Compensation: $81,000 - $99,000
The University of Minnesota's University Information Security seeks an Information Security Risk Analyst who will improve the information security of the University through information security risk assessments, security standards development, and exception management.
The Information Security Risk Analyst will assess the information security posture of collegiate and administrative units by conducting information security risk assessments including analyzing security controls and processes, interviewing subject matter experts, and helping to shape a risk-based approach to security across the entire University system.
Security Analysis - 80%
- Conduct information security assessments utilizing ISO 27001 / 27002 or other appropriate information security control structures; develop risk remediation plans, and facilitate risk remediation efforts.
- Facilitate the information security risk management program by identifying areas most in need of risk assessment, coordinating risk assessments with other information security risk analysts, and consulting with information security architects.
- Monitor and advise on information security needs for systems and processes at the University of Minnesota to ensure the information security controls for the campuses are consistent and appropriate.
- Consult with administrative and collegiate units to address policy and process related information security risks identified through the information security risk and exception management programs.
- Assist with development and maintenance of information security policies, standards, guidelines and procedures, based on industry best practices and compliance requirements.
- Maintain a strong working knowledge of HIPAA and build knowledge of applicable security standards (SANS, OWASP, NIST).
Procedural Support - 20%
- Facilitate the exception management process by tracking exceptions to information security policies and standards, evaluating associated risks by working with the other information security staff, and coordinating communication with the risk owner.
- Assist with information security reviews of vendors and suppliers.
- University paid contribution (10% of your salary) to your retirement account - vested immediately.
- 22 paid vacation days per year, in addition to sick leave and 11 paid holidays.
- Reduced tuition opportunities covering 75% - 100% of eligible tuition.
- Excellent and affordable health care benefits.
- Wellness program with opportunity to earn lower health care rates.
- Free disability insurance.
- Annual merit increase program.
- Bachelor’s degree in a related field and 2 years of relevant work experience or a comparable combination of education, training, and experience.
- 1 year experience in information security risk assessment, audit, quality assurance,or similar.
- Excellent communication (oral, written, presentation), interpersonal and consultative skills.
- Knowledge of information security standards (e.g., ISO 27001/27002, etc.), rules and regulations related to information security and data confidentiality (e.g., FERPA, HIPAA, PCI DSS, etc.)
- CISSP, CISA, or other security certifications are desirable.
- Strong analytical and problem solving skills.
The University of Minnesota is an Equal Opportunity Educator and Employer.