Position Title: Senior Information Security Analyst
Position Type: Regular
Salary Range: $107,300 – $145,000 annual; commensurate with experience
Pay Frequency: Annual
A. POSITION PURPOSE
The Senior Information Security Analyst is focused on identifying, documenting, and communicating information security risk and compliance across campus, and works with stakeholders to mitigate those risks. The Senior Information Security Analyst assesses and documents the university’s risk and compliance posture as they relate to information assets, establishes and enhances relationships with business owners and data stewards to improve information security, and identifies where processes or controls should be adjusted or added to meet compliance objectives. Secondary duties include the review, design, and testing of information systems security plans and procedures, performing security reviews and audits, researching and recommending security solutions, advising on network, systems and application-level security configurations, and investigating and mitigating security incidents.
The Senior Information Security Analyst is a member of the Information Security Office. This office works with the university community to secure system and network resources, protect the confidentiality of student, faculty, and staff information, and raise cybersecurity awareness. In conjunction with technical teams, risk management, legal and other university and external vendors and partners, the Information Security Office works to ensure regulatory compliance, best practices, and secure information handling.
The activities of this position must support the Mission and Goals of the University and Information Services. Demonstrated experience with and a commitment to delivering excellent customer service is required.
ESSENTIAL DUTIES AND RESPONSIBILITIES
- Lead the development and implementation of the risk management function of the information security program to ensure information security risks are identified, monitored, and mitigated.
- Assess computer hardware, software, systems, and cloud resources for security risks and compliance gaps, and work with Information Services staff, campus staff, and technology vendors to identify and implement solutions.
- Assess, evaluate, and make recommendations to management regarding the adequacy of the security controls for the University’s information and technology systems.
- Develop and maintain a university-wide risk register for cyber risk, regularly reporting issues and progress to key stakeholders.
- Develop, advocate, and implement effective and reasonable policies and practices to secure data and ensure compliance with relevant regulations, contractual obligations, and industry standards.
- Work with internal stakeholders and outside consultants as appropriate on security assessments, audits, or security-related projects.
- Interact in both oral and written communications with all levels of university staff, students, and technology vendors and contractors in matters related to information security and awareness.
- In conjunction with the ISO team, lead campus response to any information security incidents.
- Advocate for information security best practices.
- Promote security awareness across the organization
- Other duties as assigned.
PROVIDES WORK DIRECTION
This position does not have any direct reports.
- Identifies the level of information system adherence to applicable security standards, guidelines and regulations, formulates recommendations, and tracks remediation efforts.
- Interacts with the University community to identify potential security issues, and to foster relationships between the Security Office and the broader University community.
- Researches improvements to the information security posture of the university, and makes recommendations.
- Prepares and submits reports as requested and required.
To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The items below are representative of the knowledge, skills, abilities, education, and experience required or preferred.
This position requires the ability to effectively establish and maintain cooperative working relationships within a diverse multicultural environment.
1. Knowledge, Skills and Abilities
- Knowledge of information technology, campus technology, and information security issues and trends in higher education, and ability to continually develop new knowledge regarding the same.
- Ability to listen and understand customer needs.
- Ability to plan, implement, and evaluate customer service initiatives.
- Ability to work in a collaborative environment, as either a member or leader of a team, to meet deadlines and achieve goals.
- Ability to interact with a diverse workforce to provide excellent customer service.
- Self-motivated and shows initiative.
- Ability to successfully manage multiple projects simultaneously.
- Proven track record in project planning and project management.
- Ability to exercise independent judgment and engage in critical thinking and problem solving.
- Ability to work effectively under pressure in a busy (sometimes chaotic) and demanding information services environment.
- Ability to explain technical, risk, and security concepts and policies to non-experts.
- Ability to give presentations on technical issues to a broad range of audiences.
- Ability to foster and maintain good working relationships with faculty, administrators, students, senior management, and other leaders.
- Ability to handle sensitive matters with diplomacy.
- Ability to maintain confidentiality and manage confidential information.
- Must possess impeccable integrity.
- Ability to speak truth to power.
- Appreciation for the University’s mission, vision, values, priorities, procedures, and policies.
- Understanding of information security risk management and compliance practices.
- Ability to develop security standards and guidelines based on best practices and industry standards.
- Knowledge of securing network technologies, operating systems, and cloud applications.
- Understanding of common security and privacy standards, regulations, and frameworks relating to a higher education environment (e.g., FERPA, PCI DSS, GLBA, HIPAA, GDPR, NIST 800-171, NIST CSF, etc.)
- Understanding of, and preferably experience working in, cloud-based computing environments
- Experience responding to, analyzing, and communicating information security incidents.
- Executes responsibilities with integrity and maintains the trust and confidence of senior management
- Works under limited supervision
- Bachelor degree required or equivalent combination of education and experience
- GIAC, CISA, CISM, or CISSP certification preferred
- 8-10 years of related experience in risk management, cybersecurity, and/or information technology
- Strong analytical skills and the ability to resolve complex problems
- Proven ability to work independently
- Strong interpersonal and communication skills and ability to effectively communicate with management, faculty, staff, students, and external parties
- Experience working for the needs of Higher Education organizations is preferred
The physical demands described below are representative of those that must be met by an employee to successfully perform the essential functions of this job. In accordance with the Americans with Disabilities Act, as amended, the California Fair Employment & Housing Act, and all other applicable laws, SCU provides reasonable accommodations for qualified persons with disabilities. A qualified individual is a person who meets skill, experience, education, or other requirements of the position, and who can perform the essential functions of the position with or without reasonable accommodation.
- Considerable time is spent at a desk using a computer terminal
- Will be required to travel to other buildings on the campus
- May be required to occasionally travel to remote campuses, outside customers, vendors or suppliers
- May be required to attend conference and training sessions within Bay Area or in- or out-of-state locations
The work environment characteristics described below are representative of those an employee encounters while performing the essential functions of this job.
- Typical office and computer lab environment
- Mostly indoor office environment with windows
- Offices with equipment noise
- Offices with frequent interruptions
Equal Opportunity/Notice of Nondiscrimination
Santa Clara University is an equal opportunity/equal access/affirmative action employer fully committed to achieving a diverse workforce and complies with all Federal and California State laws, regulations, and executive orders regarding non-discrimination and affirmative action. Applications from members of historically underrepresented groups are especially encouraged. For a complete copy of Santa Clara University’s equal opportunity and nondiscrimination policies, see website. To request a paper copy please call Campus Safety at (408) 554-4441. The report includes the type of crime, venue, and number of occurrences.
To view the full job posting and apply for this position, go to https://wd1.myworkdaysite.com/en-US/recruiting/scu/scu/job/Santa-Clara-CA/Senior-Information-Security-Analyst_R1804