Information Security Analyst II

Job Summary

The Information Security Analyst II supports and strengthens the university's information security program by implementing, monitoring, and improving controls that protect institutional data, systems, and infrastructure. This role administers security configurations, investigates threats and incidents, conducts risk-based access reviews, and ensures alignment with applicable regulatory requirements and security standards.

Typical duties include but are not limited to:

• Administers and maintains identity and access management (IAM) controls, including roles, permission sets, query and report access, component interfaces, and automated process groups, in alignment with least-privilege principles.
• Designs and maintains security items such as roles, permission lists, query and report access, component interfaces, and batch process groups.
• Detects, investigates, and resolves security events, policy violations, and anomalous activity; documents findings and escalates incidents in accordance with the university's incident response procedures.
• Manages user provisioning and de-provisioning workflows, evaluates access requests against established role definitions, and troubleshoots authentication and authorization issues across enterprise platforms.
• Partners with IT and academic units to assess security risks, drive process improvements, and ensure that security controls are effectively integrated into operational workflows and project delivery.
• Maintains accurate security documentation, including asset records, acceptable use guidance, network security standards, and evidence artifacts required for audit and compliance purposes.
• Tracks and manages security-related work requests, incidents, and projects using the IT service management (ITSM) platform, ensuring timely resolution and accurate reporting.
• Conducts periodic access certification reviews and user entitlement audits to verify compliance with established security standards, FERPA, HIPAA, PCI-DSS, and other applicable regulatory requirements.
• Designs and implements data protection controls, including encryption, data loss prevention (DLP) configurations, and secure data handling procedures to reduce exposure from unauthorized access or exfiltration.
• Continuously evaluates security processes and tool effectiveness; develops recommendations for control improvements and promotes adoption of current security frameworks and industry best practices.
• Identifies capability gaps in the university's security posture, develops business cases for security investments, and leads or contributes to implementation projects that advance institutional security objectives.

Required Qualifications

• This position requires either seven years of directly related full-time experience or, as an alternative, a Bachelor's degree from an accredited institution in computer science, business administration, or related field and three years of full-time experience directly related to the job functions.
• Professional full-time experience working with wide and local area networks, business applications development and support, systems security, or related experience.