DescriptionThe IT Administrator/Analyst II position will be information security analysts directed by the Chief Information Security Officer. As a Security Analyst, you will play a pivotal role in safeguarding the University’s digital assets and sensitive information. Leveraging your experience, you will assist with the development and implementation of robust security measures to identify, assess, and mitigate potential risks. Your general responsibilities will include incident response, analyzing vulnerabilities, and recommending effective countermeasures to ensure the integrity, confidentiality, and availability of our systems, particularly with respect to Governance, Risk and Compliance as it relates to information security. Collaborating closely with cross-functional teams and departmental leadership, you will also provide guidance on emerging threats to develop security solutions, including the evaluation of risk, costs to the university, and impact to the university community.
Responsibilities- Participate in IT security incident response services for all UT Knoxville departments, units, and colleges
- Contribute to the design, deployment and management of technical security solutions, including systems, networks, SaaS, PaaS, and/or databases
- Engage directly with University of Tennessee, Knoxville personnel on problem resolution, training, and policy and procedure guidance regarding IT security
- Assist in the implementation of the GRC program to support business objectives, aligned with industry best practices and regulatory requirements.
- Assist to define and monitor IT risk and compliance training programs.
- Assist in conducting risk assessments, supporting the development and adherence of risk mitigation strategies, and maintaining the risk register.
- Support audit activities by gathering evidence, conducting preliminary assessments, and assisting in the remediation of audit findings.
- Assist in evaluating and managing risks associated with third-party vendors and service providers through vendor risk assessment processes.
- Evaluate SaaS security solutions including risk, costs to the university, and impact to the user community
- Provide guidance for cloud solutions such as Azure, AWS, GCP, and OCI
- Provide technical evaluation on IT security solutions, frameworks, techniques, and applications
- Provide guidance in the holistic development and enhancement of the IT Security Program
QualificationsRequired Qualifications:
- High School diploma or GED
- Two (2) years’ experience providing Information Security services for enterprise
- Knowledge of advanced security concepts and enterprise responses
- Ability to produce highly technical reports and communicate importance to stakeholders
- Knowledge of security concepts and enterprise responses associated with cybersecurity.
- Ability to correlate current security trends into protection mechanisms/mitigation for UTK.
- Ability to work directly with personnel and provide solutions based on risk and business needs.
- Ability to produce highly-technical reports and communicate importance to different shareholders.
- Knowledge of compliance standards/frameworks/maturity models
- Advanced organization, communication, analysis, and troubleshooting skills.
Preferred Qualifications:
- Bachelor’s Degree in IT related field
- Three (3) to five (5) years’ experience providing Information Security services for enterprise
- Experience in Higher Education serving in a technical security role
- ISC2 CISSP (Certified Information Systems Security Professional)
- SANS Certification(s) particularly Risk Management focused
- Ability to create, communicate, and maintain policy/program-level documents.
- Ability to interface with senior technical and business management.
- Knowledge specific to compliance standards/frameworks/maturity models employed by the University
Applicants must be legally authorized to work in the United States on a full-time basis without need now or in the future for sponsorship for employment visa status.