Cybersecurity Risk Analyst or Senior Cybersecurity Risk Analyst - Technology Services at University of Illinois in Urbana, Illinois

Job Description:

Cybersecurity Risk Analyst or Senior Cybersecurity Risk Analyst

Technology Services - University of Illinois Urbana-Champaign


The Privacy & Cybersecurity team at the University of Illinois is searching for a Cybersecurity Risk Analyst or Senior Cybersecurity Risk Analyst. The University of Illinois is a world leader in research, teaching, and public engagement. We serve the state, the nation, and the world by creating knowledge, preparing students for lives of impact, and addressing critical societal needs through the transfer and application of knowledge.


A successful candidate will play a role in this mission by helping our university research, academic, and administration customers navigate the myriad of university and regulatory requirements that university business processes are subject to, as well as provide university leadership with critical analytical information to inform operational, tactical, and strategic decisions regarding the risks that arise from the use of technology in university business processes. The Senior level analyst will be expected to, in addition to analyst duties, provide leadership on university projects that involve the team, and serve in a mentoring role, as directed by the team lead/manager.


The day-to-day work in this position is team-oriented, with individual responsibility for completing risk analysis engagements, but plenty of collegial support to guide as to the university's risk handling philosophies and processes, and to offer advice for risk situations that do not fit neatly into the "textbook" categories.


Consider joining the University of Illinois Identity, Privacy & Cybersecurity (IPC) team if you are interested in tackling some of the most exciting challenges in the field while working in a supportive, remote-work eligible, team-based environment. Sponsorship for work authorization is not available for this position.


Why Work at Technology Services?
Highlights of Employee Benefits



Job Summary



Apply cross-disciplinary Information Technology, IT security, and Risk and Compliance knowledge to provide risk-focused privacy and security analysis assistance to customers across the university, which can include one or more of the following: cybersecurity risk consulting, risk reporting and assignment, project and purchase reviews, exception requests, security event monitoring, metrics gathering, security-focused reports, and risk-related assessments, as needed. The goal is to assist in the facilitation of the strategic, efficient, and timely measurement, management, notification of, acknowledgement, and mitigation of cybersecurity risks. Senior level also leads and delivers on security projects in their assigned domain(s) and provides guidance to other staff.



Duties & Responsibilities



Consult with the Privacy and Security team, university customers, and strategic partners on IT-related risks, requirements, policies, and standards.

• Work with units, end users, and IT Professionals to advise on and provide user-focused education about security practices that align with the university's NIST-based cybersecurity policies, standards, and other requirements, as well as all applicable legal and regulatory requirements.


• Serve as a consultation resource for the Privacy and Security team, faculty, researchers, IT Professionals, and other employees on the subject of restricted data logistics, risks, and requirements.


• Consult with faculty and researchers on the development of technology control plans and grant proposals, as well as the fulfillment of cybersecurity risk and compliance requirements for grants.


• Advise on university requirements for development, implementation, and refinement of solutions for security monitoring, detection, and response with members of the operational Cybersecurity teams.


• Actively network and maintain relationships within the university community.


• Proactively communicate relevant security-related information. Stay informed of needs and initiatives.


• Facilitate the university cybersecurity risk process amongst stakeholders, risk owners, data stewards, and executive decision makers.


• Senior Level Only: Cultivate subject-matter expertise and skills in less experienced cybersecurity staff, in coordination with management.


• Senior Level Only: Provide recommendations on emerging issues and the resources needed to address them for assigned domain(s) to inform management decision-making.

Work independently to process and complete risk analysis tasks, work orders, projects, and duties on behalf of Security's Governance, Risk, and Compliance function, in a timely manner. Typical assignments may include, but are not limited to:

• Risk and compliance reviews of projects and purchases; proposals and Requests for Proposals (RFP); and policy and/or standards exception requests.


• Conduct/assist with periodic security assessments of systems and tools used across the university.


• Produce risk and compliance assessment reports.


• Draft and review documentation, such as:
  
  
  • analysis documents for technical, administrative, or procedural security issues
  
  
  • procedural documentation/playbooks
  
  
  • team documentation.
  
  
  
  


• Participate in the cybersecurity risk management aspects of IT and administrative operations.


• Assist with the development and maintenance of risk-aware procedures, as well as disaster recovery and business continuity plans for Technology Services.

Represent the IT Security office in collaborative and strategic initiatives, applying expertise independently on projects and programs.

• Participate in and facilitate internal and external meetings. Drive discussions as needed to represent the needs of the assigned domain(s). Present findings/reports to technical and non-technical audiences.


• Provide excellent customer service on behalf of the IT Security office.


