Information Assurance Analyst 1 Location:
Case Main Campus Regular/Temporary:
Regular Full/Part Time:
Full-Time Job ID:
Job Description POSITION OBJECTIVEWorking under moderate supervision and appropriate judgment, work with the Information Security Team to protect the confidentiality and integrity of customer, employee, and business information in compliance with organization policies and standards. Activities include performing daily security operational tasks including but not limited to security tools administration, monitoring, administering user accounts, responding to service desk tickets, and delivery of basic security awareness training to individuals and small groups.ESSENTIAL FUNCTIONS
Perform risk management and analysis on system and organizational levels, including administrative, technical, and physical controls. Consult with departments on security planning materials, including risk mitigation plans, disaster recovery plans, and provide inputs on business continuity plans. (20%)Perform cyber threat intelligence to collect, analyze, and produce accurate and relevant intelligence for campus community and automated feeds. (20%)Administer and operate security tools and services to investigate, detect, protect, and defend the IT enterprise. (20%)Serve as an incident-response team member. Respond to security incidents and events. Investigate and resolve incidents, execute action plans, communicate with end-users or other impacted parties. Take lead on group-level investigation tasks. (10%)
Collect, analyze, correlate, and report on pertinent security metrics. (5%)Perform identity-based security functions supporting the user identity lifecycle including creation, removal, and update of user account information. (5%)Provide Tier 2 customer support from Service Desk calls for security-related matters. (5%)Serve as a resource person in assessing systems, processes, and projects against compliance requirements, control objectives, and security best practices; interact with internal and external technical staff and consult with project teams at various stages of project cycles. (5%)Participate in campus-wide information security awareness events and programs to ensure alignment of policy and practice of security among stakeholders. (5%)Perform other duties as assigned including but not limited to assisting in performing physical access control audits of IT infrastructure and facilities, assisting the security team in the continuous review, evaluation and rollout of security tools and security administration tools, assisting user desktop configurations for security risks, assisting end-user groups with security practice implementation. (5%)
CONTACTS Department: Regular contact with supervisor to review goals, achievements and overall performance. Daily contact with UTech managers and staff to address issues and opportunities collaboratively and to resolve any outstanding issues or challenges. Frequent contact with all other UTech staff to facilitate and promote joint action and cooperation to achieve results.University: Daily contact with faculty, staff, undergraduate, graduate and professional students to effectively understand and define internal customer requirements as they relate to assigned duties.External: Regular contact with vendor partners to manage the execution of tasks, coordinate efforts and learn about new capabilities. Occasional contact with peer institutions regarding best practices.Students: Daily contact to effectively understand and define internal customer requirements as they relate to assigned duties. Regular contact with UTech student employees.SUPERVISORY RESPONSIBILITYMay supervise student employees.QUALIFICATIONSEducation and Experience: Associate’s degree with 2 years of progressive experience in a dedicated information security function or responsibility. Exposure to Information Technology concepts such as applications, security systems design, implementation and administration. - OR - a Bachelor’s degree in an IT related field with no experience required (prefer experience in an IT-focused field or industry). The position requires the attainment and maintenance of Information Assurance certification appropriate to the position within 2 years of hire, if not currently certified (SANS GIAC, Security+, or equivalent). Must successfully complete a criminal background check.REQUIRED SKILLS
Exposure to information technology concepts such as applications, security systems design, implementation and administration required.Demonstrated understanding of system administration and network configuration for Microsoft Windows, Mac OX, or UNIX/LINUX systems.Demonstrated knowledge of security concepts including malware, intrusion detection, risk analysis, threat/vulnerability management, system hardening, and business continuity.Familiarity with information security risk assessment and management processes and standards.Working knowledge in at least three of the following infrastructure security concepts: Incident response practices, Data encryption technologies and standards (email, transit, file, etc.), Data loss protection systems and tools, Endpoint security software management, Firewalls and firewall techniques, Vulnerability management, Computer forensics practices, threat intelligence collection, and Virtual private networking.Prefer an understanding of network protocols.Demonstrated ability to optimize time and resources, prioritize task, and ensure that deadlines are met. Ability to work independently on projects and achieve project objectives.Ability to work in a team environment, being able to play the roles of team leader and team player as required. Ability to actively listen, responsive to verbal and non-verbal clues. Strong writing and verbal communication skills demonstrated while communicating with diverse audiences.Demonstrated superior interpersonal skills, conflict resolution and negotiation skills.Demonstrated ability to identify problems, analyze courses of action, and propose solutions.Demonstrated ability to successfully handle sensitive discussions with discretion, strong personal ethics commitment, and demonstrated sound judgment.Consistently models high standards of honesty, openness, and respect for the individual. Experience working with diverse populations.Ability to meet consistent attendance.Ability to interact positively with colleagues, supervisors, and customers face to face. Prefer familiarity with project management approaches, tools and phases of the project lifecycle.Prefer familiarity with current office software such as Microsoft Office, Office365, and Google Apps.Prefer experience with commercial or open source security tools.Prefer basic knowledge of security processes and procedures relating to security compliance or controls management frameworks.Prefer experience with server administration for Microsoft, Mac OX, or UNIX/LINUX systems. Prefer experience with cloud administration (AWS, Azure, GCP) of systems.Prefer understanding of various security and regulatory compliance standards, such as FERPA, HIPAA, FISMA, and PCI.Prefer data forensics and collection technologies, disk imaging, chain of custody records, handling sensitive information.Experience working with diverse populations and willingness to support a community commitment to diversity, equity and inclusion.Consistently model high standards of honesty, openness, and respect for the individual.
WORKING CONDITIONSProfessional office setting. The position is required to be available to respond to emergency security issues and incidents on a 24/7/365 basis. On-call status and some off-hours work effort required. The employee will be required to carry a cell phone, during and after their normal work hours, including weekends to attend to after-hours emergencies. There may be occasional pressure from demanding customers. Due to time constraints, many functions must be completed on set deadlines. Travel between various locations on campus may be required. The position requires typing on a computer keyboard and using a computer mouse and a printer. Office attire includes business casual dress. Diversity Statement
In employment, as in education, Case Western Reserve University is committed to Equal Opportunity and Diversity. Women, veterans, members of underrepresented minority groups, and individuals with disabilities are encouraged to apply.
Case Western Reserve University provides reasonable accommodations to applicants with disabilities. Applicants requiring a reasonable accommodation for any part of the application and hiring process should contact the Office of Equity at 216-368-3066 to request a reasonable accommodation. Determinations as to granting reasonable accommodations for any applicant will be made on a case-by-case basis.