Information Security Policy, Compliance and Risk Analyst

JOB SUMMARY

Under the general direction of the Chief Information Security Officer the Information Security Policy Compliance and Risk Analyst is responsible for the development and operation of UConns Information Security Governance Risk and Compliance activities. The analyst develops policy recommendations standards risk assessments and technical solutions. This role will assess develop and maintain a set of defined control standards designed to improve UConns information security posture through periodic assessments against the established standards and industry best practices.

The Information Security Policy Compliance and Risk Analyst is responsible for investigating a diverse range of policy compliance and technical issues across multiple platforms working with a wide range of clients whose technical skills range from minimal to analyst works among a team of skilled information security and information technology professionals to assess and address problems within a complex network and cloud environment.

The Information Security Analyst may specialize in a number of areas related to the continuous improvement of policy compliance monitoring detection and mitigation capabilities as part of the Information Security Offices mission. Individual analyst will bring or develop expertise in one or more expertise areas including but not limited to Policy Compliance Vulnerability Management Application Security Firewalls VPN and IDS/IPS Security Architecture and other related Information Security disciplines. The Analyst plans organizes and establishes priorities related to an assignment; works independently with minimal outside support; and handles sensitive information in a confidential manner.

DUTIES AND RESPONSIBILITIES

Information Security Analyst 2

• Build deliver and manage an effective risk management program based on industry standard risk management strategies and frameworks and participate in the development and maintenance of relevant IT policy.
• Lead compliance initiatives such as establishing security standards; performing periodic benchmarking assessments against chosen security standards; implement industry best practices; testing of controls; and engaging in incident response activities as required.
• Coordinate and participate in risk assessment activities and analyze the output of such activities.
• Produce and communicate recommendations to remediate risk in line with business objectives perform security assessments against systems and applications.
• Act as a liaison with third parties who are performing security or risk assessments and drive remediation of issues identified by the assessments.
• Research evaluate and recommend information security related hardware and software and produce maintain and update documentation.
• Manage key security processes for ensuring the Universitys compliance with industry regulations (e.g. NIST 800-171 CMMC 2.0 DFARS 252.204-70xx HIPAA CJIS PCI-DSS) and maintain awareness of external regulations for new or changed requirements.
• Serve as an operational member and technical compliance expert for the universitys Secure Research Infrastructure (SRI) program.
• Draft and maintain systems security plans. Serve as subject matter expert regarding sufficiency of controls and conformance to documented SSP(s) to address regulatory or compliance framework requirements.
• Use security tools (Firewall/VPN Vulnerability Management IDS/IPS SIEM) in identifying and investigating threats to the environment assessing compliance and identifying risk reduction initiatives.
• Administer security tools (such as Vulnerability Management DLP IDS/IPS GRC VRM etc) to prevent threats and reduce risk in the environment.
• Monitor Security Information and Event Management (SIEM) platform and other logging environments for security events and alerts to potential (or active) threats intrusions and/or compromises.
• Triage and respond to service requests from customers and internal teams.
• Participate in incident response activities in the event of cyber security incidents.
• Identify system security gaps perform risk assessments and recommend solutions to ensure the best practices and security measures are being met for university systems.
• Promote security awareness providing direction advice and insight in all areas of information security to faculty staff researchers and students of the university community.
• Maintains awareness of potential and developing threats across applicable industries and disciplines.
• Other duties as assigned.

Additional Job Responsibilities for Information Security Analyst 3

• Design implement and maintain new security solutions.
• Lead major projects / initiatives related to security.
• Integrate security data for use between various applications systems and services.
• Identify enterprise level security gaps perform risk assessments and recommend solutions to ensure best practices and security measures are being met across and between enterprise level systems.
• Creates custom code api/rest integrations or other maintainable integrations to facilitate data gathering / sharing across applications and platforms.
• Ability to operate autonomously and with limited supervision.

MINIMUM QUALIFICATIONS FOR INFORMATION SECURITY ANALYST 2

Note: Applicants must meet all minimum requirements of a specific level to be considered for the position.

