Information Security Risk & Compliance Analyst - Computing Services

The Computing Services central IT department provides services that have a strategic impact on university goals. We make service decisions based on interaction and valuable input from colleagues engaged in the education, research, and administration efforts of the university.

We are a learning organization and approach successes and mistakes as a learning experience to continually cultivate a culture of intelligent risk taking.

We want to hire versatile team members who are inspired and passionate about their work. Join us and be part of a team committed to excellence, innovation, diversity, team and individual growth.

CMU’s Computing Services department is searching for an Information Security Risk & Compliance Analyst. The Information Security Risk & Compliance Analyst will assess, document, and implement various controls for the University.

This individual manages the control documentation and advises on best business practices for all stakeholders. The incumbent is responsible for managing processes for third party vendor assessment, systems audit assistance, coordination, and support (e.

g., internal audit for information security). This includes familiarity with risk assessments, privacy regulations, and sets of controls.

The incumbent will have a well-rounded technical background in Information Technology (IT). This includes and is not limited to software development, DevOps, systems, help desk, risk management, and information security.

Your core responsibilities will include :

Assist in enhancing existing risk metrics and report high impact items to key campus stakeholders.

Audit IT systems and ensure the established controls are being followed. Identify security findings and assist in driving risk items to closure with the correct stakeholders.

Familiarity with risk assessments and common control sets : Cyber Security Framework (CSF), Cybersecurity Maturity Model Certification (CMMC / NIST 800-171), and Payment Card Industry Data Security Standard (PCI-DSS).

Lead compliance projects involving multiple stakeholders within established deadlines.

Manage the documentation and development of policies, guidance and procedures related to information security for the University’s Information Security Office (ISO).

This includes writing, evidence-gathering, and investigating existing processes and regulations and implementing best practices.

Managing requests for information related to privacy regulations and risk management : General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA).

Must be a quick learner with an interest in the intersection of information security, people, and the law. The incumbent needs a strong understanding of the bridge between security and business, and be attentive to details.

Partner with key internal campus stakeholders on processes and controls, including the Office of the Vice Provost for Research, University Libraries, University Health Services, Treasury, and Enterprise Risk Management (ERM).

Proficient with Microsoft Office Suite (e.g., Word, Excel, PowerPoint, etc.) and other document-sharing tools (e.g., Google Docs, Box, etc.).

Review 3rd party documentation to determine information security risk, and communicate those risks to stakeholders.

Strong communication skills, both written and oral. The incumbent will communicate with a variety of audiences, so it will be imperative to write and speak to both technical, end-user and executive audiences, depending on the context of the situation and matter at hand.

Other duties as assigned.

Flexibility, excellence, and passion are vital qualities within Computing Services. Inclusion, collaboration, and cultural sensitivity are valued competencies at CMU.

Therefore, we are in search of a team member who is able to effectively interact with a varied population of internal and external partners at a high level of integrity.

We are looking for someone who shares our values and who will support the mission of the university through their work.

Qualifications : Bachelor’s Degree

Bachelor’s Degree

3-5 years of relevant work experience

Certifications :

Certified Information Systems Auditor (CISA)

Certified Information Systems Security Practitioner (CISSP)

International Information Systems Security (ISC)2

Requirements :

Successful background check

Joining the CMU team opens the door to an array of exceptional benefits, available to all full-time Carnegie Mellon University employees.

Experience the full spectrum of advantages, from comprehensive medical, prescription, dental, and vision insurance to enticing retirement savings programs.

Unlock your potential with tuition benefits, and take well-deserved breaks with generous paid time off and holidays. Rest easy knowing you're covered by life and accidental death and disability insurance.