Senior Analyst, Information Security Risk & Compliance

Summary:

The Senior Analyst IS Risk & Compliance performs security risk assessments audits and/or inspections of the computing environment for UMGCs customers. The Senior Analyst IS Risk & Compliance is responsible for delivering executing security assessments promoting effective IT internal controls and risk management and providing guidance to IT and business units on all aspects of internal & external audits governance and business process improvements.

Additionally the Senior Analyst IS Risk & Compliance key role is to provide an independent opinion on the suitability of the IT risk management framework and to provide objective assurance that the risks in the business are being appropriately managed and that controls are operating as expected. You will be responsible for implementing the assessment process educating stakeholders building partnerships and socializing security best practices.

Duties and Responsibilities:

• Planning preparation and completion of the assigned audits to include assessing the effectiveness and compliance with policies laws/regulations and best standards.

• You are also expected to conduct Kick-off Meetings IT internal control testing develop IT internal audit plans conduct IT audit closure meetings and provide other IT internal audit services.

• Collaborate with departments to improve security compliance and manage technology risk.

• Assist in developing system security plans (SSPs) and ensure they meet NIST SP 800-171 control requirements and other required standards.

• Assist in developing and/or reviewing IT security policies.

• Provide corrective action support to include developing Plan of Actions and Milestones (POA&Ms) monitor milestones and support completion of action steps for any deficiencies identified in systems.

• Strong understanding of various laws/regulations to include but not limited to CMMC GLBA FERPA PCI-DSS and GDPR and ability to execute audit plans to assess compliance.

• Able to identify relevant IT risks and to properly document the audit/assessment process gaps and remediation steps.

• Collaborates with business units to enhance IT security posture.

• Work closely with security operations team server operations network operations and application teams and ensure security practices comply with applicable laws and regulations.

• Assess security products and effectiveness of various security products to include firewalls intrusion detection systems antivirus patch management etc.

• Review and provide input into network designs to ensure compliance with security and enterprise architecture.

• Provide input and visibility into emerging security technologies deployment strategies and other security protocols to ensure awareness within the IT security branch.

• Review in-house and 3rd-party applications and code for security vulnerabilities and best practices.

• Develop and/or implement automated security assessment testing tools where possible.

• Act as a liaison to interpret external audit requests describe what should be provided and suggest possible options.

• Strong understanding of cloud (Azure) and network environments.

Skills:

• Demonstrated process improvement experience.

• Recognized as a strategic thinker and is results oriented.

• Demonstrated effective strong team player and self-motivator. Ability to work and interface internally with IT and other functional support groups with minimal guidance.

• Demonstrated successful experience in a customer-facing role.

• Excellent written and oral communication skills.

Education & Experience Requirements:

Experience:

• 7 years in IT audit.

• Strong understanding of the NIST 800 special publications (e.g. NIST 800-171 NIST 800-53 Risk Management Framework etc) and DoD CMMC.

• Collaborating with IT and business stakeholders to plan the engagement and develop work program timelines risk assessments and other documents/templates.

• Lead and execute IT audit engagements.

• Experience in applying relevant technical knowledge in the following engagements: (a) ITGC audits; (b) IT internal or operational audits; (c) Service Organization Controls (SOC) Reporting engagements; (d) ERP and cloud security reviews.

• Demonstrating and applying strong project management skills.

• Solid knowledge of and experience with secure web architectures tools and processes.

• Experience auditing network designs network Security wireless Security and client/server security.

• Knowledge of vulnerability assessment/network discovery and associated tools.

• Experience auditing networking technologies.

• Experience auditing applications.

• Enterprise aware (change control downstream impacts understanding of cause and effect change windows etc.).

• Must have the knowledge of IT security technologies such as firewalls intrusion detections systems antivirus patch management etc. and the interest and experience to work on security policy and architecture.

• Knowledge of various control and risk management concepts and methologies as well as knowledge and expertise of all applicable regulations and audit standards such as FERPA PCI-DSS and SSAE-16.

• Advanced understanding of IT general controls (e.g. security change management incident and problem management disaster recovery backup data center infrastructure data protection etc.)

• Competent knowledge of IT and Information Security operations policies and procedures in areas such as Windows Active Directory Unix/Linux and databases. Knowledge of cloud architecture (Azure AWS) operational frameworks and security controls would be beneficial

• Ability to identify issues and associated risks and provide practical solutions to a wide range of audit issues

• Experience of an IT line role would be advantageous but is not essential

• Experience or aptitude for using data analytics tools and techniques in an audit role would be a distinct advantage

• Proficient in the use of Microsoft Office Word Excel PowerPoint

Preferred Experience Requirements:

Education:

• Bachelors Degree

Certifications:

• Certificate of Cloud Security Knowledge

• Certified Computer Examiner (CCE)

• Certified in Risk and Information Systems Control (CRISC)

• Certified Information Security Manager (CISM)

• Certified Information Systems Auditor (CISA)

• Certified Information Systems Security Professional (CISSP)

• Check Point Certified Master Architect (CCMA)

• Check Point Certified Security Expert (CCSE)

• Cisco Certified Network Professional - Security

All submissions should include a cover letter and resume.

The University of Maryland Global Campus (UMGC) is an equal opportunity employer and complies with all applicable federal and state laws regarding nondiscrimination. UMGC is committed to a policy of equal opportunity for all persons and does not discriminate on the basis of race color national origin age marital status sex sexual orientation gender identity gender expression disability religion ancestry political affiliation or veteran status in employment educational programs and activities and admissions.

Workplace Accommodations:

The University of Maryland Global Campus Global Campus (UMGC) is committed to creating and maintaining a welcoming and inclusive working environment for people of all abilities. UMGC is dedicated to the principle that no qualified individual with a disability shall based on disability be excluded from participation in or be denied the benefits of the services programs or activities of the University or be subjected to discrimination. For information about UMGCs Reasonable Workplace Accommodation Policy or to request an accommodation applicants/candidates can contact Employee Accommodations via email at.

Benefits Package Highlights:

• Generous Time Off:Enjoy 22 days of paid vacation 15 days of sick leave 3 personal days and 15 paid holidays (16 during general election years). For part-time employees time off rates will be prorated based on the number of hours worked.
• Comprehensive Health Coverage:Access to health care medical with vision dental and prescription plans for both individuals and families effective from the 1st of the month following your hire date.
• Insurance Options:Term Life Insurance Accidental Death and Dismemberment Insurance and Long-Term Disability (LTD) Insurance. Part-time employees working less than 0.5 FTE are not eligible for LTD.
• Flexible Spending Accounts:Available for medical and dependent care expenses.
• Retirement Plans:Choose between the Optional Retirement Program (ORP) or the Maryland State Retirement and Pension System (MSRPS).
• Supplemental Retirement Plans: include 401(k) 403(b) 457(b) and various Roth options. The university does not provide matching funds.
• Tuition Remission:Immediate availability for Regular Exempt Staff. Spouses and dependent children are eligible for undergraduate tuition remission after two years of service. NOTE: For part-time employees (at least 50 percent of the time) tuition remission benefits are prorated.

Hiring Range: