You are viewing a preview of this job. Log in or register to view more details about this job.

Cybersecurity Risk Analyst or Senior Cybersecurity Risk Analyst

University of Illinois Urbana-Champaign - Technology Services
Email
Cybersecurity Risk Analyst or Senior Cybersecurity Risk Analyst
Technology Services
University of Illinois, Urbana-Champaign
 
Every organization faces risks in pursuing its central mission. Digital resources could face compromise of the confidentiality, integrity and availability of the data and services necessary to deliver on that mission.
 
The Cybersecurity Risk Analyst role performs a valuable customer service for units university-wide by collecting information about the data and technologies used in performing university business, teaching, and research processes, applying analytical skills to identify and catalog risk in those processes. The Analyst then works with unit managers and IT professionals to help them understand the risks they face, and when risks do not fall within predetermined acceptable risk levels, work with university leadership to obtain their risk decision on whether to avoid, mitigate, or accept the risks discovered, to enable the university to achieve its teaching and research mission.

The Risk Analyst role is a unique one that requires a level of technical understanding of the issues and possible mitigations for various risks, as well as excellent customer service skills to deliver risk analysis as a service to our valued university customers and maintaining the understanding that we exist to help the university get its business done. Much of the analyst's daily work is performed alone, so self-motivation is required, but the work is not solitary. The successful candidate will be an integral part of a collegial team where innovative ideas are encouraged, contributions are respected, and documentation/ training/help/advice is available when needed, with opportunities to be involved in collaborative projects across the university arising as well.
 
The University of Illinois is a world leader in research, teaching, and public engagement. We serve the state, the nation, and the world by creating knowledge, preparing students for lives of impact, and addressing critical societal needs through the transfer and application of knowledge.
 
Why Work at Technology Services?
Highlights of Employee Benefits (PDF)
 
The University of Illinois is an Equal Opportunity, Affirmative Action employer that recruits and hires qualified candidates without regard to race, color, religion, sex, sexual orientation, gender identity, age, national origin, disability or veteran status. For more information, visit http://go.illinois.edu/EEO.
 
PRIMARY POSITION FUNCTION
The Cybersecurity Risk Analyst applies cross-disciplinary Information Technology, IT security, and Risk and Compliance knowledge to provide risk-focused privacy and security analysis assistance to customers across the university, which can include one or more of the following: cybersecurity risk consulting, risk reporting and assignment, project and purchase reviews, exception requests, security event monitoring, metrics gathering, security-focused reports, and risk-related assessments, as needed. The goal is to assist in the facilitation of the strategic, efficient, and timely measurement, management, notification of, acknowledgement, and mitigation of cybersecurity risks.

The Senior Cybersecurity Risk Analyst also leads and delivers on security projects in their assigned domain(s) and provides guidance to other staff.
  
MAJOR DUTIES AND RESPONSIBILITES
Consult with the Privacy and Security team, university customers, and strategic partners on IT-related risks, requirements, policies, and standards.
  • Work with units, end users, and IT Professionals to advise on and provide user-focused education about security practices that align with the university’s NIST-based cybersecurity policies, standards, and other requirements, as well as all applicable legal and regulatory requirements.
  • Serve as a consultation resource for the Privacy and Security team, faculty, researchers, IT Professionals, and other employees on the subject of restricted data logistics, risks, and requirements.
  • Consult with faculty and researchers on the development of technology control plans and grant proposals, as well as the fulfillment of cybersecurity risk and compliance requirements for grants.
  • Advise on university requirements for development, implementation, and refinement of solutions for security monitoring, detection, and response with members of the operational Cybersecurity teams.
  • Actively network and maintain relationships within the university community.
  • Proactively communicate relevant security-related information. Stay informed of needs and initiatives.
  • Facilitate the university cybersecurity risk process amongst stakeholders, risk owners, data stewards, and executive decision makers.
Work independently to process and complete risk analysis tasks, work orders, projects, and duties on behalf of Security’s Governance, Risk, and Compliance function, in a timely manner. Typical assignments may include, but are not limited to:
  • Risk and compliance reviews of projects and purchases; proposals and Requests for Proposals (RFP); and policy and/or standards exception requests.
  • Conduct/assist with periodic security assessments of systems and tools used across the university.
  • Produce risk and compliance assessment reports.
  • Draft and review documentation, such as:
  • analysis documents for technical, administrative, or procedural security issues
  • procedural documentation/playbooks
  • team documentation.
  • Participate in the cybersecurity risk management aspects of IT and administrative operations.
  • Assist with the development and maintenance of risk-aware procedures, as well as disaster recovery and business continuity plans for Technology Services.
Represent the IT Security office in collaborative and strategic initiatives, applying expertise independently on projects and programs
  • Participate in and facilitate internal and external meetings. Drive discussions as needed to represent the needs of the assigned domain(s). Present findings/reports to technical and non-technical audiences.
  • Provide excellent customer service on behalf of the IT Security office.
  • Advocate for Technology Services or other clients and partners in service planning and deployment across the organization. Provide recommendations for continual process improvement across all Security workflows.
  • Draft and review documentation such as analyses of technical, administrative, or procedural security issues, procedural documentation/playbooks, and team documentation.
 Develop and maintain personal and professional excellence through university-provided and external training/ seminars/courses, staying abreast industry trends, methods, and published literature, and participating in manager-approved innovation programs and individual development initiatives.

