Reporting to the Head, Risk Management, the Information/Cyber Security Analyst is responsible for information security policy development and maintenance; design of security policy education, training, and awareness activities; monitoring compliance with branch IT security policy and applicable law; and coordinating investigation and reporting of security incidents. Working with the Information Technology department, the incumbent will monitor, assess, and fine-tune the UIS IT business continuity and disaster recovery program, perform network penetration tests, application vulnerability assessment scans and risk assessment reviews.
ESSENTIAL FUNCTIONS AND ACCOUNTABILITIES:
- Assists in the implementation of data access security measures by identifying, analyzing and resolving security and system problems relating to data access security, applications, programs and functions;
- Monitors computer data network system, including LAN and WAN, firewall and anti-spam data security infrastructure;
- Investigates incidences of data access violations and data corruption or loss and reports findings to supervisor for direction or resolution;
- Maintains the information systems security database by joining or separating users to various system applications; coordinates the registration of users to the system and respective access levels with departmental coordinators;
- Monitors and audits the information system security database to isolate and identify occurrences of illegal or unauthorized access; prepares reports and/or memoranda recommending corrective action;
- Investigates and corrects security related problems to ensure data information system integrity;
- Performs analyses of data security systems to keep management informed of system utilization patterns; prepares reports on same;
- Coordinate response to information security incidents
- Create, manage and maintain user security awareness
- BA or BS in Computer Science, Management Information Systems, or related field.
- 5-7 years of progressive experience in computing and information security, including experience with Internet technology and security issues.
- Experience should include network security, application vulnerability assessments, risk analysis and compliance testing. CISSP, GIAC, or other security certifications desired.
- Knowledge of information security standards (e.g., ISO 17799/27002, etc.), rules and regulations related to information security and data confidentiality (e.g., FERPA, HIPAA, etc.) and desktop, server, application, database, network security principles for risk identification and analysis.
- Strong analytical and problem solving skills.
- Excellent communication (oral, written, presentation), interpersonal and consultative skills.
- Cloud environment experience a plus