Information Security Analyst III (C)
University of Wisconsin - River Falls - river falls, WI
Apply NowJob Description
Information Security Analyst III (C) Below you will find the details for the position including any supplementary documentation and questions you should review before applying for the opening. To apply for the position, please click the Apply for this Job link/button. If you would like to bookmark this position for later review, click on the Bookmark link. If you would like to print a copy of this position for your records, click on the Print Preview link. Bookmark this Posting Print Preview | Apply for this Job Please see Special Instructions for more details. Applicants are required to apply online. UWRF will not consider paper, emailed or faxed applications. Applicants are required to provide: Resume Letter of interest specifying qualifications and experience (cover letter) Names, addresses, telephone numbers and email addresses of at least three references who can specifically comment upon your experience and professional preparation (references) Inquiries should be addressed to: Kendra Shaw Director of Information Security Deadline to Apply: Initial review of applications will begin upon receipt. For full consideration, applicants should submit all required materials on or before October 24, 2024. This position is an operational position for networking components of the University Police Department and thus requires an FBI/CJIS fingerprinting and a clear criminal background check, conducted annually and continued employment is subjective of the Chief of Police. Employees receive excellent benefits including exceptionally low-cost comprehensive health, dental and vision benefits; employer match of Wisconsin Retirement System contributions of 6.90%; an attractive amount of paid leave per year in addition to paid sick leave. To learn more about our benefits, go to: ( ) UW-River Falls does not offer H-1B or other work authorization visa sponsorship for this position. Candidates must be legally authorized to work in the United States at the time of hire and maintain work authorization throughout the employment term. If you have questions regarding this, please contact Human Resources at . Posting Details Position Information UW - System Position Title Information Security Analyst III (C) Business Title Major Department Code Technology Services (JInfrastructure & Security) Appointment Type Academic Staff-Fixed Term Terminal FLSA Status Exempt FTE (Percentage of Appointment) 100 Typical Working Schedule Monday - Friday, 7:45 AM - 4:30 PM. Coverage outside of typical working schedule will be required during unplanned outages or planned upgrades. Hybrid or On Campus Hybrid Position Summary This position is a member of the Information Security team, within the Division of Technology Services (DoTS). This position is a subject matter expert for all security related activities relative to the information technology (IT) assets of University of Wisconsin River Falls ( UWRF ). This position requires an in-depth knowledge of information security practices relative to the NIST framework of Identify, Protect, Detect, Respond and Recover and understanding of the International Information Systems Security Certification Consortium ( ISC )2 eight security domains and practices. This position will be accountable for the configuration and optimization of the security tools used to protect the IT assets of UWRF . This position will monitor, respond to, analyze, and escalate cybersecurity threats of UWRF IT assets under general supervision. This position will engage in developing security standards, procedures, and security infrastructure for UWRF IT assets. This position may assist with developing information security education and administering privileged access following UW System information policies on identity access management. This position will conduct software security assessments for low risks applications following the UW System guide to vendor assessments. This position will use network cybersecurity tools, endpoint, server, storage and email cybersecurity tools, logging and SIEM tools, vulnerability management tools and other cybersecurity tools to monitor, detect and mitigate threats and vulnerabilities of UWRF IT assets. This position will work in conjunction with the director of information security ( DIS ) and other DoTS staff to improve the security posture of UWRF IT Assets. This position works closely with other teams and staff in the Division of Technology Services. Typical hours are 7:45 AM - 4:30 PM Monday through Friday. Coverage outside of the typical working schedule will be required during unplanned outages or planned upgrades. This position will be considered for scheduling flexibility to work in a hybrid capacity based on staffing and business need. An on-site presence is required for resolution of cybersecurity endpoint issues; the priority of this work would need to be balanced with a hybrid work model. Responsibilities Monitors, analyzes, responds to, and escalate cybersecurity threats and vulnerabilities that pose a risk to the confidentiality, integrity, and availability of UWRF IT assets. Utilizes various cybersecurity tools to monitor, detect, respond to, and escalate cybersecurity threats and vulnerabilities to UWRF IT Assets. Documents results of activities identifying risks, response, resolution, mitigation, escalation, and acceptance utilizing