• Must be a US Citizen
• Must be eligible to apply for a US Government security clearance.
• Bachelors degree and two (2) years of related information security experience OR
• Associates degree and four (4) years of related information security experience OR
• Six (6) years of related information security experienceand at least one (1) year of experience working in a dedicated information security role.
• Demonstrable practical experience overseeing or participating in projects designed to improve institutional adherence to security policies or regulatory compliance.
• Experience administering a information security tool / platform and interpreting or leveraging the capabilities of that platform.
• Experience administering a data loss prevention system governance risk and compliance system vulnerability management system vendor risk management platform or similar enterprise level platform.
• Knowledge of current security regulatory requirements including (but not limited to) HIPAA CMMC 2.0 NIST 800-171 CJIS and PCI-DSS security requirements.
• Experience conducting security and risk assessments.
• Experience crafting and implementing plans of action and milestones (POAMs)
• Experience and competency in threat management and protection protocols.
• Excellent communication skills and attention to detail and the demonstrated ability to successfully interface with administrators technical and non-technical community members at all levels.
• Demonstrated understanding of common security controls (e.g. Firewalls IPS/IDS Network Architecture Vulnerability Scanners SIEM/SIM).
• Demonstrated ability to weigh business needs against security concerns.
• Demonstrated ability to operate under pressure and manage multiple priorities/deadlines.

ADDITIONAL MINIMUM QUALIFICATION FOR INFORMATION SECURITY ANALYST 3

• Bachelors degree and four (4) years of related information security experience OR
• Associates degree and six (6) years of related information security experience OR
• Eight (8) years of related information security experienceand at least three (3) years of experience working in a dedicated information security role.
• Senior level practical and technical information security experience.
• Demonstrated experience leading compliance and certification efforts for CMMC NIST 800-53 NIST 800-171 DFARS 252.204-70xx HIPAA CJIS or other complex regulatory framework resulting in certification or acceptance of a standards compliance program by a regulating authority or agency.

PREFERRED QUALIFICATIONS FOR INFORMATION SECURITY ANALYST 2

• Relevant information security certification(s) in one or more applicable information security domains.
• Experience in higher education.
• Enterprise scale project management experience.

ADDITIONAL PREFERRED QUALIFICATIONS FOR INFORMATION SECURITY ANALYST 3

• Masters degree in information security computer science information management or related discipline.
• CISSP/CISA/CISM certification or equivalent.

APPOINTMENT TERMS

This is a full-time permanent position. The University offers a competitive salary and outstanding benefits including employee and dependent tuition waivers at UConn and a highly desirable work environment. For additional information regarding benefits visit: rights terms and conditions of employment are contained in the collective bargaining agreement between the University of Connecticut and the University of Connecticut Professional Employees Association (UCPEA).

TERMS AND CONDITIONS OF EMPLOYMENT

Employment of the successful candidate is contingent upon the successful completion of a pre-employment criminal background check.

TO APPLY

Please apply online at Faculty and Staff Positions Search #499074 to upload aresume cover letterand contact information forthree (3) professional references.

This job posting is scheduled to be removed at 11:55 p.m. Eastern time on June 23 2025.

All employees are subject to adherence to the State Code of Ethics which may be found at members of the University of Connecticut are expected to exhibit appreciation of and contribute to an inclusive respectful and diverse environment for the University community.

The University of Connecticut aspires to create a community built on collaboration and belonging and has actively sought to create an inclusive culture within the workforce. The success of the University is dependent on the willingness of our diverse employee and student populations to share their rich perspectives and backgrounds in a respectful manner. This makes it essential for each member of our community to feel secure and welcomed and to thoroughly understand and believe that their ideas are respected by all. We strongly respect each individual employees unique experiences and perspectives and encourage all members of the community to do the same. All applicants will receive consideration for employment without regard to race color religion gender gender identity or expression sexual orientation national origin genetics disability age or veteran status.

The University of Connecticut is an AA/EEO Employer.