• Advocate for Technology Services or other clients and partners in service planning and deployment across the organization.


• Provide recommendations for continual process improvement across all Security workflows.


• Draft and review documentation such as analyses of technical, administrative, or procedural security issues, procedural documentation/playbooks, and team documentation.

Develop and maintain personal and professional excellence through university-provided and external training/seminars/courses, staying abreast industry trends, methods, and published literature, and participating in manager-approved innovation programs and individual development initiatives.



Minimum Requirements

1. Bachelor's degree


2. Education, Training, or Work Experience:
   
   
   1. Cybersecurity Risk Analyst Level: A total of one (1) year (12 months) in education, training, and/or work experience in information technology, risk management, compliance, auditing, data governance, or closely related field.
   
   
   2. Senior Cybersecurity Risk Analyst Level: A total of three (3) years in education, training, and/or work experience in information technology, risk management, compliance, auditing, data governance, or closely related field. Demonstrated experience in cybersecurity.
   
   
   
   

Preferred Requirements

1. Experience in an academic/higher education campus IT environment


2. Experience with large-scale enterprise computing environments


3. Customer engagement/customer service experience in a high-volume environment, managing multiple requests and projects with multiple stakeholders who may have competing priorities


4. Experience authoring and presenting a wide range of formal and informal business and technical communications tailored to individual or plural organizational audiences


5. IT policy experience, or cybersecurity Governance, Risk and Compliance experience


6. Experience working with policies and standards based on recognized industry framework (e.g. NIST, ISO, COBIT)


7. Team leadership experience


8. Experience performing operational cybersecurity duties in a professional environment


9. Experience implementing cybersecurity projects


10. General IT experience with one or more of the following: mobile or web application development, programming/scripting languages, network engineering, system administration or operations, cloud platforms, data security incident response, security engineering, network security, systems security, vulnerability management


11. Experience with one or more of the following Governance, Risk, and Compliance skills: secure IT operations, security assessment and testing, risk management principles, practices, methods, and techniques


12. SANS, CISSP, or similar cybersecurity certifications CISA, CRISC, or similar assessment and risk management certifications AWS Certified Security, CCSP or similar cloud certifications

Knowledge, Skills & Abilities


Excellent attention to detail. Problem-solving ability. Demonstrated ability in effective communication and collaborating in a high-performance team environment, including oral,
written, and active listening. Demonstrated commitment to customer service and customer satisfaction principles. Ability to collaborate positively and effectively with diverse workgroups. Ability to maintain high security/privacy controls when dealing with sensitive information.



Appointment Information


This is a 100% full-time Civil Service 5002 - Program Coordinator position, appointed on a 12-month basis. The expected start date is as soon as possible after 10/14/2024. The budgeted salary range for the Cybersecurity Risk Analyst is $60,000.00 to $75,000.00, and the budgeted salary range for the Senior Cybersecurity Risk Analyst is $70,000.00 to $85,000.00. Salary is commensurate with experience.


Sponsorship for work authorization is not available for this position.



For more information on Civil Service classifications, please visit the SUCSS web site at https://www.sucss.illinois.gov/pages/classspec/default.aspx .



Application Procedures & Deadline Information


Applications must be received by 6:00 pm (Central Time) on October 14, 2024. Apply for this position using the Apply Now button at the top or bottom of this posting. In order to be considered as a transfer candidate, you must apply for this position. Applications not submitted through https://jobs.illinois.edu will not be considered.


To complete the application process:
Step 1) Submit the Staff Vacancy Application using the "Apply for Position" button below.
Step 2) Submit the Voluntary Self-Identification of Disability forms.
Step 3) Upload your cover letter, resume (months and years of employment must be included), and names/contact information for three references.


If required by the position, transcripts or other documentation of credentials are to be provided no later than the first day of employment. For further information about this specific position, please contact Dallas Johnson at dallas1@illinois.edu. For questions regarding the application process, please contact 217-333-2137.

The University of Illinois System is an equal opportunity employer, including but not limited to disability and/or veteran status, and complies with all applicable state and federal employment mandates. Please visit Required Employment Notices and Posters to view our non-discrimination statement and find additional information about required background checks, sexual harassment/misconduct disclosures, and employment eligibility review through E-Verify .

Applicants with disabilities are encouraged to apply and may request a reasonable accommodation under the Americans with Disabilities Act (2008) to complete the application and/or interview process. Requests may be submitted through the reasonable accommodations portal , or by contacting the Accessibility & Accommodations Division of the Office for Access and Equity at 217-333-0885, or by emailing accessibility@illinois.edu .

Requisition ID: 1026862
Job Category: Technical
Apply at: https://jobs.illinois.edu


Apply Now