Information Security Risk & Compliance Analyst 5442BR Finance & Administration Information Security Office
Professional Area: Employment Category: Fulltime Staff Job Function:Wage Band:
Detailed Job Description The Information Security Risk and Compliance Analyst focuses their efforts on compliance-related risk, research, policy, and projects in support of the strategy and mission of the Information Security Office. As a member of the ISO team, this role helps reduce risk to RIT by proactively ensuring that RIT is following current compliance requirements and is positioned to follow future requirements. Generalo Employ a cross-disciplinary approach that comprehends risk/policy/technology o Research best practices in higher education/medical/business around compliance and determine the best controls to meet multiple compliance initiatives o Identify operations and business functions that may require compliance o Identify and develop needed compliance trainingo Understand administrative, technical, and operational controls related to complianceo Understand information risk management concepts and applicationo Understand and follow information security best practices, university policies, and information security standards that impact this role, including use of any tools, technologies, services, and processes required to protect the university's information assetso Participate in the evaluation and selection process for enterprise solutions to achieve compliance, including development of technical requirements and application assessments o Act as the technical liaison to university-wide functional areas to ensure adherence to compliance regulations and university standards o Monitor and provide guidance on IT controls for complianceo Work with application owners and administrators on the planning and scheduling of compliance-related application maintenance, upgrades, and all other associated service overhead for relevant third-party enterprise applications. o Resolve and complete compliance-related service requests and assist in the resolution of compliance-related incidents associated with enterprise applications as assigned.o Build relationships with information security professionals at peer institutions to align best practices and evaluate emerging solutions and areas of needo Understand data security standards and frameworks o Ensure documentation meets requirements, such as vendor-provided Point-to-Point Instruction Manuals (PIMs), system security plans, plans of actiono Work on RIT campus when needed PHIo Understand PHI requirements and controls and how they pertain to HIPAA and research activities at RIT NIST CSFo Understand NIST CSF Guidelines and work with stakeholders to determine applicability and implementation timeline for RIT Research Supporto Comprehend security requirements for research, such as NIST 800-171, DFARS, ITAR, Export Controls, and their applicability to RITo Ensure that researchers follow CMMC Level 3 Good Cyber Hygiene requirements. o Develop required framework and training to meet relevant compliance requirements. PCIo Comprehend PCI regulations and insure that all payment card processing meets PCI regulations and university standards. o Interface with the campus Controller's office advising on best practices and assisting in addressing routine issues to comply with the PCI Data Security Standards. o Perform annual PCI readiness reviews with each payment card processing functional area and communicate changes in PCI standards.o Ensure that the integration of payment processing applications into business software is done in accordance with PCI regulations and university standards o Act as the primary point of contact with the Procurement Services Office for software license agreements related to payment processing applications o Work collaboratively to develop, manage, and administer annual PCI Training for university-wide functional areas that process payment cards o Assist with completion of PCI self-assessment questionnaires including providing support and maintaining documentation
Required Minimum Qualifications ? Excellent interpersonal and customer service skills ? Demonstrated ability to collaborate with colleagues and customers from different levels of the organization and with varied levels of technical understanding ? Flexible, proactive and possessing a can-do attitude, with a willingness and enthusiasm for learning new technologies and techniques that support evolving needs ? Possessing a blend of intellectual curiosity, creativity, persistence, commitment, passion and optimism, with a continual desire for self-improvement and learning ? Experience with regulatory and industry requirements such as PCI-DSS, FERPA, GLBA, HIPAA, DFARS, CMMC, etc. ? Ability to analyze complex business functions to evaluate risks and potential security and compliance issues. ? Ability to apply innovative and creative thinking to meet new challenges. ? The self-initiative to receive general guidance on an objective and to achieve that objective with minimal managerial guidance. ? Excellent analytical, problem solving, and troubleshooting skills. ? A willingness and ability to work as part of a team as well as in an individual contributor role. ? Ability to adapt to new organizational, business and technical environments. ? A willingness to work casual overtime on a periodic basis and accept after hours on-call responsibilities. ? Possessing a professional demeanor
Required Application Documents
How to Apply In order to be considered for this position, you must apply for it at: http://careers.rit.edu/staff. Click the link for search openings and in the keyword search field, enter the title of the position or the BR number.
Rochester Institute of Technology, the 10th largest private university in the U.S., is among the worlds leading technological universities. Its 18,000 undergraduate and graduate students from all 50 states and more than 100 countries are enrolled in over 200 academic programs, including 7 interdisciplinary Ph.D. programs. A pioneer in experiential education, RIT was the first to offer undergraduate degree programs in biotechnology, information technology, software engineering, and microelectronic engineering. As home to the National Technical Institute for the Deaf, the university offers unparalleled academic opportunities and services for the deaf and hard-of-hearing. Founded in 1829, RIT has 115,000 alumni throughout the United States and around the world. RIT has been named by the Chronicle of Higher Education as one of the Great Colleges to Work For. RIT is a National Science Foundation ADVANCE Institutional Transformation site, and is responsive to the needs of dual-career couples through the Upstate NY Higher Education Recruitment Consortium. For more information, visit www.rit.edu/overview/rankings-and-recognition and www.rit.edu.
As a member of the RIT community employees receive a well-balanced benefits package that offers a variety of choices and access to additional employment advantages. These benefits, combined with an employees pay, provide a total compensation package that can be tailored to meet your needs. More on RITs Benefits, Health & Wellness program can be found at: https://www.rit.edu/fa/humanresources/content/benefits-health-and-wellness
RIT does not discriminate. RIT is an equal opportunity employer that promotes and values diversity, pluralism, and inclusion. For more information or inquiries, please visit RIT/TitleIX or the U.S. Department of Education at ED.Gov
Copyright 2017 Jobelephant.com Inc. All rights reserved.
Founded in 1829, Rochester Institute of Technology is a diverse and collaborative community of engaged, socially conscious, and intellectually curious minds. Through creativity and innovation, and an intentional blending of technology, the arts and design, we provide exceptional individuals with a wide range of academic opportunities, including a leading research program and an internationally recognized education for deaf and hard-of-hearing students. Beyond our main campus in Rochester, New York, RIT has international campuses in China, Croatia, Dubai, and Kosovo. And with more than 19,000 students and more than 125,000 graduates from all 50 states and over 100 nations, RIT is driving progress in industries and communities around the world. Find out more at www.rit.edu .