CYBERSECURITY RISK ANALYST
University of Wisconsin
MADISON, WI
ID: 7126087
Posted: February 22, 2023
Application Deadline: Open Until Filled
Job Description
JOB SUMMARY:
The Risk Management and Compliance (RMC) team within the Office of Cybersecurity is looking for an experienced risk analyst for a 2-year project. We will be working with UW System staff and system owners to assess the risk of systems currently integrated as "add-on" tools with the existing Human Resources tool (HRS) and how these systems should be most securely migrated to the new Human Resources tool (Workday). This position will be a liaison between the Ancillary Systems Project Team, the Office of Cybersecurity and System Owners/Risk Executives to assess the risk of continued use of the tools in their current state. Responsibilities include evaluating current system use and data classification as entered by the system owner, collaboration for understanding and presentation of overall risk with opportunities to improve security prior to migration. Risk assessment work will include review of the information entered in a self-assessment tool which automates the risk review as well as review of risk via a standard risk review process. This project roll will work primarily with existing risk analysts assigned to the ASP Project and report to the Assoc Director for RMC in the Office of Cybersecurity.
A successful individual will have information security expertise as well as project management, business analysis, solution implementation skills and the ability to communicate to technical and non-technical staff and university leadership.
This position reports to the Office of Cybersecurity and serves as a campus technical expert and authority on information security risk analysis and compliance matters. As a trusted advisor and partner with UW-Madison campus partners, UW System integration teams, project managers and system owners, this position will focus on the most efficient and impactful way to review risk of existing tools and present opportunities for improving overall security.
Duties include:
-Provide consultation and guidance to the university, divisions, departments and units in order to meet or maintain compliance with applicable policies, standards, baselines, guidelines, and laws in an effort to achieve and maintain an acceptable level of risk.
-Analyze and clarify materials provided by system owners to provide recommendations primarily using the UW-Madison adaptation of NIST Risk Management and Cybersecurity frameworks and application of FERPA, PCI, FISMA, and HIPAA standards to improve compliance and achieve greater levels of data and information systems security. This will include interaction with a self-assessment risk tool and a standard risk review assessment process.
-Assign responsibility to establish an on-going security posture for these ASP tools and ensure long term security of data within them. (Automated within the risk assessment tool, OneTrust).
-Presentation of risk results in both stakeholder meetings (in-person and virtual options) and documentation of the Plan of Action and Milestones (POAM) for future reference and follow-up.
-Validate that risk results are presented via a published dashboard and proper notifications are being sent to gather approvals or request additional information.
-Report status of RMC work within the ASP Project to stakeholders.
RESPONSIBILITIES: Monitors, provides access, and analyzes threats to cyber security data and systems to ensure the safety and protection of information system assets under moderate supervision. Facilitates cybersecurity training.
40% Reports application security concerns and escalates security incidents to senior staff
20% Conducts vulnerability-scanning analysis, tests security controls, documents the results of risk assessments, and suggests procedures to prevent future incidents
20% Develops and modifies cybersecurity tools
20% Review input to ASP self-assessment tool & coordinate Cybersecurity risk reviews which cannot utilize the self-assessment tool. Responsible for reporting of risk analysis and coordination with system owners and risk executives.
INSTITUTIONAL STATEMENT ON DIVERSITY:
Diversity is a source of strength, creativity, and innovation for UW-Madison. We value the contributions of each person and respect the profound ways their identity, culture, background, experience, status, abilities, and opinion enrich the university community. We commit ourselves to the pursuit of excellence in teaching, research, outreach, and diversity as inextricably linked goals.
The University of Wisconsin-Madison fulfills its public mission by creating a welcoming and inclusive community for people from every background - people who as students, faculty, and staff serve Wisconsin and the world.
For more information on diversity and inclusion on campus, please visit: Diversity and Inclusion
EDUCATION:
Preferred
Bachelor's Degree
QUALIFICATIONS:
Required Qualifications:
-Professional experience in information security with specific experience conducting risk assessments and applying standards and practices (e.g. NIST, HIPAA, PCI-DSS, COBIT or ISO.)
