IT Risk Analyst II

Associate's degree and two years of relevant experience; or a high school diploma or equivalent and four years of relevant experience. Appropriate college coursework or vocational/technical training may substitute at an equivalent rate for the required experience.

This Cybersecurity Framework Administrator serves as an professional level position in the Information Security Office, a unit within UF Information Technology (UFIT), and will support the university’s success through service and operational excellence.

The Cybersecurity Framework Administrator is responsible for maintaining the UF Cybersecurity Framework (UFCSF) used to assess the high-level operational maturity of participating units.  This role will support UFCSF initiatives that will include providing guidance to university unit contacts on methods to improve security maturity. Responsibilities of this role include serving as a technical resource for administering the UFCSF assessment process, maintaining documentation and related information to support ongoing assessments, and assisting with new and existing uses of UFCSF assessment data that enable measuring security maturity and metric reporting.

Some key responsibilities and characteristics of this position are:

• Implement and maintain appropriate configuration of the UFCSF within the UF Integrated Risk Management (IRM) system to the latest standards and internal guidelines.
• Administer the UFCSF assessment process to gather updated unit security maturity data, ensuring assessments are completed and submitted prior to deadlines.
• Implement and maintain actionable UFCSF metrics that support a sustainable IRM metrics program.
• Develop and maintain UFCSF documents and reference information to include guidelines, templates, and procedures for measuring and improving cybersecurity maturity.
• Support the administration of the UF IRM system for performing cybersecurity risk assessments to include maintaining the cybersecurity risk management methodology to current external and internal standards.
• Serve as primary point of contact for the UFCSF delivering updates and fielding requests for assistance or information as they are received.

About UF Information Technology 

Led by Vice President and CIO Elias Eldayrie, the eight departments comprising UFIT are: Academic Technology; Applications, Development, and Integrations; Business Center; Customer Experience and Resource Planning; Data Platform and Analytics; Information Security Office; Infrastructure and Communication Technology; and Research Computing. UF Information Technology (UFIT) enables teaching, learning, research, and service on campus and across the region with state-of-the-art enterprise IT systems, including SEC and SUS universities, and the opportunity to teach using HiPerGator. For more information about UFIT and its goals and governance, visit https://it.ufl.edu/about-ufit/strategic-plan/.

About the University of Florida

One of America’s all-around best universities, the University of Florida drives future-making education, eye-opening discoveries, life-saving health care, and community-building collaboration for our state, our nation, and our world. UF is in Gainesville, a city of approximately 150,000 residents in North-Central Florida, 50 miles from Florida’s West Coast, 67 miles from the Atlantic Ocean, and within a 2-hour drive to large metropolitan areas (Orlando, Tampa, Jacksonville). The beautiful climate and extensive nearby parks and recreational areas afford year-round outdoor activities, including hiking, biking, and nature photography. UF’s large college sports programs, museums, and performing arts center support various activities and cultural events for residents to enjoy. Learn more about what Gainesville has to offer at Visit Gainesville.

Exceptional Benefits

UF provides various leave programs based on an employee’s salary plan, including vacation, sick leave, holidays, personal leave days, and paid family leave. In addition to paid time off, the University of Florida offers a very competitive benefits package.

$80,034.65 – $88,177.10; commensurate based on education and experience

Associate's degree and two years of relevant experience; or a high school diploma or equivalent and four years of relevant experience. Appropriate college coursework or vocational/technical training may substitute at an equivalent rate for the required experience.

The ideal candidate will possess the following education, experience, and skills:

• Bachelor’s degree in cybersecurity, computer science, business administration, or a related field.
• 5-10 years of combined IT and security experience with a broad range of exposure to data, networks, systems, and web applications preferred.
• Familiarity with security standards, applicable laws, and regulations such as National Institute of Standards and Technology (NIST) and Health Insurance Portability and Accountability Act (HIPAA).
• Awareness of current standards and trends in IT and emerging technology.
• Excellent written and verbal communication skills, outstanding communicator; interpersonal skills; and the ability to work collegially and interact effectively with all constituencies 
• Excellent organizational skills and an ability to prioritize and complete simultaneous projects with minimal supervision

Work visa sponsorship is not available for this position

A Criminal Background Screening is required.

Applicants are required to submit the following with their application:

• Cover Letter
• Resume
• List of professional references with contact information (Minimum of 3 with one from a previous or current supervisor)

Application must be submitted by 11:55 p.m. (ET) of the posting end date.