University of Utah
Data Security Analyst
University of Utah, Salt Lake City, Utah, United States, 84193
Job Summary
The Data Security Analyst will work with the Office of Sponsored Projects (OSP) and the Governance, Risk and Compliance (GRC) team as part of the University’s Vice President of Research (VPR) and Information Security Office (ISO) respectively. The analyst will report to the Director of Governance, Risk & Compliance in ISO.The Data Security Analyst participates in the University’s ongoing efforts to move forward research compliance with cyber security requirements as outlined in grants and contracts. To support this effort, the analyst will perform assessments of grants and contracts which contain elements of compliance with a cyber security control framework such as NIST 800-171 in accordance with the Cybersecurity Maturity Model Certification (CMMC). The analyst will work closely with the Principal Investigators (PI’s) and their staff on the development of System Security Plans (SSP’s), Plans of Action & Milestones (POA &M), and all other pertinent compliance documentation as applicable. The analyst will work directly with PI’s and their staff to translate the specifics of the cyber security requirements around Controlled Unclassified Information (CUI) and promoting cyber security awareness. The analyst will also assist in the ongoing review and maintenance of cyber security compliance documentation. Working well in a small team environment is a critical aspect of this position. The data security analyst must be a self-starter that requires minimal supervision.Responsibilities
Conduct assessments of proposed sponsored research grants and contracts to identify and measure information security risks for environments in scope.Act as the Subject Matter Expert (SME) with regards to CMMC and CUI.Maintain a working knowledge of policies, rules, procedures, and guidelines from the University of Utah’s regulations website.Maintain a working knowledge of the Federal Acquisition Regulation (FAR), Defense Federal Acquisition Regulation Supplement (DFARS), International Traffic in Arms Regulations (ITAR), and the Office of Foreign Asset Control (OFAC).Review and provide analysis for completed compliance documentation.Have an in-depth knowledge of current cyber security control frameworks (NIST CSF, NIST 800-171, NIST 800-53, CIS 18, etc).Prepare and present compliance assessment reports.Collaborate closely with and strengthen partnerships with PI’s and faculty.Identify opportunities to improve compliance posture, proposing solutions for remediating or mitigating potential risks.Manage relationships with security, technology, and business stakeholders to identify and communicate compliance risks and mitigation approaches.Assist in the continuous development, implementation, and ongoing maintenance of SSPs, POA &Ms, and other documentation.Assist with the development and implementation of solutions and processes to remediate policy gaps.Development of guidelines and best practice documents which provide direction to PI’s, faculty, and staff on implementing appropriate controls.Participate in a University wide sponsored research cybersecurity needs assessment to proactively identify our research driven compliance needs on a granular level.Coordination of capabilities assessment for CUI projects with CUI enclave administrators to determine if a project can be managed within an existing enclave or if it will require the creation of an Ad-hoc enclave and associated site security plan.This job description is not designed to contain or be interpreted as a comprehensive inventory of all duties, responsibilities and qualifications required of employees assigned to the job.Minimum Qualifications
Requires a bachelor’s degree in area of specialty or equivalency (one year of education can be substituted for two years of related work experience) and 0-2 years of experience in the field or in a related area. Applicants must demonstrate the potential ability to perform the essential functions of the job as outlined in the position description.Preferences
A master’s degree in information technology or systems, computer science, or equivalent experience in related fields.One or more information security or technology certifications (CISSP, CRISC, CISA, etc.)Experience developing and implementing SSP’s and POA &M’s.Experience with information security in a higher-education and/or healthcare environment.Experience assessing and documenting the design of information security controls to effectively mitigate compliance risks.Additional Information
The University is a participating employer with Utah Retirement Systems ("URS"). Eligible new hires with prior URS service, may elect to enroll in URS if they make the election before they become eligible for retirement (usually the first day of work). Contact Human Resources at (801) 581-7447 for information.This position may require the successful completion of a criminal background check and/or drug screen.The University of Utah values candidates who have experience working in settings with students and patients from all backgrounds and possess a strong commitment to improving access to higher education and quality healthcare for historically underrepresented students and patients.All qualified individuals are strongly encouraged to apply. Veterans’ preference is extended to qualified applicants, upon request and consistent with University policy and Utah state law. Upon request, reasonable accommodations in the application process will be provided to individuals with disabilities.The University of Utah is an Affirmative Action/Equal Opportunity employer and does not discriminate based upon race, ethnicity, color, religion, national origin, age, disability, sex, sexual orientation, gender, gender identity, gender expression, pregnancy, pregnancy-related conditions, genetic information, or protected veteran’s status.
