University of Oregon IT Security Compliance Analyst in Eugene, Oregon
IT Security Compliance Analyst
Apply now (https://secure.dc4.pageuppeople.com/apply/726/gateway/default.aspx?c=apply&lJobID=532583&lJobSourceTypeID=831&sLanguage=en-us) Job no: 532583
Work type: Officer of Administration
Location: Eugene, OR
Categories: Information Technology, Computer and Information Science
Department: Information Services
Appointment Type and Duration: Regular, Ongoing
Salary: $74,000 - $85,000 per year
Compensation Band: OS-OA08-Fiscal Year 2023-2024
Application Review Begins
Review begins on September 28, 2023; position open until filled
Special Instructions to Applicants
To be considered for this position, submit a complete application that includes an online application, resume, and cover letter addressing how you meet the minimum and preferred qualifications.
Information Services (IS) is the central information technology unit at the University of Oregon and provides wide-ranging services to campus. Information Services consists of four major functional areas: Customer Experience, which serves as the key contact point for interactions with campus clients and customers; Applications & Middleware, which manages and supports applications, integration services, identity management and data management; Information Security, which helps protect virtual or physical information; and Technology Infrastructure, which provides administration and support for the software, hardware, and services needed to support the campus IT environment. Information Services also includes the Advanced Network Technology Center. IS works closely with the Network for Education and Research in Oregon.
Established in 1876, the University of Oregon offers a breadth and depth of curricula with more than 270 academic programs and provides the opportunity to work at a respected research university with a strong holistic, liberal arts foundation. The UO also has a history of political and social involvement that embraces diverse beliefs, cultures, and values, and it is committed to environmental responsibility.
The university is also proud of the newly announced Phil and Penny Knight Campus for Accelerating Scientific Impact, an initiative specifically designed to fast-track scientific discoveries and the process of turning those discoveries into innovations that improve the quality of life for people in Oregon, the nation and beyond. Information Services collaborates with Research and Innovation and our schools and colleges to support the research, teaching, and learning mission of the university.
Eugene is the home of the University of Oregon’s main campus. Located in the lush Willamette Valley, Eugene is well-known for outdoor pursuits like running, cycling, rafting, and fishing, as well as arts, music, crafts, brewing, wine-making, and community-supported agriculture. With branches in Portland and on the Oregon coast, the UO is deeply connected to Oregon's natural and cultural treasures.
Reporting to the Director of IT Security Compliance, the IT Security Compliance Analyst will be part of the Information Security Office (ISO) team. This is a technical position, responsible for developing assessment and evaluating controls, implementing and evaluating short-term and long-term goals and objectives for strategically aligning campus needs with IT compliance to university policies, relevant laws, regulations, and requirements for the protection of enterprise systems and data, operational technologies (OT) and other internet of things (IoT) deployed at the University.
The IT Security Compliance will maintain a clear understanding of the research, academic and operational needs of the university, including its infrastructure, assets, identities, and associated risks. This will involve working with IT staff, service owners and other members of the university community to conduct independent assessments of the management, operational, and technical security controls and control enhancements employed within or inherited by an information technology (IT) system to determine the overall effectiveness of the controls. In addition, this position maintains an overview of the new and existing systems deployed across campus and provides high-level situational awareness and warnings about any security controls lapses.
This position uses industry-wide known standards security frameworks from both internal and external sources to develop assessment, monitoring and system alert strategies. As part of the ISO team, the person in this role will collaborate with other members of the team to tailor our risk management program, help prioritize actions, advise system owners, and contribute their expertise during assessment and remediation efforts.
This position requires superior interpersonal skills like empathy, tact, flexibility, and collaboration. Woven through these responsibilities and duties is the need for effective oral and written communication skills to successfully interact with the diverse range of stakeholders at the university. The array of tasks performed by this position requires good organization, the ability to work independently, and to manage multiple, and sometimes competing, priorities.
This position may provide essential services during times of emergencies and inclement weather. This position may be required to fulfill essential services and functions during these times. The incumbent will be part of an on-call rotation and may be expected to work after hours and/or weekends.
• Bachelor’s degree from an accredited college or university or demonstrated equivalent skills and experience
• Three years of experience working in an IT position with significant information security responsibilities. This may include responsibilities as a security professional or as an IT administrator (e.g., network, systems, application, or cloud administrator) with significant experience implementing or supporting security controls. An advanced degree may be substituted for one year of experience.
• Demonstrated expertise in two or more of the following IT Security domains:
IT Systems and Operations
Network Security, Systems and Applications Security
Security and Risk Management / Security Assessment and Testing
• Experience developing security compliance processes and/or audits for external services (e.g., cloud service providers, data centers); AND
• Experience in supporting necessary compliance activities (e.g., ensure that system security configuration guidelines are followed, compliance monitoring occurs)
• Ability to work effectively with faculty, staff, and students from a variety of diverse backgrounds.
• Demonstrated problem-solving skills.
• Ability to adapt within a rapidly changing technical environment.
• Ability to explain technical concepts to audiences with a wide range of technical skills.
• Ability to work independently as well as in a team-oriented, collaborative environment.
• Demonstrated experience in current industry methods for evaluating, implementing, and disseminating information technology (IT) security assessment, monitoring, detection, and remediation tools and procedures utilizing standards-based concepts and capabilities.
• Two years of experience in an operational information security role.
• Certification in or progress toward at least one designation in an information security, risk, compliance or related discipline (e.g. CISSP, SSCP, CSA+, CASP, GESC, GCIA, CEH).
FLSA Exempt: Yes
All offers of employment are contingent upon successful completion of a background inquiry.
The University of Oregon is proud to offer a robust benefits package to eligible employees, including health insurance, retirement plans and paid time off. For more information about benefits, visithttp://hr.uoregon.edu/careers/about-benefits.
The University of Oregon is an equal opportunity, affirmative action institution committed to cultural diversity and compliance with the ADA. The University encourages all qualified individuals to apply, and does not discriminate on the basis of any protected status, including veteran and disability status. The University is committed to providing reasonable accommodations to applicants and employees with disabilities. To request an accommodation in connection with the application process, please contact us firstname.lastname@example.org 541-346-5112.
UO prohibits discrimination on the basis of race, color, sex, national or ethnic origin, age, religion, marital status, disability, veteran status, sexual orientation, gender identity, and gender expression in all programs, activities and employment practices as required by Title IX, other applicable laws, and policies. Retaliation is prohibited by UO policy. Questions may be referred to the Title IX Coordinator, Office of Civil Rights Compliance, or to the Office for Civil Rights. Contact information, related policies, and complaint procedures are listed on the statement of non-discrimination (http://studentlife.uoregon.edu/nondiscrimination) .
In compliance with federal law, the University of Oregon prepares an annual report on campus security and fire safety programs and services. The Annual Campus Security and Fire Safety Report is available online at https://clery.uoregon.edu/annual-campus-security-and-fire-safety-report.
Advertised: August 30, 2023 Pacific Daylight Time