General Information
Job Description | IT SECURITY ANL 3 | Working Title | Security Analyst |
---|---|---|---|
Job Code | 007338 | Grade | 23 |
Department Name | IT Security Policy - D02063 | Department Head | |
Supervisor | Effective Date | 11/13/2019 |
Position(s) Directly Supervised
Job Code | Title | FTE |
---|
Generic Scope
Experienced professional who knows how to apply theory and put it into practice with in-depth understanding of the professional field; independently performs the full range of responsibilities within the function; possesses broad job knowledge; analyzes problems/issues of diverse scope and determines solutions. |
Custom Scope
Applies skills as a seasoned, experienced IT security professional with a full understanding of industry practices, governmental regulations and campus, medical center or Office of the President policies and procedures to resolve a wide range of complex issues. Demonstrates competency in recommending methods and techniques to obtain results. |
Department Custom Scope
Responsible for the implementation of the Information Security Office governance, risk management, compliance, and awareness program. Conduct risk assessments; coordinate audit engagements with relevant parties; maintain policies, standards and procedures designed to safeguard information and resources; manage information security awareness training. Conduct vulnerability assessments and security reviews through vulnerability scans and penetration tests to determine deviations from acceptable configurations, policies, and standards. Assess levels of risk and recommend appropriate mitigation controls. |
Education & Experience Requirements
Education Requirements
Degree | Requirement |
---|---|
Bachelor's degree in related area and/or equivalent experience/training. | Required |
Experience Requirements
Experience | Requirement |
---|
License Requirements
Certification Requirements
Certification | Requirement |
---|---|
Certified Information Systems Auditor (CISA) | Preferred |
Certified Ethical Hacking (CEH) | Preferred |
Educational Condition Requirements
Condition | Requirement |
---|---|
Obtain PCI-DSS Internal Security Assessor (ISA) qualification within six (6) months of appointment begin date. | Required |
Key Responsibilities
Description | % Time |
---|---|
Implements complex and/or moderate-scale security controls to prevent unauthorized access or changes to campus, medical center or Office of the President information, hardware, software and/or network infrastructure. Independently researches, analyzes and addresses attempted efforts to compromise security protocols. Advises departments on security prevention and best practices. | 20 |
Applies, configures and manages complex security systems. Administers complex security configurations to control access to hardware, software and networks. Applies advanced encryption methods. | 20 |
Collects, examines, analyzes and reports to management regarding the causes, effects and implications of security incidents. Applies advanced IT security concepts, governmental regulations, departmental and campus, medical center or Office of the President policies and procedures to respond to and appropriately escalate complex IT security incidents. | 20 |
Conducts vulnerability assessments, penetration testing, mitigation and remediation activities. Produces assessment reports and remediation action plans in accordance with campus and Office of the President policy. | 20 |
Manage compliance requirements, governance policies and procedures, information security training and awareness, and risk assessments. | 20 |
Knowledge, Skills & Abilities
Knowledge/Skill/Ability | Requirement |
---|---|
Basic skill at reading and interpreting security logs. | Required |
Ability to follow department processes and procedures. | Required |
Interpersonal skills sufficient to work effectively with both technical and non-technical personnel at various levels in the organization. | Required |
Experience using IT security systems and tools. Knowledge of data encryption techniques. Experience analyzing logs for security breaches. | Required |
Knowledge of other areas of IT, department processes and procedures. | Preferred |
Demonstrated skills applying security controls to computer software and hardware. | Required |
Experience in incident response and digital forensics including data collection, examination and analysis. | Preferred |
Demonstrated skill at administering complex security controls and configurations to computer hardware, software and networks. | Required |
Knowledge of computer hardware, software and network security issues and approaches. | Required |
Demonstrated experience selecting and applying appropriate data encryption technologies. | Required |
Special Requirements & Conditions
Special Condition | Requirement |
---|---|
Must pass a background check. | Required |
Other Special Requirements & Conditions
|
Level of Supervision Received
GeneralSupervision |
Environment
Working Environment
UCPath Intellicenter |
Other Requirements
Items Used
|
Physical Requirements
|
Mental Requirements
|
Environmental Requirements
|
Critical Position
Is Critical Position: No |