Information Security Analyst, Senior

Position Highlights

University Information Technology Services (UITS) is the University of Arizona's central technology organization. UITS delivers enterprise and specialized technology services that support students, faculty, researchers, staff, and campus partners. Through innovation, strategic partnerships, and a commitment to accessibility and continuous improvement, UITS supports the evolving needs of a leading research university and the communities it serves.

The Information Security Office Governance, Risk, and Compliance team is seeking a highly skilled and experienced Information Security Analyst, Senior (Information Security Analyst IV). This position is responsible for ensuring the University's cybersecurity program meets regulatory, sponsor, and contractual requirements through strong framework alignment, research assurance, compliance governance, and third-party risk management. The role serves as a key bridge between information security, research, procurement, and executive leadership, translating complex cybersecurity expectations into practical, defensible programs. By shaping strategy, maintaining critical documentation, and advising stakeholders, this position helps protect sensitive data while enabling the University's teaching and research mission.

Candidates working anywhere in the U.S. may be considered for a remote assignment. If you are selected for this position and are employed to work remotely from outside of Arizona, your overtime exemption status will depend on the laws of the state where you perform your work. For employees working outside of Arizona, you may be hired as an hourly employee in accordance with state laws. A comparable hourly rate range would be $48.03 - $62.44. These changes would not affect the position duties as outlined.

Duties & Responsibilities

• Cybersecurity Framework Alignment and Program Documentation
  • Ensure the University's enterprise security program maintains documented, defensible alignment with recognized cybersecurity frameworks.
  • Lead ongoing alignment with NIST SP 800-53 Revision 5, monitor framework updates, and assess their applicability to University systems and processes.
  • Maintain and manage crosswalks and mappings to additional regulatory and sponsor-driven frameworks, including CMMC, GLBA, HIPAA, NSF RIG, FDA Part 11, SCF, and emerging cybersecurity requirements.
• Research Cybersecurity Assurance
  • Develop, maintain, and continuously improve cybersecurity assurance programs that demonstrate the maturity and adequacy of security controls supporting University research activities.
  • Collaborate directly with Principal Investigators (PIs), research staff, and system administrators to ensure research workflows, systems, and data environments meet University baseline security standards and specific sponsor or regulatory cybersecurity requirements.
  • Serve as a subject matter expert supporting inquiries related to research cybersecurity.
• GLBA Compliance Program Management
  • In partnership with the University's Qualified Individual (QI) and senior leadership through the GLBA Compliance Governance Committee, design, implement, and maintain the University's comprehensive Written Information Security Program (WISP).
  • Ensure the program includes appropriate administrative, technical, and physical safeguards to protect customer information.
  • Support governance, risk management, documentation, and reporting activities to demonstrate ongoing GLBA compliance.
• Vendor and Contract Security Oversight
  • Develop, implement, and sustain a University-wide vendor and contract security strategy to manage third-party cybersecurity risk.
  • Work closely with Supply Chain Services and the Office of Research Contracts & Agreements to ensure downstream vendor security controls meet institutional requirements and upstream sponsor obligations are met.
  • Provide strategic guidance on security-related contract language, review third-party security documentation (e.g., SOC reports), and offer advisory services during contract negotiations and vendor management.