Information Security Analyst - Information Technology Services
The Information Security Analyst is responsible for information security policy development and maintenance; design of security policy education, user's community training, and awareness activities; monitoring compliance with university IT security policy and applicable law, incident response, and coordinating investigation and reporting of security incidents. Working with the Information Technology team, the incumbent will monitor, assess, and fine-tune the university business continuity (BC) and disaster recovery (DR) program, perform network penetration tests, application vulnerability assessment scans and risk assessment reviews.
The IT Security Analyst is responsible for development and implementation of security strategies, best practices and monitoring compliance with IT procedures, university policy and applicable law. Creates and implements an university-wide information technology awareness program. The IT Security Analyst will work with management and IT staff to ensure university devices and data are appropriately protected; monitor and analyze Intrusion Detection Systems (IDS) to identify security issues for remediation; perform system audits and vulnerability assessments, including user accounts, application access, server, file systems and external Web integrity scans to determine compliance; evaluate university-owned computers and mobile devices for security vulnerabilities, recommends standards, and performs computer forensics as needed; assist in the development and management of policies, standards, guidelines and procedures related to IT security: take an active role in meetings, committees, projects, and outside professional groups as requested or assigned; perform management and monitoring of Data Center firewalls, IDS, VPN, and other security technologies; enhance the college's information security posture through user training and awareness education, and continuous monitoring and immediate response to mitigate security threats; and, ensure optimal protection of mission critical assets by providing analysis and feedback needed to modify college's defenses against emerging attacks.
• Bachelor's degree (Computer Science highly desirable) required.
• Four to Five (4-5) years of progressive experience in computing and information security, including experience with Internet technology and security issues.
• Experience in higher education preferred.
• Experience should include security policy development, security education, network penetration testing, application vulnerability assessments, risk analysis and compliance testing.
• CISSP, GIAC, or other security certifications desired.
• Knowledge of information security controls and standards (e.g., ISO 17799/27002, etc.), rules and regulations related to information security and data confidentiality (e.g., FERPA, HIPAA, etc.) and desktop, server, application, database, network security principles for risk identification and analysis.
• Strong analytical and problem solving skills. Excellent communication (oral, written, presentation), interpersonal and consultative skills.
• This position requires some mandatory weekend and evening assignments as well as 24/7 on-call availability during off-hours for participation in scheduled and unscheduled activities.
The successful candidate must have the ability to respond respectfully and effectively to people of all cultures, in a manner that affirms the worth and preserves the dignity of individuals, families and communities.
St. Catherine University
2004 Randolph Avenue
St. Paul, MN 55105
EEO/AA/Drug Free Workplace Employer
Our university is a proud member of the Upper Midwest HERC and is committed to recruiting and retaining outstanding and diverse faculty and staff and assisting dual career couples. For more information and to find other higher education jobs in the Upper Midwest region, visit: www.uppermidwestherc.org