Senior Analyst (Security Program Analyst)
Duke University’s IT Security Office (ITSO) is responsible for the overall coordination, implementation, and assessment of information security at Duke University.
The ITSO Security Program Analyst will be responsible for liaising with the Duke Health Information Security Office and the OIT Data Analytics Practice to quantify and contextualize efforts to optimize confidentiality, integrity, and availability of Duke’s information assets and systems in support of research, teaching, learning, and everyday conduct of University business.
This role focuses on tracking, synth esizing, and communicating information related to cyber risk across Duke University and Duke Health, and requires excellent oral and writing skills, analytical skills, a collaborative and results-oriented attitude, and the curiosity required to stay up to date within a fast-paced field and environment. Prior expertise in security is desirable but not a hard requirement; we welcome applicants with related experience in risk and/or data analysis.
DUTIES AND WORK PERFORMED
# Assess the landscape of cyber risk at Duke through metrics dashboards. Advise on continued development of these dashboards to clarify and quantify risk areas.
# Improve visibility into areas of cyber risk by advising on development needs for inventory tools to improve tracking and dashboard integration for measurements pertaining to Duke accounts, devices and servers, network activity, websites, etc., as well as adoption/coverage of relevant security measure such as multi-factor authentication, endpoint management, patch status, and automated IP blocking.
# Advise on strategic priorities for ITSO initiatives based on cyber risk metrics, identified risks, and areas where effort will yield the most return on securing Duke resources.
# Provide briefings to Duke’s information security community, articulating trends, areas of concern, and implications for various functional areas.
# Oversee project work to improve adoption of security measures and programs.
# Develop materials to articulate policies and positions/guidance related to security practices.
# Offer creative solutions to enhance efficiency of, and value provided through, the ITSO's risk management programs (such as vendor reviews).
# Liaise with peers in related departments to coordinate response to issues affecting multiple areas (e.g., Privacy, Audit, etc.)
Excellent verbal, written, and analytical skills. Collaborative and solution-oriented. Able to work independently and in a team setting. Proficient in quantitative and qualitative analysis and data-driven decision-making.
Required: Bachelor’s degree in a related field plus 3 years of experience in security, audit, analytics, etc.; or 5 or more years of experience.
Certifications such as SANS, CISSP, CISA, CISM, etc. are optional, but will be considered favorably.
Duke is an Affirmative Action/Equal Opportunity Employer committed to providing employment opportunity without regard to an individual's age, color, disability, gender, gender expression, gender identity, genetic information, national origin, race, religion, sex, sexual orientation, or veteran status.
Duke aspires to create a community built on collaboration, innovation, creativity, and belonging. Our collective success depends on the robust exchange of ideas—an exchange that is best when the rich diversity of our perspectives, backgrounds, and experiences flourishes. To achieve this exchange, it is essential that all members of the community feel secure and welcome, that the contributions of all individuals are respected, and that all voices are heard. All members of our community have a responsibility to uphold these values.
Essential Physical Job Functions: Certain jobs at Duke University and Duke University Health System may include essentialjob functions that require specific physical and/or mental abilities. Additional information and provision for requests for reasonable accommodation will be provided by each hiring department.