Cybersecurity Risk Analyst #AS8564
Cybersecurity Risk Analyst
(Contingent upon available funding):
41,760.00 - 62,760.00, Salary
Monday-Friday, 8 am - 5 pm
Faculty Appt Period:
The Cybersecurity Risk Analyst provides risk analysis and compliance program support for the Oklahoma State University IT Information Security Office. Responsibilities include evaluating security risks and compliance strategies; offering direction, guidance and consultation; and making recommendations for the improvement in information security of IT systems primarily for the Oklahoma State University system and for the Oklahoma A&M Colleges upon request. The incumbent coordinates proactive and distributed information security management programs to ensure the continuous availability, confidentiality, and integrity of information assets owned and used by the university community, consistent with university management's informed risk tolerance.
A successful individual will have exceptional information security expertise as well as project management, report writing, business analysis, solution implementation skills and the ability to work under broad policy guidance. This individual must exercise sound judgment in working collaboratively and communicate effectively within a challenging environment in a visible role.
This position reports to the Information Security Office and serves as a campus technical expert on information security risk analysis and compliance matters. The incumbent works with the entire university community in a consultative manner. The incumbent should understand organizational missions, values and goals, analyze information risks which threaten those objectives, recommend and guide large cross-functional and campus-wide teams towards appropriate security control solutions, and assist in implementing and auditing those solutions to materially reduce operational and compliance based exposures.
Due to communication expectations of the position, the incumbent will be required to maintain cellular or other electronic communication device. The incumbent's salary includes additional compensation to apply toward the use of their personal cellular device. Work schedule may extend beyond regular office hours of 8 am to 5 pm Monday to Friday, as needed to complete assignments.
Special Instructions to Applicants
A resume, cover letter, and references are required to complete the application process. Educational transcripts may be attached to the application, or mailed to: Oklahoma State University, Attn: Cybersecurity Risk Analyst, 101 IT Building, Stillwater, OK 74078. For full consideration, submit application by July 16th, 2021.
Education & Experience
Bachelor's degree in related field. Five years of related work experience in any of the below areas OR post-secondary education may substitute for up to two (2) required years of work experience.
Design and/or implementation of IT infrastructure including security controls
IT systems/server/database administration including systems hardening and security policy implementation
Conducting risk assessments and use of risk assessment tools
Auditing: internal, government, forensic, independent/external
Must be willing to complete the requirements for the Certified Information Systems Auditor (CISA) or Certified Information Systems Security Professional (CISSP).
Excellent interpersonal, influencing skills, and ability to develop and maintain strong professional relationships across all levels of organizational hierarchy
Excellent verbal and written communication skills, and ability to communicate technical concepts and transform them into usable documented material for non-technical users
Ability to analyze processes, apply regulations and standards, and identify and communicate risks, security controls, and solutions.
Must have a high level of personal integrity.
Must be able to lift and carry up to 25 pounds.
Bachelor's degree in Computer Science, MSIS, Technical Writing, or related field.
Three (3) years working in complex information technology environments consisting of multiple technology platforms.
Three (3) years of information security experience including conducting risk assessments/audits/reviews of information systems with the goal of assessing and/or mitigating information security threats/risks within a large university environment.
Experience with security requirements, systems, and security architecture, as related to compliance standards; such as found in FISMA, FERPA, HIPPA, PCI-Standards, or other regulatory act(s) or bodies is highly desired.
Experience in developing policies and procedures related to regulatory compliance and information security is a plus.
Experience with securing Oracle, Banner, or Cloud systems a plus.
Experience with NIST 800-171 compliance highly desired
Possess one or more of the following: Security Essentials Certification (GSEC); Certified Information Systems Auditor (CISA); Certified Fraud Examiner (CFE); Microsoft Certified IT Professional (MCITP); Microsoft Certified Technology Specialist (MCTS)
Knowledge and understanding of the role of information security in system design/architecture and implementation, including, network security, information security audits, security awareness training, and information security risk management. Possess a strong knowledge and understanding of information security compliance and auditing techniques with experience conducting risk assessments and using risk assessment tools.
Oklahoma State University (OSU) strives to provide a safe study, work, and living environment for its faculty, staff, volunteers and students. To support this environment and comply with applicable laws and regulations, OSU conducts pre-employment background checks on final candidates. Offers of employment are contingent upon the successful completion of a background check. The type of background check conducted varies by position and can include, but is not limited to, criminal (felony and misdemeanor) history, sex offender registry, motor vehicle history, financial history, and/or education verification. Background checks will be conducted when required by law or contract and when, in the discretion of the university, it is reasonable and prudent to do so.
Oklahoma State University, as an equal opportunity employer, complies with all applicable federal and state laws regarding non-discrimination and affirmative action. Oklahoma State University is committed to a policy of equal opportunity for all individuals and does not discriminate based on race, religion, age, sex, color, national origin, marital status, sexual orientation, gender identity/expression, disability, or veteran status with regard to employment, educational programs and activities, and/or admissions. For more information, visit eeo.okstate.edu.