Information Security Analyst
California State University, Northridge in California
|Deadline||Open until filled|
|Date Posted||December 9, 2013|
|Salary||Commensurate with experience|
Information Security Analyst (Job ID 3175)
(Information Technology Consultant)
Under general supervision of the Information Security Officer (ISO), is responsible for risk management activities including university security assessments against policy and standards, application and service provider security assessments, university-wide threat analysis, and Intrusion Detection/Prevention. Coordinates activities related to the day-to-day management of the university-wide Information Security (IS) Awareness Training program and related outreach activities, reviews and recommends updates to the annual IS Plan, Policies and Standards, maintains the IS web page, and coordinates the completion of externally-led audit remediation activities. Serves as the backup analyst for forensic investigations, incident response, security systems/server administration, and reports/inquiries submitted by members of the university community to the Office of Information Security via email, phone, and the case management system. Conducts regular security/risk assessments and internal security audits to identify gaps between campus policy/standards and current practices and procedures; generates remediation action plans and manages through to completion with key stakeholders and system owners; conducts university-wide threat assessments, and recommends updates to the annual IS Plan, Policies and Standards; and conducts confidential data and protected data system reviews. Coordinates with campus procurement, vendors, and campus stakeholders to conduct documented product and service-provider security risk assessments for on-premise and cloud-hosted solutions; manages the day-to-day operations of the campus-wide IS Awarness Training program, including online training management systems, development and distribition of preiodic awareness updates via various communication channels, campus events, and targeted training sessions and department/college presentations for specialized risk areas; e.g. PCI, FERPA, HIPAA, Red Flags. Generates security reports and key metrics, and produces management-level summaries. In partnership with network engineering, monitors and tunes the university Intrusion Detection Systems; Performs other duties as assigned.
Equivalent to graduation from an accredited four-year college or university in Information Security, Computer Science or a job-related field. Equivalent to five years of full-time, progressively responsible field-related experience in Information Security or related security field, which includes at least two years of experience working independently to complete IS risk and compliance assessments and conduct internal audits/system reviews. Senior level experience in at least three of the following areas: Network Security and Intrusion Detection/Prevention Systems, Data/systems forensics, Endpoint Security, Encryption, Application/Web Development, Server/Desktop/Software virtualization, Storage Area Networks, and server administration highly desirable. Direct experience with completing, threat assessments, documenting security standards, security guidelines, metric reports, and other security documents, and preparing management-level summaries and reports, is highly desirable. Knowledge, Skills and Abilities: Thorough knowledge of the CISSP Information Security domains, risk assessment methodologies, NIST security standards, and California laws and regulations related to data privacy. General knowledge of LAN/WAN network systems, firewalls, VPNs, VoIP, virtual server platforms, storage area networks, web application development, and other information technology systems. Functional knowledge of: Desktop computers (Windows, XP, 7 and MAC OS X), Governance, Risk, and Compliance Systems (Risk Sharing Asset Management (RSAM)), Vulnerability Assessment Systems (Qualys and Accunetix), Forensics Equipment (Encase, BackTrack, media cloning hardware), Anti-Virus and Anti-Malware (Microsoft Security EndPoint (SCCM), Symantec EndPoint, and other AV/AM hardware and software), Awareness Training Software (SkillPort, LearnerWeb, SANS, etc.), Web Content Management System (Drupal), Intrusion Detection systems (Juniper firewall/IDS). Ability and specialized skills to: apply and assess user needs; identify, analyze and address user problems; provide ongoing project leadership to technical development staff; analyze problems and propose effective solution; understand functional and procedural requirements and develop alternative solutions; relate system solutions to departmental management and staff; and communicate effectively both orally and in writing; make presentations; conduct meetings; provide user training; and establish and maintain effective working relationships with others. Excellent interpersonal, communication (written/verbal), analytical, organizational, teamwork and time management skills. Ability to build and maintain positive working relationships as part of a team.
Pay, Benefits, & Work Schedule
The University offers an excellent benefits package.
Anticipated hiring range: $6166 - $6667, dependent upon qualifications and experience.
THE SELECTED CANDIDATE IS REQUIRED TO PASS A THOROUGH DEPARTMENT BACKGROUND INVESTIGATION INCLUDING FINGERPRINT CLEARANCE (LIVESCAN).
The person holding this position is considered a 'mandated reporter' under the California Child Abuse and Neglect Reporting Act and is required to comply with the requirements set forth in CSU Executive Order 1083 as a condition of employment.
How To Apply
Please complete the on-line application/resume upload submission process in order to be considered for any open position within the university and its auxiliaries. The hiring department will contact the best qualified candidates and invite them to participate in the interview process.
This position will remain OPEN UNTIL FILLED.
NOTE: THIS POSITION HAS BEEN RECLASSIFIED AS OF SEPTEMBER 27, 2013. ALL PREVIOUS CANDIDATES WILL BE CONSIDERED BASED ON THE POSTED DUTIES AND QUALIFICATIONS.
For more detailed information on the application and hiring process, please view the link below:
Equal Employment Opportunity
The university is an Equal Opportunity/Affirmative Action Employer and does not discriminate on the basis of race, religion, national origin, gender, gender identity, gender expression, sexual orientation, marital status, age, disability, genetic information, or veteran status.
How To Apply
You can apply for this position online at http://www-admn.csun.edu/ohrs/employment/external_applicants.html