IT Security Analyst, Office of Information Technology

Details

Posted : 07-Sep-24

Location : Chattanooga, Tennessee

Type : Full-time

Salary : Open

Internal Number : U9

IT Security Analyst

Information Technology Administrator / Analyst 2 - MR11)

Office of Information Technology

University of Tennessee at Chattanooga

• Reporting to the Associate Vice Chancellor of IT / Associate CIO, the IT Security Analyst is responsible for risk assessment based on application, data, and technology infrastructures;
• for information security plan development and maintenance; for campus information security awareness activities and monitoring compliance with university policies and applicable laws;

for coordinating investigation and reporting of information security incidents.

The IT Security Analyst will also monitor, assess, and apply corrective actions to the business continuity and disaster recovery program and contribute to information security projects to protect company information assets.

This position combines project-based effort and operational assignments. This will require practical use and understanding of information security protocols and standards, and solid knowledge of information security principles and practices.

Duties and Responsibilities :

• Supports the implementation, documentation, and maintenance of UTC's Campus IT Security Program
• Builds relationships with the campus community in achieving information security program objectives
• Contributes to the development of IT Security standards and procedures that determine the appropriate use of information security controls on campus
• Advises and assists Associate CIO on operational, technical and training issues, security program services, annual compliance goals, IT Security roadmap and maturity models for continual program improvements (i.

e., a Plan of Action and Milestones)

• Works closely with partners across the UT System to ensure UTC's processes align with UT policy and guidelines
• Attends monthly IT Security Advisory Team meetings
• Attends regularly scheduled department meetings
• Maintains a professional demeanor and attitude that best reflects the IT Security Office
• Maintains a personal professional development plan
• Performs special projects and other duties as assigned
• Assists in development, documentation, and maintenance of initiatives in data identification, secure access, enterprise security, cyber threat protection and overall risk management
• Ensures existing information security policies and procedures are adhered to, ensuring compliance with recognized standards such as NIST and CIS
• Develops, documents, and maintains Security Information Event Monitoring (SIEM) including building dashboard(s) and filtering actionable events and / or alerts
• Performs vendor security assessments, reviewing and monitoring third-party vendors -ie. HECVAT
• Collaborates with other SAs to advise SysAdmins on critical threats facing HigherEd on reports from various newsfeeds to include (e.

g. REN-ISAC, Department of Homeland Security, InfraGard)

• Ensures the effectiveness of Endpoint Security by monitoring SCCM and Microsoft dashboards and log files and implementing appropriate alerts
• Performs cyclic scans for regulatory compliance (e.g. FERPA, PCI, and HIPAA information) on authorized devices
• Performs periodic vulnerability assessments on regulated networks
• Ensures IT Security website is up-to-date and relevant to the UTC community
• Ensures significant information security incidents are properly recorded and forwarded in a timely manner as required
• Collaborates with the IT Information Security Advisory Team (ISAT) and Security Incident Response Team (SIRT) in addressing and investigating security incidents that arise
• Ensures an ongoing robust, campus-wide information Security Awareness, Training & Education Program, including a continuous role-based security training program that is suitable for lab and classroom venues
• Develops new or identifies existing information security training, education, and awareness activities appropriate for campus audiences
• Develops and maintains an information security awareness program that effectively motivates desired behaviors so our community handle data and systems in a secure manner
• Prepares and delivers information security training, education, and awareness activities appropriate for campus audiences
• Evaluates the effectiveness of existing information security training, education, and awareness program / activities
• Creates a metrics framework that can effectively measure engagement, behaviors, and impact
• Works with external vendors and agency partners as needed to establish quotes, production schedules, delivery, and implementation of materials
• Coordinates efforts with other IT System Analysts across the UT System to develop strategies and maintain consistent messaging across the Universities

The ideal candidate will possess the following :

• Knowledge of personal computer hardware and software, network operating systems and infrastructure, and networking protocol technologies
• Knowledge of security industry tools and techniques used to mitigate risks from internal and external threats
• Understanding and ability to implement security policy, standards, and controls
• Strong understanding of incident response and ability to perform log analysis, vulnerability assessment and reduction of the exposure of Personally Identifiable Information (PII)
• Strong verbal and written communication skills with ability to present to and instruct others in various venues
• Proven ability to analyze needs and solve problems in a creative and proactive fashion

Review of applications will begin September 16, and continue until the position is filled. Applications received by this date will receive priority consideration.

Minimum Qualifications :

Bachelor's degree in a relevant field and two years of experience including :

• Standards and Frameworks Expertise
• Demonstrated knowledge of cybersecurity frameworks including but not limited to NIST Cybersecurity Framework (CSF), NIST Special Publication series, and Center for Internet Security (CIS) Controls
• Or an equivalent combination of education, training, and experience

Candidate should be well-versed in applying these frameworks to develop robust security policies and procedures.

Preferred Qualifications :

Relevant certifications such as CISSP, Security +, GIAC Security Essentials or similar certification and experience in an educational setting is preferred.