Information Security Analyst

Details

Posted: 05-Mar-24

Location: Pomona, California

Type: Full-time

Salary: Open

Categories:

Information Technology
Staff/Administrative

Internal Number: 5076648

Information Security Analyst
Job No: 535300
Work Type: Staff
Location: Pomona
Categories: Unit 9 - CSUEU - Technical Support Services, Probationary, Full Time, Information Systems & Technology, On-site (work in-person at business location)
Type of Appointment: Full-Time, Probationary
Collective Bargaining Unit: California State University Employees Union - Unit 9
Job Classification: Information Technology Consultant - Career
Anticipated Hiring Amount: $5,000 - $5,800 per month
Work Hours: Monday - Friday 8:00 am-5:00 pm
THE DEPARTMENT
The Division for Information Technology & Institutional Planning provides innovative, strategic, and cost-appropriate technology services in collaboration with the campus community to advance the mission of the University. Technology services are recognized as an essential resource in furthering the University's mission. IT&IP will provide technology solutions, expert consultation, and leadership, resulting in numerous enhancements to the advancement of learning and knowledge and the effectiveness of campus support services and business processes for the entire University.
The Department of IT Security & Compliance is responsible for

• Information Security - Works in collaboration with the campus community to protect the integrity of campus information technology infrastructure to mitigate risks and losses associated with security threats while supporting access to technology.
• Information Compliance - An information technology compliance program to improve the efficiency and effectiveness of the internal controls and assessment processes, monitor regulations for new or changed requirements, and coordinate with internal and external auditors to ensure compliance.
• Business continuity (BC) and disaster recovery (DR) - Work with the University community to establish IT Disaster Recovery and Business Continuity criteria and plans.
• Accessible Technology - Leadership, oversight, and coordination for the campus implementation of the CSU's Accessible Technology Initiative (ATI) to comply with Section 508, WCAG 2.0AA, and WAI-ARIA. It includes each of the three priority areas of ATI: web accessibility, instructional materials accessibility, and procurement.

DUTIES AND RESPONSIBILITIES
Vulnerability Management, Alert Monitoring, and Response

• Monitor and respond to vulnerability analysis, security systems, and processes. Includes campus vulnerability, SIEM systems, EDR, and log management systems. Work with the Information Security Directory, CISO, security staff, and IT staff to perform technical analysis of high-impact vulnerabilities and alerts. Coordinate/verify responses as appropriate and directed by the Information Security Director and/or CISO.
• Monitor and respond to alert monitoring security tools and services, investigate, respond, and escalate as appropriate and directed by the Information Security Director and/or CISO.
• As directed by the CISO and Information Security Director, follow the incident response process, working with appropriate campus security and technical teams as appropriate.
• Participate as requested in approved campus investigations as a representative of the IT Security & Compliance Department by CSU and CPP policy and procedures following accepted industry best practices/principles and ethics, privacy, and confidentiality.

Risk & Compliance
Under the direction of IT Security & Compliance Director and AVP Information Security & Compliance/CISO/CPO:

• Performs risk and control assessments of campus 3rd party products/services, technologies, and new projects.
• Provide expertise in information security, standards, and regulatory compliance.
• Provide recommendations for security controls and remediation of deficiencies to ensure compliance with CSU, campus policy, and regulatory requirements.
• Escalates risks as appropriate and directed by the Information Security Director and/or CISO.
• Provide subject matter expertise for initiatives related to information security and regulatory compliance.
• Provide recommendations to align security operation practices and compliance requirements, which include department and campus partnerships, training, and documentation.
• Collaborate with campus IT and functional departments to assess, design, develop, and implement security controls, including security practices and standards, for campus systems, applications, devices, workstations, and networks for faculty, staff, student, and guest environments.
• Participate in the IT change control process to assess changes for IT risks and security impact.
• Contributes to CSU and campus security and risk assessments, audits, and reports.

Reporting & Communications

• Builds and maintains an effective evidence and metrics-based culture to measure program and process effectiveness.
• Participates in project or task assignments that include research, analysis, testing, documentation, and/or assessments. Includes related documentation and status reporting associated with assigned tasks.
• Provides status reporting to all levels of management.
• Raises security risks to the IT Security Director and AVP Information Security & Compliance/CISO/CPO, or other members of the IT&IP leadership as appropriate, using effective communication about impact, cause, and remediation using campus incident procedures.

Communication & Learning

• Participates in teams and contributes to developing and maintaining security awareness programs for the campus community.
• Participates in teams and shares knowledge with other IT&IP team members and the campus community through cross-training, presentations, etc.
• Promotes awareness of IT&IP security and compliance by working with IT and campus management. An awareness and training program that focuses on the elements of the compliance program seeks to ensure that all appropriate employees and management know and comply with pertinent federal, state, and CPP policies and standards.
• Works with faculty, staff, and students on cyber security initiatives and partnerships (grants, cyber fair, etc.)
• Demonstrates ongoing and self-motivated pursuit to enhance knowledge and skills (both technical and non-technical) through formal and informal training, conferences/events, informal learning plans, professional memberships, etc.
• Actively participates in California State University (CSU) system-wide meetings and discussions as appropriate or directed.
• Maintains a broad knowledge base on the latest information security issues related to job duties.
• Maintain currency in practices, procedures, and guidelines for compliance with federal and state laws related to information security and applications.
• Attend division, department, or other meetings as directed.

