Position Summary: The Information Security Analyst is a critical member of the University of Minnesota Foundation’s (UMF) IS department. The department is responsible for the database of all University alumni, donors and prospects; and the related systems necessary to support the activities of UMF and its University partners. These systems are used by approximately 2,000 active users in a complex and dynamic environment increasingly driven by the need for information and technology. This position is responsible for analyzing, implementing and maintaining critical cyber-security processes and procedures that support UMF’s cyber-security program. This includes delivering cyber-security training to UMF and University-wide development community and representing cyber-security in other UMF or University-wide development initiatives. This position works closely with University Information Security and other University technology partners as well as external third-party consultants.
Key Responsibilities: Cyber-security Assessment and Analysis (40%) • Perform cyber-security gap analysis using the University’s Cyber-security Framework and Controls to identify gaps in UMF’s cyber-security program and prioritize mitigation activities. • Coordinate annual and ad-hoc internal and external risk assessments to identify cyber-security risks to UMF and the University-wide Development Community and prioritize mitigation activities. • Manage security incident notifications and response workflow. • Monitor and analyze systems and networks for vulnerabilities, and assist with handling any and all cyber-attacks in an efficient and effective manner. • Execute penetration tests to identify weaknesses or configuration problems with technology infrastructure and implement mitigation plans. • Monitor security patch status and review vulnerability reports and firewall configuration to ensure UMF and University-Wide Development systems are optimally secured. • Assist with backup and disaster recovery planning and configuration. • Establish and foster relationships with University Information Security staff to align on cyber-security objectives and leverage University cyber-security services.
Training (25%) • Design and perform cyber training to UMF and the University-wide Development Community. • Provide cyber-security orientation to new staff. • Coordinate phishing tests for UMF and University-wide Development Community.
Vendor and Access Management (20%) • Assist with formal vendor due diligence program to verify vendors sign the necessary confidentiality agreements and follow necessary cyber-security protocols. • Coordinate cyber-security on-boarding and off-boarding access management procedures. • Lead biannual access review to ensure only authorized staff have access to UMF and University-wide Development systems.
Policies and Compliance (15%) • Perform initiatives to achieve regulatory compliance (i.e. PCI-DSS, HIPAA and donor data statutes). • Maintain and review cyber-security policies and related documentation. • Evaluate cyber-security standards, practices, systems and programs and make recommendations for improvements/changes.
Required Qualifications and Selection Criteria: • A Bachelor’s degree in a field related to the position and two years of work experience in the areas of security system design, implementation and administration, or unrelated Bachelor’s degree and four years of work experience in the areas of security system design, implementation and administration. • Experience utilizing security frameworks (NIST, ISO, etc.). • Broad technical background with the ability to troubleshoot security issues encompassing computer systems. • Ability to identify issues or security gaps and recommend mitigation strategies to management. • Knowledge and experience in network scanning, vulnerability management, penetration testing and patch management. • Knowledge of HIPAA, PCI, FERPA or other regulations with information security requirements. • Ability to stay abreast with security trends and threats that may impact our organization. • Ability to work effectively as a team member as well as independently with minimal supervision. • Strong verbal, written and presentations skills.
Preferred Qualifications: • CISSP, CompTIA Security+, GIAC or similar certifications. • Knowledge and experience in running and managing SIEM. • Experience working with auditors. • Experience in developing a Cyber-security training program. • Familiarity with the University of Minnesota. • Knowledge in development/fundraising operations.
American with Disabilities Act (ADA) Requirements: Office environment including standing and sitting at desk, use of computer, occasional lifting of approximately 10#.
Internal Number: 332049
About University of Minnesota, Twin Cities
The University of Minnesota, founded in the belief that all people are enriched by understanding, is dedicated to the advancement of learning and the search for truth; to the sharing of this knowledge through education for a diverse community; and to the application of this knowledge to benefit the people of the state, the nation, and the world.