| Job Summary: The Information Security Analyst with a focus on Security Governance will be responsible for ensuring the confidentiality, integrity, and availability of information assets across Oberlin College. This position will work closely with other members of the IT department to develop and implement security policies, procedures, and controls to protect the College's information assets. The Analyst will also provide guidance and support to departments and stakeholders in the College to ensure compliance with relevant laws, regulations, and standards related to information security. Responsibilities: - Develop and implement information security policies, standards, procedures, and guidelines that align with Oberlin College's objectives and risk appetite.
- Conduct security risk assessments and provide recommendations to mitigate identified risks.
- Work with stakeholders to ensure compliance with applicable laws, regulations, and standards related to information security such as FERPA, HIPAA, and PCI-DSS.
- Establish and maintain security governance frameworks, such as ISO 27001, and ensure that security governance processes are aligned with industry best practices.
- Utilize Security Information and Event Management (SIEM) tools to monitor and detect security incidents.
- Develop and maintain business disaster recovery and continuity plans.
- Follow Information Technology Infrastructure Library (ITIL) practices to ensure the security and availability of IT services and systems.
- Ensure that security incidents are promptly identified, investigated, and resolved, and that proper documentation and reporting are maintained.
- Maintain knowledge of emerging security threats, technologies, and trends and provide recommendations to improve the College's information security posture.
- Collaborate with other members of the IT department to provide security awareness training and education to the College community.
- Participate in incident response and business continuity planning activities as needed.
- Other duties as assigned.
Required qualifications: - Bachelor's degree in Computer Science, cybersecurity, Information Systems, or related field.
- Minimum of 3 years of experience in information security, preferably with a focus on security governance.
- Knowledge of information security frameworks such as ISO 27001, NIST, and COBIT
- Experience conducting security risk assessments, vulnerability assessments, and penetration testing.
- Strong understanding of security controls, such as access control, cryptography, network security, and security monitoring.
- Knowledge of relevant laws, regulations, and standards such as FERPA, HIPAA, and PCI-DSS.
- Familiarity with Security Information and Event Management (SIEM) tools.
- Experience developing and maintaining business disaster recovery and continuity plans.
- Familiarity with Information Technology Infrastructure Library (ITIL) practices.
- Excellent communication, collaboration, and problem-solving skills.
- Ability to work independently and as part of a team.
- Relevant security certifications, such as CISSP, CISM, or CRISC, are a plus.
Compensation: This is a full-time position with competitive salary and benefits, including health insurance, retirement plan, and tuition remission. Oberlin College is an equal opportunity employer and welcomes applications from all qualified individuals. Quick link to posting: 14665 |
