UCR Jobs

General Information

Job Description	IT SECURITY ANL 2	Working Title	Security Analyst
Job Code	007337	Grade	21
Department Name	SOM Compliance - D02010	Department Head
Supervisor		Effective Date

Position(s) Directly Supervised

Job Code	Title	FTE

Generic Scope

Professional who applies acquired job skills, policies, and procedures to complete substantive assignments/projects/tasks of moderate scope and complexity; exercises judgment within defined guidelines and practices to determine appropriate action.

Professional who applies acquired job skills, policies, and procedures to complete substantive assignments/projects/tasks of moderate scope and complexity; exercises judgment within defined guidelines and practices to determine appropriate action.

Custom Scope

Applies moderately complex IT security concepts, campus, medical center or Office of the President policies and procedures to resolve a variety of IT security problems. Works on IT security problems and projects of moderate scope where analysis of situations or data requires a review of a variety of factors.

Applies moderately complex IT security concepts, campus, medical center or Office of the President policies and procedures to resolve a variety of IT security problems. Works on IT security problems and projects of moderate scope where analysis of situations or data requires a review of a variety of factors.

Department Custom Scope

The IT Security Analyst is responsible for monitoring, detecting, protecting, and maintaining the security of data, systems, and networks for the UCR School of Medicine and UCR Health. The IT Security Analyst will apply complex security policies and configurations to hardware, software, and networks. In doing so, this position will help maintain the confidentiality, integrity, and availability of institutional data needed to perform research, teaching and clinical activities. As a member of the information security team this person will also be involved with security event investigations. The individual also works closely with the IT teams to troubleshoot and resolve problems due to a security controls. Plans, configures, designs, develops, implements and maintains tools, systems and procedures to insure the integrity, reliability and security of data, systems and networks. Utilize automated vulnerability and compliance scanning tools to report, identify, and track assets and vulnerabilities throughout the systems lifecycle.

The IT Security Analyst is responsible for monitoring, detecting, protecting, and maintaining the security of data, systems, and networks for the UCR School of Medicine and UCR Health. The IT Security Analyst will apply complex security policies and configurations to hardware, software, and networks. In doing so, this position will help maintain the confidentiality, integrity, and availability of institutional data needed to perform research, teaching and clinical activities. As a member of the information security team this person will also be involved with security event investigations. The individual also works closely with the IT teams to troubleshoot and resolve problems due to a security controls. Plans, configures, designs, develops, implements and maintains tools, systems and procedures to insure the integrity, reliability and security of data, systems and networks. Utilize automated vulnerability and compliance scanning tools to report, identify, and track assets and vulnerabilities throughout the systems lifecycle.

Education & Experience Requirements

Education Requirements

Degree	Requirement
Bachelor's degree in related area and/or equivalent experience/training.	Required

Experience Requirements

Experience	Requirement

License Requirements

Certification Requirements

Certification	Requirement
Information Security certification such as CYSA+, GSEC, CEH, CCSFP, etc.	Preferred

Educational Condition Requirements

Condition	Requirement

Key Responsibilities

Description	% Time
Implements moderately complex security controls to prevent unauthorized access or changes to campus, medical center or Office of the President information, hardware, software and/or network infrastructure. Researches and analyzes attempted efforts to compromise security protocols and reports findings to higher-level IT Security Analysts. Reviews logs and classifies events.	20
Applies and may configure and maintain security systems, administers security configurations to control access to systems and applies appropriate encryption methods. Plans, configures, designs, develops, implements and maintains tools, systems and procedures to insure the integrity, reliability and security of data, systems and networks.	20
Assists with the collection, examination and analysis of information regarding the causes and effects of security incidents. Applies professional IT security concepts, departmental and campus, medical center or Office of the President policies and procedures to respond to and appropriately escalate IT security incidents.	30
Performs vulnerability scans and assessments to proactively identify risk and drive remediation. Analyzes vulnerability data, remediation requirements, and risk levels. Interface with business units and IT stakeholders to identify and understand vulnerabilities and remediation requirements. Provides and acts as point of contact for managing and creating detailed and summarized vulnerability reports, and also remediation reports for IT stakeholders and management.	20
Additional security related tasks as assigned.	10

Knowledge, Skills & Abilities

Knowledge/Skill/Ability	Requirement
Basic skill at reading and interpreting security logs.	Required
Ability to follow department processes and procedures.	Required
Interpersonal skills sufficient to work effectively with both technical and non-technical personnel at various levels in the organization.	Required
Experience using IT security systems and tools. Knowledge of data encryption techniques. Experience analyzing logs for security breaches.	Required
Knowledge of other areas of IT, department processes and procedures.	Required
Demonstrated skills applying security controls to computer software and hardware.	Required
Basic knowledge of incident response procedures.	Required
Knowledge and implementation of IT Security fundamentals including the CIS Critical Security Controls (20CSC) and NIST Cybersecurity Framework.	Required

Special Requirements & Conditions

Special Condition	Requirement
Must pass a background check.	Required
Occasional travel to various SOM sites.	Required

Other Special Requirements & Conditions

Overtime

Overtime

Level of Supervision Received

Supervision

Supervision

Environment

Working Environment

UC Intellicenter

UC Intellicenter

Other Requirements

Items Used

Standard Office Equipment Standard Office Equipment

Standard Office Equipment
Standard Office Equipment

Physical Requirements

Bend : NA Sit : Frequently Squat : NA Stand : Occasionally Crawl : NA Walk : Occasionally Climb : NA

Bend : NA
Sit : Frequently
Squat : NA
Stand : Occasionally
Crawl : NA
Walk : Occasionally
Climb : NA

Mental Requirements

Read/Comprehend : Frequently Write : Frequently Perform Calculations : Occasionally Communicate Orally : Constantly Reason & Analyze : Frequently

Read/Comprehend : Frequently
Write : Frequently
Perform Calculations : Occasionally
Communicate Orally : Constantly
Reason & Analyze : Frequently

Environmental Requirements

Is exposed to excessive noise : No Is around moving machinery : No Is exposed to marked changes in temperature and/or humidity : No Drives motorized equipment : No Works in confined quarters : No Dust : No Fumes : No

Is exposed to excessive noise : No
Is around moving machinery : No
Is exposed to marked changes in temperature and/or humidity : No
Drives motorized equipment : No
Works in confined quarters : No
Dust : No
Fumes : No

Critical Position

Is Critical Position: No

Is Critical Position: No

HR Employment