GRC Security Analyst - Office of Innovative Technologies

GRC Security Analyst - Office of Innovative Technologies - 24000002G4 

Description

 Notice: The University of Tennessee is transitioning to a new career site in January 2025. There may be a period in which our applicant website is unavailable for new applications. Current applications will be reviewed by hiring committees, but new accounts will be necessary for future applications. Thank you for your patience.

*****

Security Analyst – GRC

The University of Tennessee Knoxville, Office of Innovative Technologies is seeking applicants to fill 3 IT Analyst II positions.

Market Range:  MR12

The IT Administrator/Analyst II positions will be information security analysts directed by the Chief Information Security Officer.  As a Security Analyst, you will play a pivotal role in safeguarding the University’s digital assets and sensitive information. Leveraging your experience, you will assist with the development and implementation of robust security measures to identify, assess, and mitigate potential risks. Your general responsibilities will include incident response, analyzing vulnerabilities, and recommending effective countermeasures to ensure the integrity, confidentiality, and availability of our systems, particularly with respect to Governance, Risk and Compliance as it relates to information security.  Collaborating closely with cross-functional teams and departmental leadership, you will also provide guidance on emerging threats to develop security solutions, including the evaluation of risk, costs to the university, and impact to the university community. 

 

Qualifications

 

Duties and Responsibilities:

·         Participate in IT security incident response services for all UT Knoxville departments, units, and colleges

·         Contribute to the design, deployment and management of technical security solutions, including systems, networks, SaaS, PaaS, and/or databases

·         Engage directly with University of Tennessee, Knoxville personnel on problem resolution, training, and policy and procedure guidance regarding IT security

·         Assist in the implementation of the GRC program to support business objectives, aligned with industry best practices and regulatory requirements.

·         Assist to define and monitor IT risk and compliance training programs.

·         Assist in conducting risk assessments, supporting the development and adherence of risk mitigation strategies, and maintaining the risk register.

·         Support audit activities by gathering evidence, conducting preliminary assessments, and assisting in the remediation of audit findings.

·         Assist in evaluating and managing risks associated with third-party vendors and service providers through vendor risk assessment processes.

·         Evaluate SaaS security solutions including risk, costs to the university, and impact to the user community

·         Provide guidance for cloud solutions such as Azure, AWS, GCP, and OCI

·         Provide technical evaluation on IT security solutions, frameworks, techniques, and applications

·         Provide guidance in the holistic development and enhancement of the IT Security Program

Required Qualifications:

·         High School diploma or GED

·         Two (2) years’ experience providing Information Security services for enterprise

·         Knowledge of advanced security concepts and enterprise responses

·         Ability to produce highly technical reports and communicate importance to stakeholders

·         Knowledge of security concepts and enterprise responses associated with cybersecurity.

·         Ability to correlate current security trends into protection mechanisms/mitigation for UTK.

·         Ability to work directly with personnel and provide solutions based on risk and business needs. 

·         Ability to produce highly-technical reports and communicate importance to different shareholders. 

·         Knowledge of compliance standards/frameworks/maturity models

·         Advanced organization, communication, analysis, and troubleshooting skills.

Preferred Qualifications:

·         Bachelor’s Degree in IT related field

·         Three (3) to five (5) years’ experience providing Information Security services for enterprise

·         Experience in Higher Education serving in a technical security role

·         ISC2 CISSP (Certified Information Systems Security Professional)

·         SANS Certification(s) particularly Risk Management focused

·         Ability to create, communicate, and maintain policy/program-level documents.

·         Ability to interface with senior technical and business management.

·         Knowledge specific to compliance standards/frameworks/maturity models employed by the University

 

Job

  Information Technology Professional 

Primary Location

  US-Tennessee-knoxville 

Organization

  Vc Info Infrastructure # Oit General 

Schedule

  Full-time Campus/Institute  Knoxville 

Job Posting

  Nov 20, 2024, 3:31:01 PM