As a member of the Information Technology (IT) Security team, the Senior IT Risk Analyst collaborates with the campus IT community and leadership to conduct comprehensive analysis of highly complex on premise and cloud-based IT infrastructure, systems and applications to identify and classify potential and actual risk to data, business and IT infrastructure. The Senior IT Risk Analyst will apply advanced, broad knowledge of an array of technologies including high performance, distributed, network and web computing environments which supports academic, research and administrative functions within the university. The Senior IT Risk Analyst will conduct detailed risk assessments of cyber threats to determine the potential impact upon the organization; recommends remediation strategies including risk-based prioritization of action items. Coordinates and collaborates with campus IT community and members of IT Security team to deliver advanced level information security services including needs assessment, solution development, and training to promote established security standards and controls to ensure secure networks, infrastructure, applications, databases and end-user computing capabilities. Provides guidance and consultation in accordance with federal, state and University compliance/regulations. Evaluate, develop and recommend new information security assessment tools/techniques; contributes to disaster recovery planning; conducts vendor assessments to determine product security compliance when required by the UC procurement process. Additional responsibilities may include systems engineering and administration, vendor/software evaluation, product research and proposal development. May work after-hours as needed or assigned.
Percentage of Time:
Qualifications for Position
Minimum of five years of experience applying advanced level knowledge and applied expertise with server and desktop operating systems (Windows, Unix, Mac, etc.)
Advanced knowledge of server configurations, RAID, SAN, server clustering, networking protocols, DNS, DHCP, SMTP, VPN technologies, firewalls, and security certificate technologies.
Demonstrated advanced skill in developing and implementing methods and procedures to ensure information security and data integrity.
Demonstrated advanced ability to deploy, configure and maintain multiple malware protection software for multiple platforms (Symantec, McAfee, Trend Micro, etc.)
Advanced knowledge of Ethernet network topologies.
Demonstrated skill in using network analysis tools (e.g. tcpdump, flow-tools, Snort, Packet/Flow analysis, etc.)
Advanced skill in using web application scanning technologies (AppScan and/or SPI Dynamics WebInspect, etc.)
Advanced ability to evaluate hardware and software, devise benchmarks, draw comparisons, and write reviews.
Ability and willingness to work after-hours as needed or assigned.
Demonstrated skill in establishing and maintaining cooperative working relationships.
Possess the verbal and written communication skills to work effectively with technical and non-technical personnel at various levels in the organization; ability to use standard English grammar and punctuation.
Bachelor's degree in Computer Science, Engineering, Information Systems (or similar) OR five years of relevant professional experience and education.
Information Systems Security Professional (ISSP) certification.
Advanced skill in using web application scanning technologies (AppScan, Qualys, and/or SPI Dynamics WebInspect, etc.)
Additional Posting Information
External Posting Date: