GRC Security Analyst

PositionTitle: GRC Security Analyst

Employee Classification: Enterprise Sys Sec AdminInter

College/Division: Information Technology

Department: 450473-IT INFORMATION SECURITY

Internal or External Search:External - Open to all applicants

Location: Las Cruces

Offsite Location (if applicable):

Target Hourly/Salary Rate:

Appointment Full-time Equivalency: 1.0

Exempt or Non-Exempt: Exempt

Summary: This role supports the design and implementation of systems and procedures that safeguard data systems and databases from unauthorized access. It involves monitoring and maintaining security measures identifying and resolving violations and helping communicate security protocols to relevant departments.

Classification Summary:
Assist in the planning development and implementation as well as monitor evaluate and maintain systems and procedures to protect the data systems and databases from unauthorized users. Identifies reports and resolves security violations. Participates in communicating security procedures to user departments.

Classification Standard Duties:
Implement monitor and maintain systems and procedures to protect NMSU data. Identify potential threats and respond to reported security violations. Determine causes of security violations and recommend corrective actions to ensure data security. Implements changes in procedures and systems to enhance data systems security. Provide security advice and guidance to system administrators network engineers management and external departments. Collaborate on solutions to mitigate risks and enhance system security. Administers the processes for managing improper use of network services to include copyright violation SPAM email etc. Assist in developing security awareness materials security presentations and information security training sessions. Participate in physical security projects and develop physical security and safety skill sets. Perform security audits risk analysis and application-level vulnerability testing and reviews. Collaborate on solutions to mitigate risks and enhance system security. Assists in implementing cost effective security controls to meet institutional security requirements. Participates in security projects including requirements definition task planning research testing implementation and management.

Required Education Experience Certification/License Equivalency
Required Education:Bachelors degree in a related field.; Required Experience:One year related experience required.; Equivalency:None; Required Certification/License:

Knowledge Skills and Abilities
KNOWLEDGE:University and department policies and procedures; principles and practices of organization and administration; principles of supervision training and performance evaluation; Common Information security and computer network access technologies. Technical knowledge in implementing data protection and integrity operating systems and network security authentication and security protocols; SKILLS:Short and long-range planning; problem analysis and resolution; report preparation and presentation; public contact and relations; oral and written communication; strong interpersonal and communication skills to work effectively with a team and other business units.; ABILITIES:Develop and maintain effective working relationships; maintain accurate and orderly records; use independent judgment and initiative; analyze and evaluate information; ability to maintain operational computer and network security firewall administration virus protection intrusion detection and prevention automated security patching and vulnerability scanning systems; ability to administer information security programs including risk assessments and forensic research gathering metrics and reporting status. Must be circumspect and act with integrity and discretion.

Job Duties and Responsibilities
The GRC Security Analyst plays a key role in advancing the universitys information security strategy by leading initiatives related to governance risk management and compliance. This position directly supports the CISO in building a robust and sustainable security program that protects institutional data ensures regulatory compliance and reduces cybersecurity risk across the university.

The analyst will be responsible for developing implementing and maintaining security policies risk assessments and compliance frameworks aligned with higher education and industry standards. By partnering with university stakeholders the analyst will help ensure that security practices are embedded across the organization and that the institution meets all relevant legal regulatory and policy obligations.

Preferred Qualifications

Special Requirements of the Position
ITIL Preferred on site position

Department Contact: Dennis Coriell

Contingent Upon Funding:Not Applicable

Bargaining Unit Eligibility:This is NOT a bargaining unit position with American Federation of State County & Municipal Employees (AFSCME).

Standard Work Schedule:Standard (M-F 8-5)

If Not a Standard Work Schedule:

Working Conditions and Physical Effort

Environment: Work is normally performed in a typical interior/office work environment.

Physical Effort: No or very limited physical effort required.

Lifting Requirements: Requires handling of average-weight objects up to 10 pounds or some standing or walking.

Risk: No or very limited exposure to physical risk.