Vanderbilt University is looking for a Security Analyst to join the Risk and Compliance (RC) Team. As a Security Analyst, you will be acting as a technical escalation point for proactive measures to prevent security risks and compliance issues that could negatively impact the institution. The RC team is a highly communicative team who strives to protect the University and all of its students, faculty, and staff from cyber-attacks while supporting world class Information Technology services. The Security Analyst will be hands-on with team service offerings as well as act as a technical escalation point. They will not only operationally assess, implement, and test risk-based solutions, but will also play a key role in establishing an overall risk management program. They will work closely with both junior and senior members of the team to move the program forward. A successful candidate for this position should ultimately be able to perform tasks independently while using both the team's input and their own prior experience to accomplish tasks.
The Information Security team within Vanderbilt University's Information Technology department provides cyber security services to the institution and associated partners. This position will work closely with the Director of Information Security as a part of the Risk and Compliance (RC) team as well as with other members of Information Security and various entities both inside and outside of the university.
Duties and Responsibilities
Conduct internal risk assessments of existing IT infrastructure and enterprise applications by identifying vulnerabilities, assessing impact and potential mitigations, and clearly articulate recommendations and corrective actions
Conduct risk assessments of new and existing 3rd party cloud applications
Assist with establishing a vulnerability management program by contributing on architecture and design, tooling development and assessment, documentation and reporting, and technical support for resolution of vulnerabilities
Support IT compliance efforts through design review, control testing, and technical consultation in regulatory environments (e.g. NIST 800-171, PCI, FERPA, and other regulatory audits)
Establish and manage highly communicative relationships with stakeholders such as research faculty, the enterprise Audit Risk & Compliance office, and other VUIT departments
Assist in cultivating a risk aware culture through outreach and education
Maintain an up-to-date knowledge of emerging trends in security risks; apply new techniques and trends in-line with overall objectives and risk tolerance
Internal Number: 2000811
About Vanderbilt University
Vanderbilt University is a center for scholarly research, informed and creative teaching, and service to the community and society at large. Vanderbilt will uphold the highest standards and be a leader in the quest for new knowledge through scholarship, the dissemination of knowledge through teaching and outreach, and the creative experimentation of ideas and concepts. In pursuit of these goals, Vanderbilt values most highly intellectual freedom that supports open inquiry, equality, compassion, and excellence in all endeavors.