Information Security Risk Analyst

Minimum Education and Experience:

• Bachelor’s degree is required, preferably in Computer Science, Information Systems, Management Information.
• Minimum of five (5) years of experience performing Information Security assessments with knowledge of HIPAA, GLBA and PCI DSS regulations and frameworks such as NIST CSF.

Certifications/Licenses:

Required Knowledge, Skills, and Abilities:          

• Possess excellent interpersonal, communication and influencing skills.
• Ability to collaborate effectively across a variety of disciplines and levels inside/outside the organization.
• Ability to effectively analyze, document and communicate information security concepts to different user bases, including students, faculty, staff and systems personnel.
• Demonstrates skill in conducting internal or external risk assessments and providing guidance on the implementation, monitoring, and reporting of control processes, documentation, and compliance measures and/or remediation items.
• Ability to communicate complex and technical issues to diverse audiences, orally and in writing, in an easily understood, authoritative and actionable manner.
• Ability to identify and assess the severity and potential impact of risks and to communicate findings effectively to risk owners.

Preferred Qualifications:

• Knowledge of common cybersecurity frameworks and standards (e.g., NIST 800-171, ISO 27001/27002).
• Experience with Governance, Risk & Compliance and/or Vendor Risk Management platforms.
• Interpersonal skills sufficient to work effectively with both technical and non-technical personnel at various levels in the organization.
• CISSP, CRISC certification.