"Information Security Analyst 2, Digital Technology Solutions"

Job Overview

This position will primarily work in the area of information security risk management and compliance supporting the university's cybersecurity posture by identifying, assessing, and helping manage information security risks while ensuring alignment with applicable regulatory, legal, and policy requirements. This role partners with other areas of the Office of Information Security, IT, business units, and compliance stakeholders to evaluate controls, support audits and risk assessments, and promote secure and compliant practices across the organization.

Essential Functions

• Clearly convey complex security information to both technical and non-technical stakeholders.
• Participate in developing technical documentation (designs, specifications, processes, workflows) and communications.
• Mentor and delegate work assignments to student workers.
• Participate in multiple low and moderate risk projects. Work with a team to advance project goals and provide technical assistance.
• Document individual progress on assigned deliverables.
• Gather metrics for area of responsibility.
• Carry out procedures to ensure that all systems, products, and services meet organization security standards.
• Research information security trends to understand the latest vulnerabilities and threats.
• Conduct risk and vulnerability assessments of information systems to identity vulnerabilities, risk, and protection needs.
• Assist with providing artifacts to Governance, Risk & Compliance in relation to internal & external audits.
• With limited support, work with business units to achieve security objectives. Identify, report, and resolve security risks and violations.
• Develop subject matter expertise on security applications and services in the area of responsibility.
• With limited support, conduct information security reviews; determine and document risk and impact on the university; provide baseline remediation recommendations.
• Assist with cyber investigations through forensic fact gathering with a focus on e-discovery.
• Analyze high volumes of logs, network data, and other attack artifacts in support of incident investigations.
• Develop content for and present information security training and awareness programs.
• Develop familiarity with data security laws and regulations applicable to higher education.
• Participate in troubleshooting processes during and outside of normal business hours and participate in change management.
• Mentor non-security teams regarding risk management, information security controls, incident analysis, incident response, monitoring, and other operational tasks (tools, techniques, procedures) in support of technologies managed by the Office of Information Security (OIS).
• Serve as seasoned and proficient information security professional.
• Perform related duties based on departmental need. This job description can be changed at any time.

Required Education

• Bachelor's Degree in Computer Science, Information Technology, Computer Engineering, or related field.
• Four (4) years of relevant work experience and/or other specialized training can be used in lieu of education requirement.

Required Experience

• Experience in security tool administration.
• Basic scripting skills.
• Basic project management skills.
• Understanding of system administration.
• Basic of network architecture.
• Moderate understanding of risk and vulnerability management.
• Basic awareness of incident response.
• Experience with industry standard security and compliance frameworks.

Additional Qualifications Considered

• The ideal candidate will have education or experience in the field of supporting information security risk management and/or compliance activities, familiarity with security frameworks and standards (e.g., NIST, ISO, CIS), understanding of regulatory and compliance requirements relevant to information security, experience working with audits, risk assessments, or governance processes, and possess strong analytical, documentation, and stakeholder communication skills.
• CISSP, CISM, GISP, CRISC, GSEC, SEC+, or similar information security certification(s) are ideal.

Physical Requirements/Work Environment

• Hearing, listening - Continuously
• Repetitive hand motion (such as typing) - Continuously
• Talking - Continuously
• Sitting - Continuously
• Bending - Seldom
• Climbing stairs/ladders - Seldom
• Crawling - Seldom
• Crouching - Seldom
• Kneeling, squatting - Seldom
• Lifting - over 50 pounds - Seldom
• Lifting - up to 20 pounds - Seldom
• Lifting - up to 50 pounds - Seldom
• Pulling, pushing - Seldom
• Reaching overhead - Seldom
• Standing - Seldom
• Stooping - Seldom
• Walking - Seldom

Compensation and Benefits

UC offers an exceptional benefits package designed to support your well-being, financial security, and work-life balance. UC Benefits Link Highlights include:

Salary/Hourly Pay Rate Information: 65,000-80,000

Comprehensive Tuition Remission
UC provides tuition remission for you and your eligible dependents, covering tuition costs for nearly all undergraduate and graduate programs offered by the university.

Robust Retirement Plans
As a UC employee, you won’t contribute to Social Security (except Medicare). Instead, you’ll choose between state pension plans (OPERS, STRS) or an Alternative Retirement Plan (ARP), with UC contributing 14–18% of your salary based on position.

Real Work-Life Balance
UC prioritizes work-life balance with a generous time-off policy, including:
Vacation and sick time
11 paid holidays and additional end-of-year paid time off (Winter Season Days)
6 weeks of paid parental leave for new parents

Additional Benefits Include:

• Competitive salary based on experience
• Comprehensive health coverage (medical, dental, vision, prescription)
• Flexible spending accounts & wellness programs
• Professional development & mentorship opportunities