Senior Cybersecurity Analyst - Additional Responsibilities
  • Cultivate subject-matter expertise and skills in less experienced cybersecurity staff, in coordination with management.
  • Provide recommendations on emerging issues and the resources needed to address them for assigned domain(s) to inform management decision-making.
  • Provide recommendations for continual process improvement across all Security workflows.
 
QUALIFICATIONS
Required Qualifications
  • Bachelor’s degree in a field related to the position.
  • One year of education, training, and/or work experience in information technology, risk management, compliance, auditing, data governance, or closely related field.
Senior Cybersecurity Risk Analyst - Additional Requirements
  • Three years* of experience in information technology, risk management, compliance, auditing, data governance, or closely related field. (*Replaces the one year requirement for the Analyst level)
  • Demonstrated experience in cybersecurity.
Preferred Qualifications
  • Cybersecurity Certifications: SANS, CISSP, or similar
  • Assessment & Risk Management Certifications: CISA, CRISC, or similar
  • Cloud Certifications: Cloud AWS Certified Security, CCSP or similar
  • Experience in an academic/higher education campus IT environment
  • Experience with large-scale enterprise computing environments
  • Customer engagement/customer service experience in a high-volume environment, managing multiple requests and projects with multiple stakeholders who may have competing priorities
  • Experience authoring and presenting a wide range of formal and informal business and technical communications tailored to individual or plural organizational audiences
  • IT policy experience, or cybersecurity Governance, Risk and Compliance experience
  • Experience working with policies and standards based on recognized industry framework (e.g. NIST, ISO, COBIT)
  • Team leadership experience
  • Experience performing operational cybersecurity duties in a professional environment •Experience implementing cybersecurity projects
  • General IT experience with one or more of the following: mobile or web application development, programming/scripting languages, network engineering, system administration or operations, cloud platforms, data security, incident response, security engineering, network security, systems security, vulnerability management.
  • Experience with one or more of the following Governance, Risk, and Compliance skills: secure IT operations, security assessment and testing, risk management principles, practices, methods, and techniques.
KNOWLEDGE, SKILLS, AND ABILITIES
  • Excellent attention to detail
  • Problem-solving ability
  • Demonstrated ability in effective communication and collaborating in a high-performance team environment, including oral, written, and active listening
  • Demonstrated commitment to customer service and customer satisfaction principles. •Ability to collaborate positively and effectively with diverse workgroups.
  • Ability to maintain high security/privacy controls when dealing with sensitive information
 
Salary and Appointment Information
This is a full-time, year-round Civil Service Program Coordinator position. The expected start date is as soon as possible after June 16, 2022. Salary is commensurate with experience.
 
To Apply:
Applications must be received by June 16, 2022. Applications not submitted through this website will not be considered.
 
The University of Illinois conducts criminal background checks on all job candidates upon acceptance of a contingent offer. Convictions are not a bar to employment. Other pre-employment assessments may be required, depending on the classification of Civil Service employment.
 
As a qualifying federal contractor, the University of Illinois System uses E-Verify to verify employment eligibility.
 
The University of Illinois System requires candidates selected for hire to disclose any documented finding of sexual misconduct or sexual harassment and to authorize inquiries to current and former employers regarding findings of sexual misconduct or sexual harassment. For more information, visit Policy on Consideration of Sexual Misconduct in Prior Employment.
 
The University of Illinois must also comply with applicable federal export control laws and regulations and, as such, reserves the right to employ restricted party screening procedures for applicants.
 
University of Illinois faculty, staff and students are required to be fully vaccinated against COVID-19. If you are not able to receive the vaccine for medical or religious reasons, you may seek approval for an exemption in accordance with applicable University processes.