Information Security Compliance Analyst I

Pay Grade/Pay Range: Minimum: $62,300 - Midpoint: $81,000 (Salaried E10)

Department/Organization: 200721 - Enterprise Technology

Normal Work Schedule: Monday - Friday 8:00am to 5:00pm

Note to Applicants: Position is eligible for hybrid work subject to University policy.

Job Summary: The Information Security Compliance Analyst I maintains information security policies, procedures, and controls of research systems, especially those supporting Classified Information and Controlled Unclassified Information (CUI), under close supervision. Works with senior staff to ensure compliance with federal, state, and organizational regulations. Assists with conducting regular security assessments and risk assessments. Assists with reviewing vulnerability scans. Helps identify and assess risks associated with research systems. Monitors and reports on log abnormalities and vulnerabilities. Under close supervision, works with managed service providers and vendors to verify policy and procedure documentation, security control implementation, and Plan of Action and Milestone (POA&M) status. Maintains and tracks security awareness training for secure environments.

Required Minimum Qualifications: Bachelor's degree; OR associate's degree and two (2) years of IT experience; OR High school diploma or GED and four (4) years of IT experience. Must be able to obtain and maintain security clearance. Must be a U.S. Citizen or U.S. Permanent Resident.

Skills and Knowledge: Knowledge of protecting information and systems within Classified and Controlled Unclassified Information (CUI) environments. Good communication skills and ability to work closely with internal teams and customers to ensure positive outcomes.

Preferred Qualifications: Experience gathering information from cloud platforms and on premises systems. Experience with compliance tools, frameworks, and procedures. Experience with Azure government clouds (GCC, GCC High, DoD). Experience in higher education or defense research environments. Experience with NIST SP 800-53, NIST SP 800-171, and CMMC security control requirements. Current IAT Level II certifications or ability to obtain within six (6) months of hire (DoD Approved 8570 Baseline Certifications – DoD Cyber Exchange).