Information Security Analyst III (C)

University of Wisconsin System - River Falls, WI

posted 4 months ago

Full-time - Mid Level
Hybrid - River Falls, WI
Educational Services

About the position

The Information Security Analyst III (C) position at the University of Wisconsin-River Falls (UWRF) is a critical role within the Division of Technology Services (DoTS). This position is designed for a subject matter expert in information security, focusing on the protection of UWRF's IT assets. The analyst will be responsible for implementing and optimizing security measures in accordance with the NIST framework, which includes the key functions of Identify, Protect, Detect, Respond, and Recover. The role requires a comprehensive understanding of the eight security domains as defined by the International Information Systems Security Certification Consortium (ISC)². In this role, the analyst will monitor, respond to, analyze, and escalate cybersecurity threats affecting UWRF's IT infrastructure. This includes developing security standards and procedures, conducting software security assessments, and managing privileged access in line with UW System policies. The analyst will utilize a variety of cybersecurity tools to detect and mitigate threats, ensuring the confidentiality, integrity, and availability of UWRF's information systems. The position also involves collaboration with other teams within DoTS to enhance the overall security posture of UWRF. The analyst will lead discussions on effective use of cybersecurity tools, evaluate new software for security risks, and participate in incident response activities. Continuous education and awareness training for staff and students regarding cybersecurity best practices will also be a key responsibility. The role requires flexibility in working hours, including coverage during unplanned outages or planned upgrades, and may involve a hybrid work model based on business needs.

Responsibilities

  • Monitors, analyzes, responds to, and escalates cybersecurity threats and vulnerabilities that pose a risk to the confidentiality, integrity, and availability of UWRF IT assets.
  • Utilizes various cybersecurity tools to monitor, detect, respond to, and escalate cybersecurity threats and vulnerabilities to UWRF IT Assets.
  • Documents results of activities identifying risks, response, resolution, mitigation, escalation, and acceptance utilizing various tools such as Teams channel, Technology Service Management software (ITSM), and other internal tools.
  • Makes recommendations of documentation best practices.
  • Utilizes various external resources to increase awareness of cybersecurity threats and system and services vulnerabilities.
  • Works with DoTS and UWRF staff to eliminate or mitigate threats and vulnerabilities.
  • Develops standard operating procedures for the daily, weekly, and monthly process to monitor, detect, respond to, and escalate cybersecurity threats and vulnerabilities to UWRF IT Assets.
  • Configures and manages UWRF cybersecurity tools, optimizing functionality and features to maximize effectiveness for detecting, responding, and resolving cybersecurity threats and vulnerabilities to UWRF IT Assets.
  • Strives to be a subject matter expert of all UWRF Cybersecurity tools, understanding features and functionality, how to configure for maximum effectiveness and efficiency for monitoring and detection of threats to UWRF IT assets and vulnerabilities of UWRF IT systems and services.
  • Works with DoTS staff as required for the daily, weekly, and monthly management of UWRF cybersecurity tools to monitor, detect, respond to, and escalate cybersecurity threats and vulnerabilities to UWRF IT Assets.
  • Makes recommendations for improvements in tools and procedures to improve the process and effectiveness of monitoring, detecting, and resolving threats and vulnerabilities to UWRF IT Assets.
  • Works with external resources and cloud-based services for the monitoring, detection, response, and escalation of cybersecurity threats and vulnerabilities.
  • Leads monthly cybersecurity team discussions and recommendations around effective use of cybersecurity tools features and functionality, best practice configuration, vendor recommendations, and gaps in cybersecurity toolset.
  • Evaluates security risks of new software and makes recommendations to security practices and configuration for UWRF new and existing IT Assets.
  • Participates in Incident Response per policy for security events that compromise the CIA of UWRF IT assets.
  • Performs forensic investigation to determine the extent of compromise documenting results and recommending mitigation to reduce impact of incidents.
  • Participates in after-action follow-up work including creating timelines of events and identifying opportunities for improvement or failures in process.
  • Is knowledgeable and complies with all UW System and UWRF information security policies, procedures, and guides.
  • Keeps abreast of cybersecurity trends through classes, conferences, and research.
  • Participates in internal and external Information Security audits as directed.

Requirements

  • Must be a US Citizen.
  • Two Year Degree in information technology or related field.
  • Two years of experience working in cybersecurity.
  • Ability to pass Wisconsin Department of Justice, Crime Information Bureau, finger-printed background check (CJIS) conducted by the University Police department within six months of hire and must maintain this status as a condition of employment.
  • Sufficient mobility and dexterity to move about the university; manual dexterity to pull, handle, move and manipulate equipment, ability to read computer monitors, ability to work with keyboard, mouse and monitor for extended time periods.
  • Experience with a variety of cybersecurity tools for monitoring, detecting, responding, and resolving threats and vulnerabilities.
  • Experience with implementing and configuring information security tools using industry best practices and institutional policies.
  • Demonstrated ability to think critically and analytically for conducting investigations and problem solving.
  • Effective skills in productivity and work prioritization.
  • Proven ability to function as either a member of a team or team leader to engage in productive collaboration.

Nice-to-haves

  • Bachelor's degree in information technology or related field.
  • Three or more years of experience working in cybersecurity.
  • Cybersecurity certification in security operations or other cybersecurity domain by a recognized cybersecurity organization.
  • Solid understanding of cybersecurity concepts and various security domains and frameworks such as COBIT, CISA, HITRUST, (ISO) 27001, NIST, PCI DSS.
  • Knowledge of information technology fundamentals including network infrastructure, servers and storage, endpoint architecture, cloud services, web services and software development.
  • Effective soft skills including active listening, oral and written communication skills, and social skills for effective interaction with colleagues and students.
  • Project management and organizational skills for efficient and effective execution of job duties and small to medium size projects.

Benefits

  • Dental insurance
  • Health insurance
  • Paid sick time
  • Retirement plan
  • Vision insurance

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service