Posting Number: req5823
Department: Research & Discovery Tech
Location: Main Campus
Address: Tucson, AZ USA
Position HighlightsUniversity Information Technology Services (UITS), within the University of Arizona, is seeking an Information Security Analyst II. The Information Security Analyst II will work with UA researchers to assess project information security requirements and other compliance controls, recommend, and implement appropriate controls for the protection of controlled and regulated data.
The position will work closely with department/college technology staff, the University Export Control Program, the UA Information Security Office, and the UA HIPAA Privacy Program to ensure a collaborative and common approach to security information issues across the institution. Responsibilities include the generation, review and update of documentation for the process and procedures for secure IT environments for UA research projects. The incumbent may contribute to the University of Arizona's technology architecture planning process to ensure information security is a core principle for all services.
The position will report within the Research Technologies department of UITS. Research Technologies is responsible for supporting the research mission of the University through the use of technologies and other services such High Performance Computing (HPC), data visualization, statistical and HPC consulting, and controlled and regulated data services.
Applicants must be currently authorized to work in the United States.
Outstanding UA benefits include health, dental, and vision insurance plans; life insurance and disability programs; paid vacation, sick leave, and holidays; UA/ASU/NAU tuition reduction for the employee and qualified family members; state and optional retirement plans; access to UA recreation and cultural activities; and more!
Duties & Responsibilities
- Conduct risk assessments, coordinate vulnerability scans, and penetration tests to identify security risks, and report on findings to system owners and management.
- Using output from risk assessments and requirements analysis, assist system, application, and data owners/managers with selecting IT security controls and documenting system IT security plans.
- Review existing IT security plans with system, application, and data owners/managers to ensure that controls are properly implemented, and to actively identify any gaps that may result in non-compliance with regulatory requirements.
- Support the development, documentation and management of security control plans that include IT security measures to attain and maintain compliance with various regulatory requirements, including but not limited to CMMC, OFAC, NARA, NIST, FIPS, HIPAA, etc
- Build and maintain positive working relationships with research faculty and technology staff.
- Work directly with faculty, staff, and students to provide expert guidance on federal regulations, UA policy and procedures, and IT security protocols implemented to achieve compliance.
- Respond to relevant service requests received from end-users conducting activities subject to IT security requirements.
- Conduct physical audits and inventories of IT assets used in controlled and regulated research activities, analyzing variances of IT assets with federal standards.
- Support the implementation, monitoring and audit of security controls in the University environment.
- Provide technical expertise to faculty and departmental technology staff to ensure compliance with appropriate controls, including hands-on technical assistance when needed.
- Use automated and manual testing, examination, scanning, interviewing, and discovery techniques to identify, validate, and assess IT security vulnerabilities.
- Provide reports / presentations on the status of IT security controls and industry trends to management, technical staff, and other stakeholders.
- Participate in institution-wide efforts to ensure compliant technical solutions are in place and readily accessible for researchers.
- Additional duties as assigned.
- Bachelor's degree in computer or information systems or a related area AND three years of information technology experience which may include systems administration, network administration, application design/development, middleware, identity and access management or other specific technical expertise.
- OR, five years of progressive information technology experience which may include systems administration, network administration, application design/development, middleware, identity and access management or other specific technical expertise.
- OR, any equivalent combination of experience, training and/or education.
- IT security, information technology, information assurance or related experience, with preferred service in a Federal Government, DoD Industrial Security environment, or Health Care Organization.
Knowledge, Skills, and Abilities
- In-depth knowledge of securing IT systems, networks, and data, with deep expertise in at least one of the following areas: secure development practices, system administration, network security, securing cloud resources, end-point management and protection, or access management systems.
- Familiarity with complex government (federal and/or state) security regulations.
- Ability to translate complex government security regulations into security controls both technical and administrative in nature.
- Proven strong communication (both verbal and written) and interpersonal skills.
- Ability to collaborate with a multi-functional, cross-department team.
- Ability to practice discretion around sensitive issues.
- Security specific certification such as CISA, CISM, various GIAC (such as GCED, GPPA), COMP TIA.
- Experience with cybersecurity policies based on NIST 800-53, NIST 800-171, or ISO 27001.
- Knowledge and experience with complex government regulations.
- Experience in a Higher Education environment.
- Experience leading technical initiatives in a collaborative environment.
- Experience problem-solving in secure IT environments.
Full Time/Part Time: Full Time
Number of Hours Worked per Week: 1.0
Job FTE: 1.0
Work Calendar: Fiscal
Job Category: Information Technology
Benefits Eligible: Yes - Full Benefits
Rate of Pay: $62,038 $87,281
Compensation Type: salary at 1.0 full-time equivalency (FTE)
Career Stream and Level
Type of criminal background check required: Fingerprint criminal background check (security sensitive due to title or department)
Number of Vacancies: 1
Contact Information for CandidatesGrishma Chitrakar
Open Until Filled: Yes
Documents Needed to Apply: Resume, Cover Letter, and One Additional Document
Special Instructions to Applicant
Please upload an additional document with a list of at least three professional references (one should be at least prior supervisor)
At the University of Arizona, we value our inclusive climate because we know that diversity in experiences and perspectives is vital to advancing innovation, critical thinking, solving complex problems, and creating an inclusive academic community. As an Hispanic-serving institution and a Native American/Alaska Native-serving institution, we translate these values into action by seeking individuals who have experience and expertise working with diverse students, colleagues, and constituencies. Because we seek a workforce with a wide range of perspectives and experiences, we provide equal employment opportunities to applicants and employees without regard to race, color, religion, sex, national origin, age, disability, veteran status, sexual orientation, gender identity, or genetic information. As an Employer of National Service, we also welcome alumni of AmeriCorps, Peace Corps, and other national service programs and others who will help us advance our Inclusive Excellence initiative aimed at creating a university that values student, staff and faculty engagement in addressing issues of diversity and inclusiveness.