Information/Cyber Security Analyst

Overview

JOB SUMMARY:   

Reporting to the Head, Risk Management, the Information/Cyber Security Analyst is responsible for information security policy development and maintenance; design of security policy education, training, and awareness activities; monitoring compliance with branch IT security policy and applicable law; and coordinating investigation and reporting of security incidents. Working with the Information Technology department, the incumbent will monitor, assess, and fine-tune the UIS IT business continuity and disaster recovery program, perform network penetration tests, application vulnerability assessment scans and risk assessment reviews.

ESSENTIAL FUNCTIONS AND ACCOUNTABILITIES:

• Assists in the implementation of data access security measures by identifying, analyzing and resolving security and system problems relating to data access security, applications, programs and functions;
• Monitors computer data network system, including LAN and WAN, firewall and anti-spam data security infrastructure;
• Investigates incidences of data access violations and data corruption or loss and reports findings to supervisor for direction or resolution;
• Maintains the information systems security database by joining or separating users to various system applications; coordinates the registration of users to the system and respective access levels with departmental coordinators;
• Monitors and audits the information system security database to isolate and identify occurrences of illegal or unauthorized access; prepares reports and/or memoranda recommending corrective action;
• Investigates and corrects security related problems to ensure data information system integrity;
• Performs analyses of data security systems to keep management informed of system utilization patterns; prepares reports on same;
• Coordinate response to information security incidents
• Create, manage and maintain user security awareness

MINIMUM QUALIFICATIONS:

• BA or BS in Computer Science, Management Information Systems, or related field.
• 5-7 years of progressive experience in computing and information security, including experience with Internet technology and security issues.
• Experience should include network security, application vulnerability assessments, risk analysis and compliance testing. CISSP, GIAC, or other security certifications desired.
• Knowledge of information security standards (e.g., ISO 17799/27002, etc.), rules and regulations related to information security and data confidentiality (e.g., FERPA, HIPAA, etc.) and desktop, server, application, database, network security principles for risk identification and analysis.
• Strong analytical and problem solving skills.
• Excellent communication (oral, written, presentation), interpersonal and consultative skills.
• Cloud environment experience a plus