Information Security Risk & Compliance Analyst
Job Description
HIRING RANGE: $75,000-$85,000 per year, with excellent benefits.
DEPARTMENT: Information & Technology Services
WORK SCHEDULE: FT; M-F, 8:00am-5:00pm, some evening and weekend possible.
GENERAL DESCRIPTION:
The Information Security Risk & Compliance Analyst works as a member of the Information & Technology Services (I&TS) leadership team led by the Chief Information Officer (CIO). Their primary responsibility is to lead the University in establishing and maintaining a university-wide information security program to ensure PLU’s information assets are adequately protected.
The successful candidate will join a tight-knit and welcoming IT organization with a history of support for information security initiatives. As the first dedicated position focused on information security, the Information Security Risk & Compliance Analyst will inherit the benefits of a campus-wide MFA deployment, innovative password lifecycle program, strong SSO architecture, and an active network segmentation effort. Other initiatives in development or planning include an overhauled backup architecture, expanding log management solution, expanding information security training program, and renewed IT asset and inventory management efforts.
ESSENTIAL FUNCTIONS AND RESPONSIBILITIES:
Develop, implement and maintain campus-wide information security plans and policies to ensure compliance with local, state and federal regulations and standards including vulnerability and risk assessments of technology infrastructure, tools and third party vendors.
Oversee university-wide information security training program.
Manage campus wide Data Classification program. Develop a complete inventory of data and applications/systems. Conduct data classification exercises to identify all assets and apply security controls based on defined risk level.
Engage with fellow I&TS team members and other campus partners to ensure appropriate security measures are incorporated in daily tasks.
Collaborate with the Director of Risk Management in reviewing contract documentation for third party vendors ensuring data security measures are adequate and any PLU data shared is strictly protected.
Work with campus departments to ensure information security compliance with regulations and industry requirements (FERPA, GDPR, GLBA, PCI, etc.).
Hold primary responsibility for security and privacy incident investigation and mitigation. This includes evaluating, documenting actions taken, and preparing recommendations for information security and privacy incidents.
Coordinate audit activities including collecting and preparing documentation. Research and propose mitigations for findings related to security and privacy.
Oversee creation and maintenance of Disaster Recovery & Business Continuity plans in conjunction with I&TS leadership.
Serve as lead for security/log monitoring/review/assessment.
Collaborate with I&TS staff in maintaining robust asset management sufficient to ensure incident response capabilities.
Other duties as assigned.
KNOWLEDGE, SKILLS, AND ABILITIES:
Familiarity with information security standards and regulatory requirements for higher education institutions. Including but not limited to GLBA, NIST800-171, HECVAT, PCI, and FERPA.
Demonstrated skills in developing information security policies, procedures and documentation.
Strong project management skills including the ability to prioritize and manage multiple projects and high-level tasks simultaneously.
Ability to read and analyze contracts and other legal documents.
Strong interpersonal skills and ability to effectively communicate with a range of audiences.
Knowledge of and commitment to diversity, equity, and inclusion.
Leadership experience with cross-team/department project management. Ability to lead project teams to desired outcomes.
Critical thinking and problem solving abilities when assessing and managing risk and complex problems.
Strong written and oral communication skills.
REQUIRED QUALIFICATIONS:
Five years of work-related experience, including some experience in information security. Education can substitute for some experience.
High school diploma or GED.
Finalist applicants must satisfactorily complete pre-employment background checks.
PREFERRED QUALIFICATIONS:
Bachelor’s degree in Information Security or related field.
Experience in a higher education IT field ideally related to information security management, risk assessment, creation of documentation, etc.
Experience in higher education supporting students, faculty, and staff.
CISSP, CISM, GIAC, or similar security focused certification.
WORK CONDITIONS:
PHYSICAL REQUIREMENTS:
SPECIAL INSTRUCTIONS TO APPLICANTS: Submit your application materials online to apply at: https://employment.plu.edu/postings/7252
Company Description
PLU is a small, private university where caring means more than kindness and consideration — it means a bold commitment to expanding well-being, opportunity, and justice. Because PLU is a community committed to the creation and advancement of knowledge through diversity and inclusion, the university actively recruits a diverse faculty, staff, and student body. PLU is an equal opportunity employer and welcomes applications from members of historically underrepresented and minoritized groups, women, veterans, persons with disabilities, and others who would bring broadly diverse perspectives, experiences, and backgrounds in educational, research or other work activities. PLU offers an excellent benefits package including tuition remission for employees and their dependents, generous retirement plan, medical, dental, paid vacation and sick leave, major holidays off (including Christmas/New Year’s break and extra time off during the summer), and many other great university benefits. PLU is a qualifying employer under the Public Service Loan Forgiveness Program as a 501(c)(3) tax-exempt organization. For general application questions or if you need accommodations at any point in the application and/or interview process, please contact the Human Resources Office at 253-535-7185 or humr@plu.edu.