The Center for Data Intensive Science (CDIS) is seeking a Security Analyst for a new function under the BSD Information Security Office to identify and evaluate cyber risks to the organization, develop policies and procedures to lower identified risk.
Perform risk assessments on mission critical information systems or business processes.
Identify and document information security vulnerabilities and risks.
Develop remediation plans to address identified risks and vulnerabilities.
Facilitate risk management governance meetings to gain organizational approval of remediation plans.
Track progress on remediation of identified risks and vulnerabilities and provide appropriate reporting.
Develop security policies, standards, procedures, checklists, and guidelines tailored to meet the requirements of the organization.
Analyze and understand threat intelligence information and how it might impact the organization.
Ability to respond to changing priorities, and operate effectively in a dynamic demand-based environment, requiring extreme flexibility and responsiveness required.
Ability to weigh business needs against security concern required.
Ability to conceptualize a course of action and to organize for the successful completion of that action is critical, often under tight deadlines required.
Ability to present information in a consistent and concise manner required.
Ability to communicate in a personally effective and socially appropriate manner required.
This at-will position is wholly or partially funded by contractual grant funding which is renewed under provisions set by the grantor of the contract. Employment will be contingent upon the continued receipt of these grant funds and satisfactory job performance.
Bachelor of Science in a related field such as Computer Science, Information Science and Security OR four (4) years of substantial related professional experience required.
Two years of experience in Information Technology with a focus on cyber security required.
Limited experience in cyber security with one or more of the following security frameworks, FISMA, HIPAA, NIST required.
Limited experience of quantifying and qualifying security risks required.
Limited experience of Governance Risk and Compliance technology required.
Limited experience in one or more of the following technologies required: Qualys, Rapid7, Nessus.
Direct experience providing customer service required.
Certification of one (1) or more: GCIH, GIAC, CISSP, CISA, CISM preferred.
The University of Chicago is an Affirmative Action/Equal Opportunity/Disabled/Veterans Employer and does not discriminate on the basis of race, color, religion, sex, sexual orientation, gender identity, national or ethnic origin, age, status as an individual with a disability, protected veteran status, genetic information, or other protected classes under the law. For additional information please see the University's Notice of Nondiscrimination.
Staff Job seekers in need of a reasonable accommodation to complete the application process should call 773-702-5800 or submit a request via the Applicant Inquiry Form.
The University of Chicago's Annual Security & Fire Safety Report (Report) provides information about University offices and programs that provide safety support, crime and fire statistics, emergency response and communications plans, and other policies and information. The Report can be accessed online at: securityreport.uchicago.edu. Paper copies of the Report are available, upon request, from the University of Chicago Police Department, 850 E. 61st Street, Chicago, IL 60637.
Internal Number: JR00017
About University of Chicago
One of the world's premier academic and research institutions, the University of Chicago has driven new ways of thinking since our 1890 founding. Today, UChicago is an intellectual destination that draws inspired scholars to our Hyde Park and international campuses, keeping UChicago at the nexus of ideas that challenge and change the world.