The Information Security Analyst is responsible for the implementation, monitoring, and execution of security strategies, best practices, policies, and standards to ensure the confidentiality, integrity, and availability of University IT resources. The Analyst reports to the Director of Information Security and will work closely with other Information Services (IS) staff on a variety of initiatives and projects. Primary responsibilities of the position include assisting with configuration, testing, and implementation of various security systems; vulnerability management; incident response; system assessments; security awareness training; identifying and remediating potential security issues; and researching and analyzing security trends.
Information Security Administration
Manages the University's enterprise server and desktop antivirus platform.
Administers the University's vulnerability management solution using vulnerability scanning tools; works with system owners and departments to track and mitigate vulnerabilities.
Manages the University's enterprise security information event management (SIEM) tool; monitors and responds to security alerts
Monitors the University's intrusion detection and response capabilities; provides input on upgrades or changes to systems.
Coordinates the handling and resolution of security breaches, systems intrusions, malware detection, and system abuse.
Works collaboratively with other stakeholders on requests for information from legal and or law enforcement in a timely, accurate, and confidential manner.
Monitors and validates compliance with information security procedures and policies to ensure consistency of internal controls across departments.
Represents information security requirements in IS committee meetings convened to evaluate new applications and software-as-a-service offerings and evaluates other IT purchases to ensure they support security and compliance requirements..
Manages the University's creation and renewal of SSL certificates
Maintains up-to-date knowledge of the IT security industry including awareness of new or revised security solutions, improved security processes, and the development of new attacks and threat vectors.
Performs and supports internal and external penetration testing.
Assesses IT risk and implements information security controls to minimize risk.
Conducts risk assessments of information systems in accordance with NIST's SP800-53 and SP800-30.
Manages small projects to support information security requirements
Demonstrated knowledge of information security principles and best practices.
Working knowledge of key regulations practices including HIPAA, FERPA, GLBA and PCI.
Demonstrated knowledge of social engineering techniques and other information security threats required.
Previous experience using vulnerability scanning tools required; previous experience using Rapid 7, Nessus, or Netsparker preferred.
Previous experience using security tools required; previous experience using Metasploit or Aircrack-ng preferred.
General knowledge of networking and distributed computing, routing, n-tier software, web application architectures, and networked file systems.
General knowledge of TCP/IP protocols, firewalls, VLANS, intrusion detection, wired and wireless network infrastructure and monitoring.
General knowledge of on-premise, cloud and mobile computing environments, including Microsoft Windows, Apple Macintosh, Linux, scripting languages, and security best practices.
Working knowledge and demonstrated ability to perform risk assessments, risk impact analysis, mitigations and contingencies as applied to information security.
General knowledge and demonstrated ability to perform vulnerability assessments and utilize antivirus tools and platforms, web application firewall, and SIEM tools.
Excellent oral and written communication, collaboration, and consultation skills.
A keen understanding of human based attack surface areas such as social engineering and spear phishing and the risks they present.
Demonstrated ability to work collaboratively and to complete tasks and projects working with others with IS.
Ability to use discretion when handling confidential information.
Demonstrated analytical and problem-solving abilities.
Ability to effectively prioritize and execute tasks in a rapidly changing environment.
Highly self-motivated and directed.
Keen attention to detail.
EDUCATION & EXPERIENCE:
Bachelor's degree in Information Systems, Computer Science, or related field preferred; combination of equivalent experience and education will be considered.
Certified Information Systems Security Professional (CISSP), Security+, or other security certifications preferred.
2-4 years information security experience required.
1-2 years networking experience required.
1-2 years Windows and/or Linux server administration experience required.
1-2 years of project management experience preferred.
Some night and weekend work as required to complete projects and/or on-call to deal with unscheduled security incidents
SALARY STRUCTURE: Pay Grade 8 (Hiring Range $62,345.00 to $82,600.00 annually)
Located minutes from downtown Richmond, Virginia, the University of Richmond (www.richmond.edu) blends the intimacy of a small college with exceptional academic, research, and cultural opportunities usually found only at large institutions. Richmond offers a unique combination of undergraduate and graduate programs. Our School of Arts & Sciences anchors Richmond as a nationally ranked liberal arts university. A ranked business school, the nation's first school of leadership studies, a highly respected law school, a nationally recognized international education program and the community-focused School of Professional and Continuing Studies build on that strong foundation and make this university something unique.
UR is committed to developing a diverse faculty, staff and student body, and to modeling an inclusive campus community which values the expression of differences in ways that promote excellence in teaching, learning, personal development and institutional success. In keeping with this commitment, our academic community welcomes candidates from diverse backgrounds and candidates who support diversity. EOE
Internal Number: req1789_1557422251
About University of Richmond
The University of Richmond is a private, highly-selective, liberal arts university founded in 1830. The University provides a collaborative learning and research environment unlike any other in higher education, offering students an extraordinary combination of the liberal arts with law, business, leadership studies, and continuing education. It is characterized by a distinctly integrated student experience?a rich and innovative life for students inside and outside the classroom?and a welcoming spirit that prizes diversity of experience and thought. It is rooted in a determination to engage as a meaningful part of our community and our world. It is committed to ensuring its opportunities are accessible to talented students of all backgrounds.