Principal Security Analyst - Information Security Governance & Architecture
Location: Nashville, TN, United States,
Internal Number: 10000896
Vanderbilt's Governance and Architecture team oversees the overall information security strategy, develops, and manages security policies and standards, addresses customer security inquires and ensures Vanderbilt's compliance with cyber laws and regulations.
The Principal Security Analyst - Governance and Architecture will work directly for the Security Governance and Architecture Director. In this role you'll play an integral role in defining and assessing the university's risk and compliance strategy. The Principal Security Analyst will be required to effectively translate university objectives and strategies into specific security processes in compliance with state, federal and international rules, and regulations as appropriate.
Duties and Responsibilities
Reporting to the Security Governance and Architecture Director this role will perform the following functions:
Oversee the development and maintenance of security policies, standards, and guidelines and coordinate necessary review or approvals with the Security Governance and Architecture Director, the Chief Information Security Officer (CISO) and appropriate governing committees;
Collaborate with Vice Chancellor areas, schools, and colleges to assess the collective security of distributed research and IT systems;
Partner with the Security Program Management team effectively communicate security policies and standards updates or changes to the university community;
Monitor and report on compliance with security policies, as well as the enforcement of policies, standards, and guidelines;
Review and process information security policy exception requests;
Provide the CISO with a realistic overview of risks and threats in the enterprise environment and monitors for updates to applicable regulations, standards, and external drivers that may influence university policies;
Work with leadership to develop a security program and security projects intake process, that includes research projects, and addresses identified risks and business security requirements effectively;
Support the execution of information security risk assessments;
Work with Security Operations and Incident Response Teams to maintain and update Incident Response policies and procedures; and
Define and review security budgeting, roadmap, and planning efforts for projects within the appropriate directorate.
Proven experience developing and implementing security strategies, policies, requirements, and standards for complex enterprises;
Bachelor's Degree in Computer Science, Information Technology, Engineering, or related fields from an accredited 4-year college or university desired; other bachelor's degrees combined with cybersecurity experience are acceptable;
Five or more years of cybersecurity experience across areas of cybersecurity; and
Professional security management certification, such as a Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or other similar credentials preferred.
Commitment to Equity, Diversity, and Inclusion
At Vanderbilt University, we are intentional about and assume accountability for fostering advancement and respect for equity, diversity, and inclusion for all students, faculty, and staff. Our commitment to diversity makes us who we are. We have created a community that celebrates differences and lets individuality thrive. As part of this commitment, we actively value diversity in our workplace and learning environments as we seek to take advantage of the rich backgrounds and abilities of everyone. The diverse voices of Vanderbilt represent an invaluable resource for the University in its efforts to fulfill its mission and strive to be an example of excellence in higher education.
Vanderbilt University is an equal opportunity, affirmative action employer. Women, minorities, people with disabilities, and protected veterans are encouraged to apply.
Please note, all candidates selected for an offer of employment are subject to pre-employment background checks, which may include but are not limited to, based on the role for which they have been selected: criminal history, education verification, social media review, motor vehicle records, credit history, and professional license verification.
Vanderbilt University is a center for scholarly research, informed and creative teaching, and service to the community and society at large. Vanderbilt will uphold the highest standards and be a leader in the quest for new knowledge through scholarship, the dissemination of knowledge through teaching and outreach, and the creative experimentation of ideas and concepts. In pursuit of these goals, Vanderbilt values most highly intellectual freedom that supports open inquiry, equality, compassion, and excellence in all endeavors.