various tools such as Teams channel, Technology Service Management software ( ITSM ), and other internal tools. Makes recommendation of documentation best practices. Utilizes various external resources to increase awareness of cybersecurity threats and system and services vulnerabilities. Works with DoTS and UWRF staff to eliminate or mitigate threats and vulnerabilities. Develops standard operating procedures for the daily, weekly, and monthly process to monitor, detect, respond to, and escalate cybersecurity threats and vulnerabilities to UWRF IT Assets. Configure and manage UWRF cybersecurity tools, optimizing functionality and features to maximize effectiveness for detecting, responding, and resolving cybersecurity threats and vulnerabilities to UWRF IT Assets. Strives to be a subject matter expert of all UWRF Cybersecurity tools, understanding features and functionality, how to configure for maximum effectiveness and efficiency for monitoring and detection of threats to UWRF IT assets and vulnerabilities of UWRF IT systems and services. Works with DoTS staff as required for the daily, weekly, and monthly management of UWRF cybersecurity tools to monitor, detect, respond to, and escalate cybersecurity threats and vulnerabilities to UWRF IT Assets. Make recommendations for improvements in tools and procedures to improve the process and effectiveness of monitoring, detecting, and resolving threats and vulnerabilities to UWRF IT Assets. Works with external resources and cloud-based services for the monitoring, detection, response, and escalation of cybersecurity threats and vulnerabilities. Leads monthly cybersecurity team in discussion and recommendations around the following: Effective use of cybersecurity tools features and functionality Best practice configuration of cybersecurity toolset Cybersecurity toolset conflicts with other applications Vendor recommendations Gaps in cybersecurity toolset Recommendations for improvements in toolset, configuration, or processes for monitoring and detection New cybersecurity tools and value to the protection of UWRF IT assets Review of external cybersecurity activities and impact to the UWRF IT assets Evaluates security risks of new software and makes recommendation to security practices and configuration for UWRF new and existing UWRF IT Assets. Evaluates new software applications following UW System guide to software vendor assessments. Documents results of evaluations; identifying risks and ways to mitigate. Make recommendations of security practices and configuration of all UWRF IT Assets following UW System security policies and cybersecurity best practices based on reputable frameworks such as NIST and ( ISO )2 as well as vendor recommendations. Work to resolve conflicts caused between cybersecurity tools and UWRF IT assets. Participates in Incident Response per policy for security events that compromise the CIA of UWRF IT assets. Immediately Report an event that appears to have compromised the CIA of a UWRF IT asset to UWRF director of information security, CIO , or DoTS director. Performs forensic investigation to determine extent of compromise documenting results. Recommends mitigation to reduce impact of incident. Participates in incident response team as directed by DIS and UWRF leadership. Participates in after action follow-up work including but not limited to: Creating timeline of events. Identifying opportunities for improvement or failures in process. Assignments for resolving issues identified in postmortem review activities. Is knowledgeable and informed on UW System Incident Response policy. Is knowledgeable and complies with all UW System and UWRF information security policies, procedures, and guides. Is familiar with external regulatory agencies and accommodating rules that UWRF is obligated to comply with. Reviews UW System and UWRF information security policies and incorporates adherence in daily activities. Is knowledgeable regarding rules of regulatory agencies that UWRF must comply with such as: GLBA FERPA PCI SSC Through classes, conferences, and research, keep abreast of cybersecurity trends. Participates in internal and external Information Security audits as directed. Implements security change requests including privilege access following UWRF DoTS change management process. Complete ISTM service requests in a timely matter. Manage access to security tools following procedure for administering privilege access. Follow UWRF change management process for approval, implementation, and communication of all changes to UWRF IT assets. Security Awareness training and education Utilize UW System resources for assuring UWRF staff and students participate in security awareness education. Provide advisement and education with staff and students on security events relative to human failure. Utilize UW System resources and participate as needed in phishing simulations and follow-up. Knowledge Skills and Abilities Required knowledge, skills, and abilities: Must be a US Citizen. 2 Year Degree in information technology or related field or cybersecurity certification. 