-Experience executing project management skills in a complex environment, specific to Cybersecurity.
-Experience presenting risk results to technical staff and executive leadership.
Preferred Qualifications:
-Experience using vulnerability management tools to analyze discovered vulnerabilities against current configurations to determine the organizational risk.
-Experience working independently to conduct technical investigations with diverse constituents.
-Experience conducting assessments in a healthcare, higher ed or research organization.
-Understanding of network design, security protocols, systems administration, servers, database software (Oracle and SQL) or endpoint management.
-Exceptional writing skills.
WORK TYPE:
Full Time: 100%
This position is eligible for 100% remote work. Remote work requires an approved remote work agreement (RWA) agreement. An RWA requires successful candidates to possess their own high-speed internet and phone to perform the work on a university provided computer.
APPOINTMENT TYPE, DURATION:
Terminal, 12 month appointment.
This position will initially last one year, with the possibility of extending the position up to a maximum of two years and/or it may turn into an ongoing appointment based on program need and funding availability.
SALARY:
Minimum $80,000 Maximum $88,000 ANNUAL (12 months)
Depending on Qualifications
Employees in this position can expect to receive benefits such as generous vacation, holidays, and paid time off; competitive insurances and savings accounts; retirement benefits.
ADDITIONAL INFORMATION:
Please note that successful applicants must be authorized to work in the United States without need of employer sponsorship, on or before the effective date of appointment. University sponsorship is not available for this position.
HOW TO APPLY:
APPLICATION INSTRUCTIONS:
Click on the "Apply Online" button to start the application process.
You will be prompted to upload the following documents:
Resume (REQUIRED)
Cover letter (REQUIRED)
Please use your cover letter to speak to each of the Required Qualifications for this position (listed above in the Qualifications section). For each Required Qualification, describe your relevant experience, using specific examples from your work history to illustrate how your experience satisfies the requirement.
The Risk Management and Compliance (RMC) team within the Office of Cybersecurity is looking for an experienced risk analyst for a 2-year project. We will be working with UW System staff and system owners to assess the risk of systems currently integrated as "add-on" tools with the existing Human Resources tool (HRS) and how these systems should be most securely migrated to the new Human Resources tool (Workday). This position will be a liaison between the Ancillary Systems Project Team, the Office of Cybersecurity and System Owners/Risk Executives to assess the risk of continued use of the tools in their current state. Responsibilities include evaluating current system use and data classification as entered by the system owner, collaboration for understanding and presentation of overall risk with opportunities to improve security prior to migration. Risk assessment work will include review of the information entered in a self-assessment tool which automates the risk review as well as review of risk via a standard risk review process. This project roll will work primarily with existing risk analysts assigned to the ASP Project and report to the Assoc Director for RMC in the Office of Cybersecurity.
A successful individual will have information security expertise as well as project management, business analysis, solution implementation skills and the ability to communicate to technical and non-technical staff and university leadership.
This position reports to the Office of Cybersecurity and serves as a campus technical expert and authority on information security risk analysis and compliance matters. As a trusted advisor and partner with UW-Madison campus partners, UW System integration teams, project managers and system owners, this position will focus on the most efficient and impactful way to review risk of existing tools and present opportunities for improving overall security.
Duties include:
-Provide consultation and guidance to the university, divisions, departments and units in order to meet or maintain compliance with applicable policies, standards, baselines, guidelines, and laws in an effort to achieve and maintain an acceptable level of risk.
-Analyze and clarify materials provided by system owners to provide recommendations primarily using the UW-Madison adaptation of NIST Risk Management and Cybersecurity frameworks and application of FERPA, PCI, FISMA, and HIPAA standards to improve compliance and achieve greater levels of data and information systems security. This will include interaction with a self-assessment risk tool and a standard risk review assessment process.
