Details
Posted: 09-Jun-22
Location: Bronx, New York
Salary: Open
About Fordham:
Founded in 1841, Fordham is the Jesuit University of New York, offering an exceptional education distinguished by the Jesuit tradition to more than 16,000 students in its nine colleges and schools. It has residential campuses in the Bronx and Manhattan, a campus in West Harrison, N.Y., the Louis Calder Center Biological Field Station in Armonk, N.Y., and the London Centre in the United Kingdom.
The University offers a comprehensive benefits package that includes medical, dental, and vision insurance; flexible spending accounts; retirement plans; life insurance; short and long-term disability; employee assistance program (EAP); tuition remission; and generous time off.
Successful candidates should have a knowledge of and commitment to the goals of Jesuit Education.
Department: Information Technology
Campus: Rose Hill (RH) - Bronx
Position Summary:
The Senior IT Risk Analyst will execute all IT Risk Analyst efforts. The Analyst may execute the audit of IT Policies developed by the Information Security and Assurance division. Successful candidates will work with their Senior Director to analyze and report on acceptable levels of risk for the enterprise and work to ensure the University is both compliant with applicable laws and agreements regarding data handling and using the appropriate IT Risk framework to report and manage IT and Third Party Risk. Support the university's data privacy program, assist in mapping the flow of data throughout all university systems, both internal and external to the university, and ensuring all data, and systems meet continuity standards. The Analyst may also assist the University's Internal Audit department to perform audits of Information Technology processes.
Essential Functions:
- Participates in audits against the University's risk framework and generates reports that will be shared with the DPO, CISO, and executive management after being approved by the manager;
- Assists the in the privacy program and to oversees the generation of reports that will be shared with the DPO, CISO, and executive management regarding adherence to privacy standards;
- Be familiar with applicable laws and agreements;
- Maintains expertise on privacy and continuity trends through training, research and development in order to mitigate privacy and continuity issues;
- Executes formal risk analysis for various Information Services systems and processes, including internal actors and/or third parties;
- Oversees the developing of IT and University wide policies to ensure that security and privacy standards are met;
- Ensures that the Office of Information Technology and the University proper adhere to all IT policies and procedures by assisting with policy audits;
- Works with the DPO to identify areas of concern within contracts with third parties and makes recommendations for privacy and continuity mitigation in these contracts;
- Enters and maintains the remediation of risks and compliance issues in the Information Security and Assurance's online risk management system;
- Assists in the maintenance and administration of the Information Security and Assurance's online risk management system as directed;
- Assists in the performance of IT Audits, assisting Internal Audit where needed;
- Maintains expertise on risk and compliance trends through training, research and development in order to mitigate risk, privacy and compliance issues.
Required Qualifications:
- Bachelor's degree in Computer Science or a related field;
- Five (5) years of experience in IT risk and/or compliance;
- Be familiar with applicable laws, acts, standards, and agreements, including, but not limited to, including, but not limited to the General Data Protection Regulation (GDPR), Family Educational Rights and Privacy Act (FERPA), Health Insurance Portability Accountability Act (HIPAA), NIST CyberSecurity Framework (CSF), NIST 800-53, NIST 800-171, Gramm-Leach-Bliley Act (GLBA), Communications Assistance for Law Enforcement Act (CALEA), Payment Card Industry Standards (PCI), other applicable privacy laws, etc;
- Prior position and experience in information security, privacy, data governace or data protection;
- Knowledge of authoritative standards, guidelines, and best practices relative to information security;
- Organized, responsive, and highly thorough problem solver;
- Strong customer focus;
- Excellent written, oral communication and presentation skills. Must be articulate, persuasive and capable of communicating security-related concepts to a broad range of technical and non-technical staff;
- Must be able to work independently and be a team player at the same time;
- Good organizational and time management skills;
- Capable of understanding of the University's business needs, with the ability to establish and maintain credibility as a member of the assurance team.
Preferred Qualifications:
- Experience as a security or technology administrator in a Higher Education or similarly decentralized environment;
- Relevant information security, risk, and privacy certifications (e.g., CISSP, CISA, GIAC, CRISC, CIPM, CIPT);
- Experience with IT auditing and/or risk management;
- Knowledge of online GRC tools, specifically OneTrust.
EEO Statement:
Fordham University is committed to excellence through diversity and welcomes candidates of all backgrounds.
Fordham is an Equal Opportunity Employer – Veterans/Disabled and other protected categories