1 year of experience working in cybersecurity. Ability to pass Wisconsin Department of Justice, Crime Information Bureau, finger-printed background check ( CJIS ) conducted by the University Police department ( within six months of hire and must maintain this status as a condition of employment. Sufficient mobility and dexterity to move about the university; manual dexterity to pull, handle, move and manipulate equipment, ability to read computer monitors, ability to work with keyboard, mouse and monitor for extended time periods. Experience with a variety of cybersecurity tools for monitoring, detecting, responding, and resolving threats and vulnerabilities. Experience with implementing and configuring information security tools using industry best practices and institutional policies. Demonstrated ability to think critically and analytically for conducting investigations and problem solving. Effective skills in productivity and work prioritization. Proven ability to function as either a member of a team or team leader to engage in productive collaboration. Preferred knowledge, skills, and abilities: Bachelor's degree in information technology or related field. Three or more years of experience working in cybersecurity. Cybersecurity certification in security operations or other cybersecurity domain by a recognized cybersecurity organization. Solid understanding of cybersecurity concepts and various security domains and frameworks. Examples include COBIT , CISA , HITRUST , ( ISO ) 27001, NIST , PCI DSS . Knowledge of information technology fundamentals including network infrastructure, servers and storage, endpoint architecture, cloud services, web services and software development. Effective soft skills including active listening, oral and written communication skills, and social skills for effective interaction with colleagues and students. Project management and organizational skills for efficient and effective execution of job duties and small to medium size projects. Posting Detail Information Posting Number AAF00986 Number of Vacancies Desired Start Date 11/15/2024 Position End Date (if temporary) Open Date 10/01/2024 Closing Date Applicant Review Date 10/25/2024 Open Until Filled Yes Special Instructions to Applicants Applicants are required to apply online. UWRF will not consider paper, emailed or faxed applications. Applicants are required to provide: Resume Letter of interest specifying qualifications and experience (cover letter) Names, addresses, telephone numbers and email addresses of at least three references who can specifically comment upon your experience and professional preparation (references) Inquiries should be addressed to: Kendra Shaw Director of Information Security Deadline to Apply: Initial review of applications will begin upon receipt. For full consideration, applicants should submit all required materials on or before October 24, 2024. This position is an operational position for networking components of the University Police Department and thus requires an FBI / CJIS fingerprinting and a clear criminal background check, conducted annually and continued employment is subjective of the Chief of Police. Employees receive excellent benefits including exceptionally low-cost comprehensive health, dental and vision benefits; employer match of Wisconsin Retirement System contributions of 6.90%; an attractive amount of paid leave per year in addition to paid sick leave. To learn more about our benefits, go to: ( UW-River Falls does not offer H-1B or other work authorization visa sponsorship for this position. Candidates must be legally authorized to work in the United States at the time of hire and maintain work authorization throughout the employment term. If you have questions regarding this, please contact Human Resources at . Legal Notices EEO/AA Statement UW-River Falls is an equal opportunity, affirmative action employer subject to all state and federal regulations pertaining to non-discrimination based upon sex, gender identity or expression, sexual orientation, race, color, national origin, religion, disability, marital status, age, arrest and/or conviction record, veteran or military status. All persons, especially women, minorities, veterans, and persons with disabilities are encouraged to apply. Employment is subject to federal laws that require verification of your identity and legal right to work in the United States as required by the Immigration Reform and Control Act. Confidentiality of Applicant Materials The University of Wisconsin System will not reveal the identities of applicants who request confidentiality in writing, except that the identity of the final candidates may be released. See Wis. Stat. sec. 19.36(7). Title IX Notice As required by Title IX and federal regulations, UW-River Falls does not discriminate on the basis of sex in its education programs or activities, including in admission and employment. Questions about the application of Title IX may be referred to UWRF's Title IX Coordinator at ; the Department of Education's Office for Civil Rights; or both. For more information, please see uwrf.edu/titleIX. Annual Security and Fire Safety Report (Clery Act) The Annual Security and Fire Safety Report, which includes statistics about reported crimes and information about campus security policies can be viewed at or call University Police at for a paper copy. Criminal Background Check and Reference Check Policy Employment will require a criminal background check. It will also require you, your most recent employer, and all previous UW System institution and State of Wisconsin agency employers from the past seven (7) years to answer questions regarding sexual violence and sexual harassment per UW System Administrative Policy 1275. Other Notices Supplemental Questions
Created: 2024-11-05