QUALIFICATIONS

• Bachelor's degree in Computer Science, Computer Information Systems, Information Systems, Telecommunications, Engineering, Engineering Technology or a related field
• Two (2) years of relevant full-time experience or the equivalent part-time OR eight (8) years relevant full-time experience OR an associate degree in Computer Science, Computer Information Systems, Information Systems, Telecommunications, Engineering, Engineering Technology, or a related field with four years of relevant full-time experience.
• Functional knowledge of the specialty area demonstrated by an understanding and use of advanced principles and theories; ability to integrate work-related knowledge to address problems; demonstrates competency in applying standard and non-standard technology applications and exploring and adapting changing technology, independently applies technical judgment; recognizes problems, uses reasoning and logic to establish possible causes, interprets and applies theories and principles, generates alternative solutions, implements a plan of action for the best resolution; develops solutions where precedents do not always exist. Ability to be proactive, anticipate outcomes and consequences of different approaches and make modifications to action plans; demonstrates competence at interpreting and communicating information; demonstrates reflective listening skills when working with others; assists others in completing assignments and provides work direction and training to others on new skills and procedures, ability to plan and work on shared projects.

Preferred Qualifications

• Master's level degree in Computer Science, Computer Information Systems, Information Systems, Telecommunications, Engineering, Engineering Technology, or a related field.
• Relevant professional certifications, such as CISA, CISSP, CIA, ITIL
• Experience working in an IT operations, compliance, or audit function.
• Knowledge and experience with Windows and MAC-based personal computers in an enterprise-wide environment, demonstrated by the ability to troubleshoot end-user issues, research and recognize problems, identify possible causes, and assist users with resolutions and/or alternatives. Demonstrated by the ability to independently locate and analyze supporting information, such as technical information, instructions, procedures, guidelines, etc.
• Knowledge and experience with mobile and/or cloud technologies/applications in an enterprise environment.
• Familiarity with/or experience applying regulatory requirements and standards such as PCI DSS, HIPAA, GLBA, Red Flag Rule, GDPR, FERPA, etc.
• Knowledge or experience with system management and security/control procedures
• Knowledge or experience with data communication, network architecture, configuration, protocols, and interfaces.
• Knowledge of networking technologies, including TCP/IP, DNS, DHCP, routing, and firewall configuration and operation.
• Experience with security tools, processes, or procedures, such as vulnerability scanning, security information and event management systems (SIEMs), log management, incident response, etc.
• Knowledge of modern programming languages, including PowerShell, ASPX, VBScript, SQL, Shell Scripts, and Perl.
• Ability to debug complex technical problems with modern computer operating systems, applications, and networks.
• Experience maintaining system, application, or data security/integrity supported by standards or procedures, such as end-point security, system security, application security, configuration management, and/or access management.
• Experience evaluating security requirements and/or adequacy of IT controls and security measures with appropriate recommendations.
• Familiarity with control frameworks such as CobiT, ITIL, ISO27001, NIST.
• Experience providing system administration/support in a higher-education environment.
• Ability to quickly and accurately aggregate, analyze, and review large volumes of technical and non-technical information to support multiple assessments, such as audits, compliance, vulnerabilities, incidents, investigations, etc.

• Ability to recognize problems, use reasoning and logic to establish possible causes, interpret and apply theories and principles, generate and evaluate alternative solutions, and devise and implement a plan of action for the best resolution within organizational constraints. Able to develop solutions where precedents do not always exist.
• Ability to apply appropriate judgement to seek guidance and escalate risks.
• Excellent oral and written communication skills required to communicate to technical and non-technical audiences in a team environment, including experience preparing and presenting
• information clearly and concisely to a wide range of constituencies, including end-users and executives.
• Demonstrated consultative, interpersonal, and communications skills required to work with diverse technical and non-technical audiences to develop and promote high-performing teams, partnerships, inclusivity, and transparency with others.
• Demonstrated ability to offer constructive opinions and alternative solutions to a problem and be supportive of the final decision once it has been made.
• Excellent interpersonal and team skills demonstrated reflective listening skills in working with others to interpret and identify needs and requirements and develop successful solutions. Includes actively participating as a team member by listening to the ideas of others. Also demonstrated by the ability to interact professionally with colleagues and guests.
• Ability to plan and work on shared projects and tasks to achieve established objectives demonstrated by experience organizing tasks and working within timeframes and deadlines.
• Demonstrated by the ability to work with a team to accomplish shared objectives, as well as the ability to anticipate needs and act accordingly.
• High ethical standards and business acumen.
• Ability to develop and evaluate information security standards, procedures & guidelines compliance using industry-accepted best practices and standards.