-Assign responsibility to establish an on-going security posture for these ASP tools and ensure long term security of data within them. (Automated within the risk assessment tool, OneTrust).
-Presentation of risk results in both stakeholder meetings (in-person and virtual options) and documentation of the Plan of Action and Milestones (POAM) for future reference and follow-up.
-Validate that risk results are presented via a published dashboard and proper notifications are being sent to gather approvals or request additional information.
-Report status of RMC work within the ASP Project to stakeholders.
RESPONSIBILITIES: Monitors, provides access, and analyzes threats to cyber security data and systems to ensure the safety and protection of information system assets under moderate supervision. Facilitates cybersecurity training.
40% Reports application security concerns and escalates security incidents to senior staff
20% Conducts vulnerability-scanning analysis, tests security controls, documents the results of risk assessments, and suggests procedures to prevent future incidents
20% Develops and modifies cybersecurity tools
20% Review input to ASP self-assessment tool & coordinate Cybersecurity risk reviews which cannot utilize the self-assessment tool. Responsible for reporting of risk analysis and coordination with system owners and risk executives.
INSTITUTIONAL STATEMENT ON DIVERSITY:
Diversity is a source of strength, creativity, and innovation for UW-Madison. We value the contributions of each person and respect the profound ways their identity, culture, background, experience, status, abilities, and opinion enrich the university community. We commit ourselves to the pursuit of excellence in teaching, research, outreach, and diversity as inextricably linked goals.
The University of Wisconsin-Madison fulfills its public mission by creating a welcoming and inclusive community for people from every background - people who as students, faculty, and staff serve Wisconsin and the world.
For more information on diversity and inclusion on campus, please visit: Diversity and Inclusion
EDUCATION:
Preferred
Bachelor's Degree
QUALIFICATIONS:
Required Qualifications:
-Professional experience in information security with specific experience conducting risk assessments and applying standards and practices (e.g. NIST, HIPAA, PCI-DSS, COBIT or ISO.)
-Experience executing project management skills in a complex environment, specific to Cybersecurity.
-Experience presenting risk results to technical staff and executive leadership.
Preferred Qualifications:
-Experience using vulnerability management tools to analyze discovered vulnerabilities against current configurations to determine the organizational risk.
-Experience working independently to conduct technical investigations with diverse constituents.
-Experience conducting assessments in a healthcare, higher ed or research organization.
-Understanding of network design, security protocols, systems administration, servers, database software (Oracle and SQL) or endpoint management.
-Exceptional writing skills.
WORK TYPE:
Full Time: 100%
This position is eligible for 100% remote work. Remote work requires an approved remote work agreement (RWA) agreement. An RWA requires successful candidates to possess their own high-speed internet and phone to perform the work on a university provided computer.
APPOINTMENT TYPE, DURATION:
Terminal, 12 month appointment.
This position will initially last one year, with the possibility of extending the position up to a maximum of two years and/or it may turn into an ongoing appointment based on program need and funding availability.
SALARY:
Minimum $80,000 Maximum $88,000 ANNUAL (12 months)
Depending on Qualifications
Employees in this position can expect to receive benefits such as generous vacation, holidays, and paid time off; competitive insurances and savings accounts; retirement benefits.
ADDITIONAL INFORMATION:
Please note that successful applicants must be authorized to work in the United States without need of employer sponsorship, on or before the effective date of appointment. University sponsorship is not available for this position.
HOW TO APPLY:
APPLICATION INSTRUCTIONS:
Click on the "Apply Online" button to start the application process.
You will be prompted to upload the following documents:
Resume (REQUIRED)
Cover letter (REQUIRED)
Please use your cover letter to speak to each of the Required Qualifications for this position (listed above in the Qualifications section). For each Required Qualification, describe your relevant experience, using specific examples from your work history to illustrate how your experience satisfies the requirement.
Please mention to the employer that you saw this ad on UniversityJobs.com
- Share this job:
- [Save this job]