degrees of technical and legal knowledge and understanding
- Must have strong technical background in operating systems, networking, and security assessment tools
- Must have strong written communication skills

Skills Preferred

- Ability to stay on top of changes and trends in the regulatory landscape
- Demonstrated organization, facilitation, communication, and presentation skills
- Demonstrated ability to lead and execute across a range of businesses and functions with differing issues and interests
- Able to lead multiple projects with competing priorities and deadlines while also being detail oriented
- Strong analytical and problem solving skills, with demonstrated intellectual and analytical rigor
- Familiarity with NIST Cybersecurity Framework (CSF), NIST SP 800-53, NIST SP 800-171, PCI, GDPR, HIPAA, GLBA, CIS Benchmarks, and Top 20 Critical Controls
- Familiarity with FEDRAMP, ISO 27001, ISO 27002, and ISO 27018
- Familiarity with cloud and cyber security knowledge to ensure technical controls are crafted appropriately

Internal / External Contacts

Internal Contacts: The incumbent has contact with staff, faculty, and students.

External Contacts: The incumbent has contact with vendors, contractors, and partners.

Physical Demands

Position often requires being seated for prolonged periods with the ability to move from one work site to another.

Working Conditions

Business hours with occasional extended hours to meet deadlines

Essential Personnel

Position is not considered essential during a campus emergency.

Rice University Standard of Civility

Serves as a representative of the University, displaying courtesy, tact, consideration and discretion in all interactions with other members of the Rice community and with the public.

Security Sensitive

As defined under the Texas Education Code and Rice Policy No. 425, this position is security sensitive and employment in this position is contingent upon the successful completion of a background check.

Special Instructions to ApplicantsQuick Link for Postinghttp://jobs.rice.edu/postings/24860Essential Functions

- Works with information security leadership to develop and publish the IT Security Framework and apply it to the University
- Works with the Office of Information Technology and other University departments and organizations to develop policies and procedures
- Provides training to staff on departmental policies, procedures, and guidelines
- Provides IT risk assessments for IT‐related systems both internal and external to the OIT division
- Provides detailed guidance and recommendations on findings during assessments
- Audits the maturity of the security controls of OIT systems against the established framework
- Provides reports to information security leadership and others as directed
- Reviews IT‐related contracts for new and existing services
- Provides a periodic risk reassessment of existing cloud services and as terms or operations change
- Participates in the investigation, development, deployment, and client support for information security office provided tools and services
- Works with other OIT Security team members during incidents to contain and resolve discovered and reported incidents
- Develops and participates in relevant industry and higher‐ed groups to keep current on changes in regulations and best practices and contributes to these groups when possible and as appropriate
- Performs all other duties as assigned

Additional Functions or Information

- Provides recommendations to business units for remediation of security gaps/vulnerabilities and catalog security risk scoring to visualize overall security posture of the organization
- Provides guidance to researchers and IT support staff towards compliance with relevant data security standards or data use agreements
- Reviews third party contracts and attestation reports for compliance to security standards and regulatory requirements
- Maps regulatory requirements across regulations to identify overlapping requirements and compliance efficiencies
- Tracks regulatory compliance and maintain up-to-date records of regulatory requirements and corresponding mitigating controls
- Supports the development of the appropriate documentation that aligns with regulatory requirements, including, for example, system security plans, information security policies, and risk assessment procedures
- Coordinates with other compliance functions – like Audit, Legal, Privacy and Research – to track compliance across the organization and pool expertise on vague or complex regulatory requirements

Job Duties

Applicant DocumentsRequired Documents
  1. Cover Letter
  2. Resume
Optional Documents
  1. References/Recommendation Request
Supplemental Questions

Required fields are indicated with an asterisk (*).

  1. * Do you have a bachelor's degree or additional related experience, above and beyond what is required, on an equivalent year for year basis in lieu of the education requirement?
    • Yes
    • No
  2. * Do you have five or more years of experience with auditing, evaluating, and advising on the implementation of security controls (administrative and technical); experience analyzing and applying a variety of regulatory requirements to security practices; experience balancing the application of mitigating controls with non-compliance to effectively reduce overall risk, as well as experience supporting research initiatives, or additional related education, above and beyond what is required, on an equivalent year for year basis in lieu of the experience requirement?

    (Open Ended Question)

  3. * Please provide the salary or range that you would require or consider for this position.

    (Open Ended Question)

 

 

 

Diversity Profile: University

 

AAUP COMPENSATION SURVEY DATA

View more

Learn more on Inside Higher Ed's College Page for University

Arrow pointing right
Job No:
Posted: 10/17/2020
Application Due: 1/15/2021
Work Type:
Salary: