IT Security Analyst

Title: IT Security Analyst

State Role Title: Info Technology Specialist III

Hiring Range: Commensurate with Credentials and Experience

Pay Band: 6

Agency: Norfolk State University

Location: Norfolk State University

Agency Website: www.nsu.edu

Recruitment Type: General Public - G

Job Duties

• Work with NSU's business units to identify security requirements.
• Assists in the coordination and completion of information security operations documentation.
• Develop strategies and plans to enforce security requirements and address identified risks.
• Reports to OIT and NSU's leadership concerning residual risk, vulnerabilities, and other security exposures, including misuse of information assets and noncompliance.
• Plays an advisory role in application development or acquisition projects to assess security requirements and controls and to ensure that security controls are implemented as planned.
• Collaborates on critical IT projects to ensure that security issues are addressed throughout the project life cycle.
• Develops a common set of security tools. Defines operational parameters for their use and conducts reviews of tool output.
• Performs control and vulnerability assessments to identify control weaknesses and assess the effectiveness of existing controls and recommends remedial action.
• Defines testing criteria for systems and applications.
• Responsible for the execution of risk assessment activities, analyzing the results of audits (performed by other groups) to produce recommendations of acceptable risk and risk mitigation strategies.
• Deploy, tune, and operate vulnerability-scanning and penetration-testing tools.
• Provides support and analysis during and after a security incident.
• Assists security and IT staff in the resolution of reported security incidents.
• Acts as a liaison between incident response leads and subject matter experts.
• Works within the information security governance process to define control recommendations that are both efficient and effective.
• Participates in security investigations and compliance reviews, as requested by internal or external auditors.
• Manages relationship with the audit groups.
• Provides oversight and management of audit finding remediation.
• Supports e-discovery processes to include identification, collection, preservation, and processing of relevant data.
• Maintains an awareness of existing and proposed security-standard-setting groups, state and federal legislation and regulations pertaining to information security. Identifies regulatory changes that will affect information security policy, standards, and procedures, and recommends appropriate changes.
• Monitors daily or weekly reports and security logs for unusual events.
• Maintains an awareness of existing and proposed security-standard-setting groups, state and federal legislation and regulations pertaining to information security.
• Defines security configuration and operations standards for security systems and applications.
• Develops and validates baseline security configurations for operating systems, applications, and networking and telecommunications equipment.
• Assists in the development of security architecture and security policies, principles, and standards.
• Participates in the enterprise architecture (EA) community and provides strategic guidance during the EA process.
• Researches, evaluates, designs, tests, recommends, and plans the implementation of new or updated information security technologies.
• Researches and assesses new threats and security alerts and recommends remedial actions.

Minimum Qualifications

• Minimum of three years' information security experience.
• Bachelor’s degree in information systems or equivalent work experience.
• Industry recognized recent or prior security-specific certification is required, i.e. CompTIA Security+, CISSP, SSCP, etc.
• Technical knowledge of practices and principles relating to computer and communications security, and the threats facing information systems.
• In-depth knowledge and understanding of information risk concepts and principles, as a means of relating business needs to security controls.
• Knowledge of and experience in developing and documenting security architecture and plans, including strategic, tactical and project plans.
• Experience with common information security management frameworks, such as National Institute of Standards and Technology (NIST) frameworks.
• Excellent technical knowledge of mainstream operating systems and a wide range of security technologies, such as network security appliances, identity and access management (IAM) systems, anti-malware solutions, automated policy compliance tools, and desktop security tools.
• Proficiency in performing risk, business impact, control, and vulnerability assessments.
• Experience in developing, documenting, and maintaining security policies, processes, procedures, and standards.
• Must possess good interpersonal and written and verbal communication skills, and the ability to express opinions and conclusions in a clear, technically sound manner.
• Must be able to work in a collaborative, team environment to foster the mutual exchange of knowledge and expertise.
• Must be a "self-starter" and be able to proactively identify problems (or potential problems) and propose solutions. Initiative and creativity are important qualities to make this position successful.

Additional Considerations

• Master’s degree in information security.
• Five years' information security experience.
• Prior higher education information technology work experience.
• Audit, compliance or governance experience.

Special Instructions

You will be provided a confirmation of receipt when your application and/or résumé is submitted successfully. Please refer to “Your Application” in your account to check the status of your application for this position.

Contact Information

Name: Norfolk State University

Phone: 757-823-8160

Email: No email address is needed.

In support of the Commonwealth’s commitment to inclusion, we are encouraging individuals with disabilities to apply through the Commonwealth Alternative Hiring Process. To be considered for this opportunity, applicants will need to provide their AHP Letter (formerly COD) provided by the Department for Aging & Rehabilitative Services (DARS), or the Department for the Blind & Vision Impaired (DBVI). Service-Connected Veterans are encouraged to answer Veteran status questions and submit their disability documentation, if applicable, to DARS/DBVI to get their AHP Letter. Requesting an AHP Letter can be found at AHP Letter or by calling DARS at 800-552-5019.

Note: Applicants who received a Certificate of Disability from DARS or DBVI dated between April 1, 2022- February 29, 2024, can still use that COD as applicable documentation for the Alternative Hiring Process.