University Information Security seeks an individual who will improve the information security of the organization through information security risk assessments, policy development and maintenance, and exception management. The individual in this role will assess the information security posture of collegiate and administrative units by conducting information security risk assessments through analyzing security controls and processes, interviewing subject matter experts, and reviewing various vulnerability and compliance reports.
Lead and coordinate multiple security risk assessments independently utilizing ISO 27001 / 27002 or other appropriate information security control structures; develop risk remediation plans, and facilitate risk remediation efforts.
Provide consultation on information security regulations and standards, such as PCI DSS, HIPAA, or NIST, to various audiences. Participate in incident response activities as needed.
Monitor and advise on information security needs for systems and processes at the University to ensure the information security controls for the campuses are consistent and appropriate.
Facilitate the information security risk management program by identifying areas most in need of risk assessment, coordinating risk assessments with other information security risk analysts, and utilizing analysis from information security architects.
Consult with administrative and collegiate units to address policy and process related information security risks identified through the information security risk and exception management programs.
Communicate risk assessment results and risk mitigation strategies to senior leaders.
Facilitate the exception management process by tracking exceptions, evaluating associated risks by working with the other information security staff, and coordinating communication with the risk owner.
Develops and maintains information security policies, procedures, standards and guidelines based on industry best practices and compliance requirements.
Assist with information security reviews of vendors and suppliers.
Provide security domain expertise to peers and influence community to enhance their security posture.
University paid contribution (10% of your salary) to your retirement account - vested immediately.
22 paid vacation days per year, in addition to sick leave and 11 paid holidays.
Reduced tuition opportunities covering 75% - 100% of eligible tuition.
Excellent and affordable health care benefits.
Wellness program with opportunity to earn lower health care rates.
Free disability insurance.
Annual merit increase program
Bachelor’s degree and 4 years of relevant work experience or a comparable combination of education, training, and experience.
Experience in security risk assessment.
Knowledge of information security standards (e.g., ISO 27001/27002, etc.), rules and regulations related to information security and data confidentiality (e.g., FERPA, HIPAA, PCI DSS, etc.).
Strong analytical and problem solving skills.
Excellent communication (oral, written, presentation), interpersonal and consultative skills.
Experience communicating with organizational leadership.
Experience with vendor assessment, PCI DSS consultation or audit.
CISSP, CISA or other security certifications desirable.
The University of Minnesota, founded in the belief that all people are enriched by understanding, is dedicated to the advancement of learning and the search for truth; to the sharing of this knowledge through education for a diverse community; and to the application of this knowledge to benefit the people of the state, the nation, and the world.