#J-18808-Ljbffr
The Data Security Analyst will work with the Office of Sponsored Projects (OSP) and the Governance, Risk and Compliance (GRC) team as part of the University’s Vice President of Research (VPR) and Information Security Office (ISO) respectively. The analyst will report to the Director of Governance, Risk & Compliance in ISO.The Data Security Analyst participates in the University’s ongoing efforts to move forward research compliance with cyber security requirements as outlined in grants and contracts. To support this effort, the analyst will perform assessments of grants and contracts which contain elements of compliance with a cyber security control framework such as NIST 800-171 in accordance with the Cybersecurity Maturity Model Certification (CMMC). The analyst will work closely with the Principal Investigators (PI’s) and their staff on the development of System Security Plans (SSP’s), Plans of Action & Milestones (POA &M), and all other pertinent compliance documentation as applicable. The analyst will work directly with PI’s and their staff to translate the specifics of the cyber security requirements around Controlled Unclassified Information (CUI) and promoting cyber security awareness. The analyst will also assist in the ongoing review and maintenance of cyber security compliance documentation. Working well in a small team environment is a critical aspect of this position. The data security analyst must be a self-starter that requires minimal supervision.Responsibilities
Conduct assessments of proposed sponsored research grants and contracts to identify and measure information security risks for environments in scope.Act as the Subject Matter Expert (SME) with regards to CMMC and CUI.Maintain a working knowledge of policies, rules, procedures, and guidelines from the University of Utah’s regulations website.Maintain a working knowledge of the Federal Acquisition Regulation (FAR), Defense Federal Acquisition Regulation Supplement (DFARS), International Traffic in Arms Regulations (ITAR), and the Office of Foreign Asset Control (OFAC).Review and provide analysis for completed compliance documentation.Have an in-depth knowledge of current cyber security control frameworks (NIST CSF, NIST 800-171, NIST 800-53, CIS 18, etc).Prepare and present compliance assessment reports.Collaborate closely with and strengthen partnerships with PI’s and faculty.Identify opportunities to improve compliance posture, proposing solutions for remediating or mitigating potential risks.Manage relationships with security, technology, and business stakeholders to identify and communicate compliance risks and mitigation approaches.Assist in the continuous development, implementation, and ongoing maintenance of SSPs, POA &Ms, and other documentation.Assist with the development and implementation of solutions and processes to remediate policy gaps.Development of guidelines and best practice documents which provide direction to PI’s, faculty, and staff on implementing appropriate controls.Participate in a University wide sponsored research cybersecurity needs assessment to proactively identify our research driven compliance needs on a granular level.Coordination of capabilities assessment for CUI projects with CUI enclave administrators to determine if a project can be managed within an existing enclave or if it will require the creation of an Ad-hoc enclave and associated site security plan.This job description is not designed to contain or be interpreted as a comprehensive inventory of all duties, responsibilities and qualifications required of employees assigned to the job.Minimum Qualifications
Requires a bachelor’s degree in area of specialty or equivalency (one year of education can be substituted for two years of related work experience) and 0-2 years of experience in the field or in a related area. Applicants must demonstrate the potential ability to perform the essential functions of the job as outlined in the position description.Preferences
A master’s degree in information technology or systems, computer science, or equivalent experience in related fields.One or more information security or technology certifications (CISSP, CRISC, CISA, etc.)Experience developing and implementing SSP’s and POA &M’s.Experience with information security in a higher-education and/or healthcare environment.Experience assessing and documenting the design of information security controls to effectively mitigate compliance risks.Additional Information
The University is a participating employer with Utah Retirement Systems ("URS"). Eligible new hires with prior URS service, may elect to enroll in URS if they make the election before they become eligible for retirement (usually the first day of work). Contact Human Resources at (801) 581-7447 for information.This position may require the successful completion of a criminal background check and/or drug screen.The University of Utah values candidates who have experience working in settings with students and patients from all backgrounds and possess a strong commitment to improving access to higher education and quality healthcare for historically underrepresented students and patients.All qualified individuals are strongly encouraged to apply. Veterans’ preference is extended to qualified applicants, upon request and consistent with University policy and Utah state law. Upon request, reasonable accommodations in the application process will be provided to individuals with disabilities.The University of Utah is an Affirmative Action/Equal Opportunity employer and does not discriminate based upon race, ethnicity, color, religion, national origin, age, disability, sex, sexual orientation, gender, gender identity, gender expression, pregnancy, pregnancy-related conditions, genetic information, or protected veteran’s status.
#J-18808-Ljbffr