Out of State Work
The California State University (CSU) system is a network of twenty-three public universities providing access to a quality education through the support of California taxpayers. Part of CSU's mission is to prepare educated, responsible individuals to contribute to California's schools, economy, culture, and future. As an agency of the State of California, the CSU's business operations almost exclusively reside within California. The CSU Out-of-State Employment Policy prohibits hiring employees to perform CSU-related work outside California. See policy at https://calstate.policystat.com/v2/policy/10899725/latest/ .
Background Check
Cal Poly Pomona will make a conditional offer of employment to final job candidates, pending the satisfactory completion of a background check (including a criminal records check).
The conditional offer of employment may be rescinded if the background check reveals disqualifying information, and/or it is discovered that the candidate knowingly withheld or falsified information.
In determining the suitability of the candidate for the position, Cal Poly Pomona will give an individualized assessment to any information that the applicant submits for consideration regarding the criminal conviction history such as the nature, gravity and recency of the conviction, the candidate's conduct, performance or rehabilitation efforts since the conviction and the nature of the job applied for.
For more information, go to https://calstate.policystat.com/policy/13813878/latest/ .
Employment Eligibility Verification
Cal Poly Pomona hires only individuals lawfully authorized to work in the United States. In compliance with federal law, all persons hired will be required to verify identity and eligibility to work in the United States and to complete the required employment eligibility verification form upon hire. See Form I-9 Acceptable Documents at https://www.uscis.gov/i-9-central/form-i-9-acceptable-documents .
Child Abuse/Neglect Reporting Act (CANRA)
The person holding this position is considered a 'mandated reporter' under the California Child Abuse and Neglect Reporting Act and is required to comply with the requirements set forth in CSU Executive Order 1083 as a condition of employment. See policy at https://calstate.policystat.com/v2/policy/10927154/latest/ .
Security & Fire Safety
In compliance with state and federal crime awareness and campus security legislation, including The Jeanne Clery Disclosure of Campus Security Policy and Crime Statistics Act, California Education Code section 67380, and the Higher Education Opportunity Act (HEOA), Cal Poly Pomona's Annual Security Report and Annual Fire Safety Report are available for viewing at: https://www.cpp.edu/pdfs/annual_security_report.pdf and https://www.cpp.edu/housing/documents/fire_safety_report.pdf .
Pay Transparency Nondiscrimination
As a federal contractor, Cal Poly Pomona will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. For more information, see the Pay Transparency Nondiscrimination Provision poster .
CSU Classification
This position is part of the CSUEU bargaining unit, the CSU Classification Standards for this position are located on the following site, https://www.calstate.edu/csu-system/careers/compensation/Pages/Classification-Standards.aspx . The CSU Salary Schedule is located on the following site: https://www.calstate.edu/csu-system/careers/compensation/Pages/salary-schedule-documents.aspx . The classification salary range for this position according to the respective skill level is minimum $4,678 and maximum $11,547 per month. Please refer back to the anticipated hiring range for the appropriate salary rate for this particular position.
Reasonable Accommodation
We provide reasonable accommodations to applicants and employees with disabilities. Applicants with questions about access or requiring a reasonable accommodation for any part of the application or hiring process should contact the ADA Coordinator by email at [email protected] . More information is available at: https://www.cpp.edu/eoda/employee-labor//access-accommodations/index.shtml .
EEO
Cal Poly Pomona is an Equal Opportunity Employer. The University subscribes to the pay transparency nondiscrimination provision and all state and federal regulations that prohibit discrimination based on race, color, religion, national origin, sex, gender identity/gender expression, sexual orientation, marital status, pregnancy, age, disability, genetic information, medical condition, and covered veteran status. More information is available at: https://www.dol.gov/sites/dolgov/files/OFCCP/pdf/pay-transp_%20English_formattedESQA508c.pdf and at https://www.cpp.edu/eoda/employee-labor/documents/aa-eeo-doc/policy-statement_2022-aap-for-california-state-polytechnic-university-pomona_confidential_20220127.pdf .
Other Notices
For other important employment notices, we invite you to visit Cal Poly Pomona's Employment Notices web page.
Advertised: January 30, 2024 (9:00 AM) Pacific Daylight Time
Applications close: March 15, 2024 (11:55 PM)
To apply, visit https://careers.pageuppeople.com/873/po/en-us/job/535300/information-security-analyst
Copyright 2022 Jobelephant.com Inc. All rights reserved.
Posted by the FREE value-added recruitment advertising agency
jeid-73dc7ec0cf424f438f8c783d52784434

Create a Job Alert for Similar Jobs
Logo
About Cal Poly Pomona
Cal Poly Pomona consistently ranks among the best universities in the country when it comes to quality education, affordability and career prospects for graduates. As an inclusive polytechnic university, we cultivate success through experiential learning, discovery and innovation. U.S News noted Cal Poly Pomona was eighth most diverse among regional universities in the West and tenth most diverse in the nation. Nowhere else can students ride an Arabian horse, practice on a Steinway piano, bring a new product to market, and build a liquid-fueled rocket.
Connections working at Cal Poly Pomona
More Jobs from This Employer
https://main.hercjobs.org/jobs/19833512/information-security-analyst
Return to Search Results