Career Center

Job Description

Vanderbilt's Governance and Architecture team oversees the overall information security strategy, develops, and manages security policies and standards, addresses customer security inquires and ensures Vanderbilt's compliance with cyber laws and regulations.

The Principal Security Analyst - Governance and Architecture will work directly for the Security Governance and Architecture Director. In this role you'll play an integral role in defining and assessing the university's risk and compliance strategy. The Principal Security Analyst will be required to effectively translate university objectives and strategies into specific security processes in compliance with state, federal and international rules, and regulations as appropriate.

Duties and Responsibilities

Reporting to the Security Governance and Architecture Director this role will perform the following functions:

• Oversee the development and maintenance of security policies, standards, and guidelines and coordinate necessary review or approvals with the Security Governance and Architecture Director, the Chief Information Security Officer (CISO) and appropriate governing committees;
• Collaborate with Vice Chancellor areas, schools, and colleges to assess the collective security of distributed research and IT systems;
• Partner with the Security Program Management team effectively communicate security policies and standards updates or changes to the university community;
• Monitor and report on compliance with security policies, as well as the enforcement of policies, standards, and guidelines;
• Review and process information security policy exception requests;
• Provide the CISO with a realistic overview of risks and threats in the enterprise environment and monitors for updates to applicable regulations, standards, and external drivers that may influence university policies;
• Work with leadership to develop a security program and security projects intake process, that includes research projects, and addresses identified risks and business security requirements effectively;
• Support the execution of information security risk assessments;
• Work with Security Operations and Incident Response Teams to maintain and update Incident Response policies and procedures; and
• Define and review security budgeting, roadmap, and planning efforts for projects within the appropriate directorate.

Experience Profile

• Proven experience developing and implementing security strategies, policies, requirements, and standards for complex enterprises;
• Experience in at least two of the following: NIST Cybersecurity Framework (CSF), ISO/IEC 27001/2, CIS Top 20 Controls, NIST SP 800-53, DoD CMMC;
• High degree of creativity, with an ability to manage priorities to meet business objectives in a clear and pragmatic way;
• Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate security and risk-related concepts to technical and nontechnical audiences;
• Exposure to higher education distributed research environments desired; and
• High level of personal integrity, as well as the ability to professionally handle confidential matters, and show an appropriate level of judgment and maturity.

Qualifications

• Bachelor's Degree in Computer Science, Information Technology, Engineering, or related fields from an accredited 4-year college or university desired; other bachelor's degrees combined with cybersecurity experience are acceptable;
• Five or more years of cybersecurity experience across areas of cybersecurity; and
• Professional security management certification, such as a Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or other similar credentials preferred.

Commitment to Equity, Diversity, and Inclusion

At Vanderbilt University, we are intentional about and assume accountability for fostering advancement and respect for equity, diversity, and inclusion for all students, faculty, and staff. Our commitment to diversity makes us who we are. We have created a community that celebrates differences and lets individuality thrive. As part of this commitment, we actively value diversity in our workplace and learning environments as we seek to take advantage of the rich backgrounds and abilities of everyone. The diverse voices of Vanderbilt represent an invaluable resource for the University in its efforts to fulfill its mission and strive to be an example of excellence in higher education.

Vanderbilt University is an equal opportunity, affirmative action employer. Women, minorities, people with disabilities, and protected veterans are encouraged to apply.

Please note, all candidates selected for an offer of employment are subject to pre-employment background checks, which may include but are not limited to, based on the role for which they have been selected: criminal history, education verification, social media review, motor vehicle records, credit history, and professional license verification.