| Job Description: |
UF Information Technology (UFIT) is currently seeking a professional level Cybersecurity Risk Analyst to join the Information Security Office a unit within UFIT.
UF Information Technology (UFIT) enables teaching, learning, research, and service on campus and across the region with state-of-the-art enterprise IT systems, including SEC and SUS universities, and the opportunity to teach using HiPerGator.
The IT Risk Analyst IV serves as a professional level position in Information Security, a unit within UF Information Technology (UFIT), and will support the university’s success through service and operational excellence. This senior role within the Information Assurance team of the Information Security Office is focused on conducting information security risk assessments, providing guidance and recommendations for secure implementation of technology and processes, and continuing improvement and development of the university’s risk assessment methodologies to protect the confidentiality, integrity, and availability of UF data and information systems in compliance with law, regulations, policies, and standards at the University of Florida (UF).
Additionally, the incumbent will serve as a subject matter expert in matters of information security, and provide advice, documentation, training and mentoring to junior staff.
Some key responsibilities and characteristics of this position are:
Executes the UF Information risk assessment process, which includes (but is not limited to):
- Conducting risk assessments for internal information systems using established procedures and control baselines
- Conducting risk assessments on third-party products and services
- Developing remediation plans and recommendations to IT staff on how to address risks identified through the risk assessment
- Preparing executive-level residual risk reports to prompt risk disposition decisions
- Guiding units in creating security plans for all systems
- Establishing and maintaining a non-technical monitoring program including measures of compliance and effectiveness for administrative processes as well as technical controls related to information security
Consults on security systems, tools, and procedures to meet defined security requirements and goals:
- Assisting units in selecting technology that best fit to UF’s information technology environment and supports UF information security goals
- Providing expert security guidance to help units improve security posture and reduce risk
- Guiding units in developing processes and procedures to implement UF information security policies and standards
- Producing and publishing documentation and guidance to provide direction to units on complying with information security policies and standards
Contributes to development of the UF Information security risk management program, which includes (but is not limited to):
- Evaluating and providing recommendations regarding legal, regulatory, and contractual information security compliance requirements.
- Serving as subject matter expert on security control frameworks, establishing, and updating control baselines to be used at UF.
- Optimizing procedures used to conduct information security risk assessments.
- Contributes to the creation and modification of university information security policies and standards.
- Collaborating and advising on changes and improvements to the university’s Governance, Risk, and Compliance (GRC) platform used to conduct risk assessments.
Trains and mentors junior risk analysts, interns, and distributed university IT staff on the risk assessment process.
Contributes content and collateral material to information security training and awareness programs.
About UF Information Technology
Led by Vice President and CIO Elias Eldayrie, the eight departments comprising UFIT are: Academic Technology; Applications, Development, and Integrations; Business Center; Customer Experience and Resource Planning; Data Platform and Analytics; Information Security Office; Infrastructure and Communication Technology; and Research Computing. UF Information Technology (UFIT) enables teaching, learning, research, and service on campus and across the region with state-of-the-art enterprise IT systems, including SEC and SUS universities, and the opportunity to teach using HiPerGator. For more information about UFIT and its goals and governance, visit https://it.ufl.edu/about-ufit/strategic-plan/.
About the University of Florida
One of America’s all-around best universities, the University of Florida drives future-making education, eye-opening discoveries, life-saving health care, and community-building collaboration for our state, our nation, and our world. UF is in Gainesville, a city of approximately 150,000 residents in North-Central Florida, 50 miles from the Gulf of Mexico, 67 miles from the Atlantic Ocean, and within a 2-hour drive to large metropolitan areas (Orlando, Tampa, Jacksonville). The beautiful climate and extensive nearby parks and recreational areas afford year-round outdoor activities, including hiking, biking, and nature photography. UF’s large college sports programs, museums, and performing arts center support various activities and cultural events for residents to enjoy. Alachua County schools are highly rated and offer various programs, including magnet schools and an International Baccalaureate program. Learn more about what Gainesville has to offer at Visit Gainesville.
Exceptional Benefits
UF provides various leave programs based on an employee’s salary plan, including vacation, sick leave, holidays, personal leave days, and paid family leave. In addition to paid time off, the University of Florida offers a very competitive benefits package.
|
| Preferred: |
The ideal candidate will possess the following education, experience, and skills:
EDUCATION & TRAINING
Bachelors or Masters degree in Computer Science, Cybersecurity, or related field.
Global Information Assurance Certification (GIAC) Security Essentials (GSEC) or equivalent (preferred), Certified Information Systems Auditor (CISA) or equivalent (preferred), Certified Information Systems Security Profession (CISSP or equivalent) (preferred)
EXPERIENCE:
Minimum of 10 years of combined IT and security experience with a broad range of exposure to data, networks, systems, and web applications. Experience conducting cybersecurity risk assessments in large organizations.
SKILLS:
Excellent written, verbal, and interpersonal communication skills, as well as the ability to work collegially and interact effectively with all constituencies
Excellent organizational skills and an ability to prioritize and complete simultaneous projects with minimal supervision
Accuracy, attention to detail and a customer service-oriented approach and mindset
Advanced level skills in analytical thought, problem-solving, leadership, teambuilding, conflict resolution, strategic planning, management, and IT project management
KNOWLEDGE:
Security standards, applicable laws, and regulations (National Institute of Standards and Technology (NIST), Health Insurance Portability and Accountability Act (HIPAA), Health Information Technology for Economic and Clinical Health Act (HITECH), Payment Card Industry (PCI), Federal Educational Rights and Privacy Act (FERPA), Florida Statutes)
Security issues, techniques, and implications across all existing computer platforms
Client/server, network topology, network/infrastructure security, network operating systems, web technologies, and e-commerce operations preferred
IT auditing and risk management preferred
Broad knowledge of principles of a particular field of specialization
Awareness of current standards and trends in IT and emerging technology
ABILITIES:
Work collaboratively and build strategic relationships with both internal and external clients.
Ability to think critically and creatively, have a high standard of integrity and be motivated to incorporate best practices into the organizational structure
|