Overview: The Information Security Analyst is a critical member of the University of Minnesota Foundation’s (UMF) IS department. The department is responsible for the database of all University alumni, donors and prospects; and the related systems necessary to support the activities of UMF and its University partners. These systems are used by approximately 2,000 active users in a complex and dynamic environment increasingly driven by the need for information and technology.
This position is responsible for analyzing, implementing and maintaining critical information security processes and procedures that support UMF’s information security program. This includes developing and delivering information security training to UMF and University-wide development community and representing information security in other UMF or University-wide development initiatives.
This position works closely with University Information Security and other University technology partners as well as external third-party consultants.
Responsibilities: Vendor Risk Assessment (25%)
Review vendor information security practices to identify and evaluate the potential risks of working with a vendor.
Review vendor contracts to ensure Foundation information security requirements are met, negotiating contract changes as needed.
Guide staff through the Foundation’s vendor risk management process.
Perform annual vendor check-ins to verify vendors are maintaining their information security posture.
Identity and Access Management (25%)
Oversee daily identity and access management activities related to staff on-boarding, off-boarding, and transfers.
Coordinate access reviews to ensure only authorized staff have access to UMF and University-wide Development systems.
Analyze identity and access management processes and identify efficiencies and other process improvement opportunities.
Information Security Assessment and Analysis (25%)
Coordinate annual and ad-hoc internal and external risk assessments to identify information security risks to UMF and the University-wide Development Community and prioritize mitigation activities.
Establish and foster relationships with University Information Security staff to align on information security objectives and leverage University information security services.
Policies, Compliance, and Training (25%)
Perform initiatives to achieve regulatory compliance (i.e. PCI-DSS, HIPAA and donor data statutes).
Maintain and review information security policies and related documentation.
Evaluate information security standards, practices, systems and programs and make recommendations for improvements/changes.
Design and facilitate information security training for UMF and the University-wide Development Community.
Coordinate phishing tests for UMF and University-wide Development Community.
Demonstrate commitment to valuing diversity and contributing to an equitable and inclusive working and learning environment (exhibit 100% of the time)
Continuous learning in diversity, equity and inclusion for oneself and team via training, podcasts, articles, etc.
Seek to explore and understand cultural differences and create a culture of belonging.
Develop and employ anti-racist practices and principles to accomplish work.
Advocate for employees of all ethnicities, genders, ages and backgrounds
Cultivate and develop inclusive and equitable working relationships with employees, colleagues, stakeholders, etc.
Bachelor’s degree and two years of work experience in the areas of security system design, implementation and administration; or Master’s degree.
Ability to identify security issues or gaps and recommend mitigation strategies to management.
Knowledge of HIPAA, PCI DSS, FERPA and other relevant regulations.
Awareness of current security trends and threats that may impact our organization.
Ability to work effectively as a team member as well as independently with minimal supervision.
Strong verbal, written and presentations skills.
Bachelor’s degree in cybersecurity, computer forensics, database management, or a field related.
Experience in the areas of security system design, implementation and administration.
CISSP, CompTIA Security+, GIAC or similar certifications.
Experience in vendor risk management.
Experience in identity and access management.
Experience in network scanning, vulnerability management, penetration testing and patch management.
Experience with security log management.
Experience working with auditors.
Experience developing and facilitating information security training.
Familiarity with the University of Minnesota.
Knowledge in development/fundraising operations.
Internal Number: 347742
About University of Minnesota, Twin Cities
The University of Minnesota, founded in the belief that all people are enriched by understanding, is dedicated to the advancement of learning and the search for truth; to the sharing of this knowledge through education for a diverse community; and to the application of this knowledge to benefit the people of the state, the nation, and the world.