IT Security Analyst | University of California Riverside - Military Veterans

IT Security Analyst Job ID: Location: Main Campus - UCR Schedule: 8AM - 5PM Category: Information Technology Salary: $81,500 - $150,100 Full/Part Time: Full-time(100%) Organization: School of Medicine Department: SOM Finance and Admin Dept Application Deadline: Open Until Filled Position Information: The IT Security Analyst protects and defends UCR School of Medicine and UCR Health's information technology systems, networks, and data through risk analysis, cyber defense analysis, incident response, and vulnerability assessment and management. This involves assessing security controls and practices, analyzing security events and incidents, implementing security controls, configuring and managing security systems, conducting vulnerability scans and assessments, and performing various IT security-related tasks. Identifies anomalous network activity and potential threats to network resources, tracks and documents security incidents from initial detection through final resolution, writes and publishes cyber defense techniques, guidance, and reports on incident findings to appropriate constituencies. Works with stakeholders to resolve computer security incidents and vulnerability compliance, performs risk and vulnerability assessments of relevant technology focus areas, and makes cybersecurity recommendations to leadership based on relevant threats and vulnerabilities. Must be proactive in identifying potential security threats and vulnerabilities to maintain the security and integrity of institutional information and infrastructure. Please note: The incumbent hired into this role will be on a hybrid schedule. The current standard for the School of Medicine (SOM) is employees are required to be in the office a minimum of three (3) days per week and have the option to work remote two (2) days per week. The full salary range for the IT Security Analyst is $81,500 - $150,100 annually. However, the expected pay scale for this position is up to $115,800 annually. We base salary offers on a variety of considerations, such as education, licensure and certifications, experience, and other business and organizational needs. Applicants must have current work authorization when accepting a UCR staff position. Currently, we are unable to sponsor or take over sponsorship of an employment Visa for staff. As a University employee, you will be required to comply with all applicable University policies and/or collective bargaining agreements, as may be amended from time to time. Federal, state, or local government directives may impose additional requirements. Requirements: Educational Requirements Bachelor's degree in related area and/or equivalent experience/training. Required Conditions Information Security certification such as CEH, CASP+, CISSP, etc. Preferred Experience Requirements 4 - 7 years of related experience. Required Experience completing vulnerability scanning and risk assessments. Preferred Experiencing performing log review and analysis. Preferred Experience conducting security event triage, incident response, and/or digital forensics. Preferred Experience conducting security risk assessment. Preferred Experience managing security tools. Preferred Related experience in healthcare industry. Preferred License Requirements Must possess or obtain a Valid CA Drivers License in accordance with the California Department of Motor Vehicles, if driving a university/personal vehicle for university related business Preferred Certification Requirements CertificationRequirement Obtain and maintain expert-level security certification within six months of hire. Preferred Special Conditions Special Must pass a background check. Required Occasional travel for university related business meetings, conferences and/or professional development. Required Travel Outside of Normal Business Hours Required Ability to work periodically outside of Normal Business Hours as assigned. Required Must be able to participate as part of the on-call rotation schedule for after-hours support. Required Minimum Requirements Basic skill at reading and interpreting security logs. Ability to follow department processes and procedures. Interpersonal skills sufficient to work effectively with both technical and non-technical personnel at various levels in the organization. Experience using IT security systems and tools. Knowledge of data encryption techniques. Experience analyzing logs for security breaches. Knowledge of other areas of IT, department processes and procedures. Demonstrated skills applying security controls to computer software and hardware. Experience in incident response and digital forensics including data collection, examination and analysis. Demonstrated skill at administering complex security controls and configurations to computer hardware, software and networks. Knowledge of computer hardware, software and network security issues and approaches. Demonstrated experience selecting and applying appropriate data encryption technologies. Ability to maintain confidentiality. Preferred Qualifications Knowledge and experience in implementation of IT Security frameworks, such as CIS Critical Security Controls, NIST 800-66 rev 2, and/or NIST Cybersecurity Framework. Skill in reviewing logs to identify evidence of past intrusions. Skill in using security event correlation tools. Knowledge of adversarial tactics, techniques, and procedures, different classes of attacks and cyber attack stages, such as protecting a network against malware. Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy and various data privacy and security standards, including of Personal Health Information (PHI). Knowledge of authentication, authorization, and access control methods including host/network access control mechanisms, network access, identity, and access management, and policy-based and risk adaptive access controls. Ability to share meaningful insights about the context of an organizations threat environment that improve its risk management posture. Knowledge of computer networking concepts and protocols, and network security methodologies and ability to interpret the information collected by network tools and detect host and network-based intrusions using intrusion detection technologies. Additional Information: Additional Information In the Heart of Inland Southern California, UC Riverside is located on nearly 1,200 acres near Box Springs Mountain in Southern California; the park-like campus provides convenient access to the vibrant and growing Inland region. The campus is a living laboratory for the exploration of issues critical to growing communities' air, water, energy, transportation, politics, the arts, history, and culture. UCR gives every student, faculty and staff member the resources to explore, engage, imagine and excel. UC Riverside is recognized as one of the most ethnically diverse research universities in the country boasting several key rankings of which we are extremely proud. UC Riverside is proud to be ranked No. 12 among all U.S. universities, according to Money Magazine's 2020 rankings, and among the top 1 percent of universities worldwide, according to the 2019-20 Center for World University rankings. UC Riverside is the top university in the United States for social mobility. - U.S. News 2020 UCR is a member of the University Innovation Alliance, the leading national coalition of public research universities committed to improving student success for low-income, first-generation, and students of color. Among top-tier universities, UC Riverside ranks No. 2 in financial aid. - Business Insider 2019 Ranked No. 2 in the world for research, UCR's Department of Entomology maintains one of the largest collections of insect specimens the nation. - Center for World University Rankings UCR's distinguished faculty boasts 2 Nobel Laureates, and 13 members of the National Academies of Science and Medicine. The University of California is an Equal Opportunity/Affirmative Action Employer with a strong institutional commitment to the achievement of excellence and diversity among its faculty and staff. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, protected veteran status, or any other characteristic protected by law. For information about our generous employee benefits package, visit: Employee Benefits Overview Job Description Details: General Information Job Title IT SECURITY ANL 3 Job Code 007338 Grade 23 Department Head Matthew Gunkel Supervisor Dewight Kramer Generic Scope Experienced professional who knows how to apply theory and put it into practice with in-depth understanding of the professional field; independently performs the full range of responsibilities within the function; possesses broad job knowledge; analyzes problems/issues of diverse scope and determines solutions. Custom Scope Applies skills as a seasoned, experienced IT security professional with a full understanding of industry practices, governmental regulations and campus, medical center or Office of the President policies and procedures to resolve a wide range of complex issues. Demonstrates competency in recommending methods and techniques to obtain results. Department Custom Scope The IT Security Analyst protects and defends UCR School of Medicine and UCR Health's information technology systems, networks, and data through risk analysis, cyber defense analysis, incident response, and vulnerability assessment and management. This involves assessing security controls and practices, analyzing security events and incidents, implementing security controls, configuring and managing security systems, conducting vulnerability scans and assessments, and performing various IT security-related tasks. Identifies anomalous network activity and potential threats to network resources, tracks and documents security incidents from initial detection through final resolution, writes and publishes cyber defense techniques, guidance, and reports on incident findings to appropriate constituencies. Works with stakeholders to resolve computer security incidents and vulnerability compliance, performs risk and vulnerability assessments of relevant technology focus areas, and makes cybersecurity recommendations to leadership based on relevant threats and vulnerabilities. Must be proactive in identifying potential security threats and vulnerabilities to maintain the security and integrity of institutional information and infrastructure. Key Responsibilities: Implements complex and/or moderate-scale security controls to prevent unauthorized access or changes to campus, medical center or Office of the President information, hardware, software and/or network infrastructure. Independently researches, analyzes and addresses attempted efforts to compromise security protocols. Advises departments on security prevention and best practices. Leads and engages with business units to identify and assess cyber risks, implementing comprehensive risk mitigation plans. Conducts thorough analysis of control evidence to provide expert guidance on the control environment. Evaluates, designs, and develops robust IT controls to address identified gaps, ensuring effective risk mitigation. Collaborates closely with IT and various departments to enforce security requirements and integrate security controls seamlessly during solution deployment. Adheres to industry standards such as NIST, COBIT, and ISO/IEC 27001/2 to ensure compliance and best practices. Regularly reviews and updates risk management strategies to adapt to evolving threats and maintain the integrity, confidentiality, and availability of organizational data and systems. Performs ongoing monitoring and risk assessments of security databases, such as IA&M, Anti-Virus, Network, DLP, Group Policy, and other security logging systems, to identify vulnerabilities and recommend appropriate controls. Collaborates with other IT professionals to develop and implement security plans and incident response procedures, using tools such as firewalls, intrusion detection and prevention systems, and encryption software. Maintains service standards while resolving security control issues, including troubleshooting network security issues and providing technical support for security-related incidents. 40% Applies, configures and manages complex security systems. Administers complex security configurations to control access to hardware, software and networks. Applies advanced encryption methods. Conducts vulnerability scans and assessments to identify potential risks to institutional information and infrastructure. Analyzes vulnerability data and determines remediation requirements while assessing risk levels. Collaborates with business units and IT stakeholders to understand vulnerabilities and provides detailed vulnerability reports and remediation plans for management. Ensures prompt identification and resolution of potential risks to maintain the integrity and security of institutional information and infrastructure. Plans, configures, designs, develops, implements, and maintains tools, systems, and procedures to ensure the integrity, reliability, and security of data, systems, and networks. Manages and administers security systems to control access to hardware, software, and networks, and applies advanced encryption methods to ensure the confidentiality and integrity of institutional data. Regularly reviews and assesses the effectiveness of security systems and recommends improvements as needed. 25% Collects, examines, analyzes and reports to management regarding the causes, effects and implications of security incidents. Applies advanced IT security concepts, governmental regulations, departmental and campus, medical center or Office of the President policies and procedures to respond to and appropriately escalate complex IT security incidents. Investigates, analyzes, and responds to immediate and potential threats, using advanced mitigation, preparedness, and response and recovery approaches to maximize survival of life, preservation of property, and information security. Collaborates with other IT professionals to develop and implement incident response plans that address a range of scenarios, such as malware attacks or network intrusions. May conduct a root cause analysis of a security breach to determine the scope of the incident, the impact on the organization, and potential remediation steps. Identifies the causes, effects, and implications of security incidents and applies IT security concepts, governmental regulations, and relevant policies to respond to incidents. Has a thorough understanding of policies and procedures governing the institution and maintains a high level of vigilance to ensure the security of institutional information and infrastructure. 25% Performs various IT security-related tasks, including conducting risk assessments, organizing security awareness activities, and developing or updating security policies and procedures, as directed by management or outlined in organizational policies. Being proactive and taking the initiative to identify potential security threats and vulnerabilities is also crucial in maintaining the security and integrity of institutional information and infrastructure. Must be adaptable and flexible to perform additional IT security-related tasks as assigned. 10% To apply, visit https://jobsportal.ucr.edu/jobs/33729119 Copyright 2024 Jobelephant.com Inc. All rights reserved. Posted by the FREE value-added recruitment advertising agency jeid-57edff11f4482c4386167f609e29916a