Cybersecurity Risk Analyst (nus)

Job Description

Position Summary

As a member of the Information Security team, the Cybersecurity Risk Analyst enhances National University’s information security, information governance, privacy, compliance, and risk management procedures. Reporting directly to the Associate Vice President, Information Security, closely collaborates with Technology Solutions, Product Management, Legal, and other colleagues to identify flaws and vulnerabilities in university and vendor systems to proactively develop solutions that mitigate risk

Essential Functions:

• Identifies and enhances existing control processes with university business and academic leaders.
• Improve internal control.
• Evaluates the effectiveness of existing security controls and recommend enhancements to mitigate identified risks.
• Administers audit and security governance, risk, and compliance (GRC) tools, to document, maintain, and enhance controls.
• Administers third party risk management tools.
• Maintains knowledge of key NIST controls and enhances IT controls and policies accordingly.
• Manages and maintains the controls of the IT audit program.
• Prepares team members and necessary materials for audit meetings (e.g., control design walkthroughs), follow-up requests, and testing.
• Builds testing and validation of IT General Control (ITGC) processes for internal audit.
• Reviews auditor requests to ensure they are appropriately scoped and reasonable and reviews the completeness and accuracy of audit evidence and materials provided by internal team members prior to auditor submission.
• Ensures team member accountability for completing audit assignments on time with the appropriate level of priority, thoroughness, and accuracy, according to documented procedures.
• Identifies and ranks the inventory of third parties that pose a risk to the university.
• Collects the necessary security and auditing information from third parties, analyzes, and recommends its implementation as a control.
• Manages the maturation of the third-party risk management program through the development of standard operating procedures.
• Key contributor to the design, creation, and maintenance of risk-based metrics.
• Leads projects independently, coordinates efforts with all team members, and ensures proper management communication and project success through completion.
• Subject matter expert (SME) for security needs and ensures best practices are effectively communicated and implemented.
• Extends an exceptional level of customer service and support to all business units.
• Stays updated on changes in cybersecurity regulations and adjusts risk management strategies accordingly.
• Ensures compliance with relevant cybersecurity regulations, standards, and best practices.
• Other duties as assigned.

Supervisory Responsibilities: N/A

Requirements:

Education & Experience:

• Bachelor´s degree in a related field preferred.
  • Or equivalent combination of education and experience.
• Minimum of three (3) years of experience in governance, risk, and compliance and/or information security or audit required.
• Experience with third-party GRC and vendor management platforms preferred.
• Prior experience with, and knowledge of, NIST Special Publications 800-53 and 800-171 preferred.
• Experience in higher education preferred.
• Experience working in a technology-driven enterprise preferred.
• All skills, abilities and education will be considered for minimum qualifications.

Competencies/Technical/Functional Skills:

• Advanced knowledge and understanding of NIST Cybersecurity Framework and NIST SP 800-53 controls.
• Expertise in complex business processes and technological risks.
• Ability to apply critical thinking skills and a high attention to details to identify appropriate resolutions.
• Self-starter that possesses a strong desire to seek optimal solutions and share discovery with colleagues.
• Advanced written and verbal communication skills.
• Ability to participate as an active team member of the Business Unit, Department, and University to work toward a common goal.
• Deep understanding of security technologies including firewalls, proxies, SIEM, IDPs, and antivirus software.
• Advanced understanding of third-party risk management.
• Knowledge of penetration testing, network security, and common techniques to expose and correct security flaws.
• Actively seeks opportunities to influence, build effective relationships and gain alignment with peers, functional partners and/or external partners to accomplish business objectives.
• Accepts personal accountability, proactively seeks resolution for personal limitations head-on; and supports honesty and respect towards others, the company and oneself.
• Develops new insights into situations; questions conventional approaches; encourages new ideas and innovations; designs and implements new or cutting-edge programs and processes.  Ability to generate and/or recognize imaginative or creative solutions that generate successful outcomes.
• Strong interpersonal skills and the ability to effectively communicate with a wide range of individuals of constituencies in a diverse community. Ability to communicate well orally and in writing.  Ability to develop and use empathetic listening skills, communicate with clarity, and maintain an attitude that conveys respect, assistance, honesty, and resourcefulness.

Location: Remote

Travel: No Travel Required

#LI-MK1

Candidate receiving offers will be offered a salary/pay rate commensurate with experience that vary based on a candidate’s qualifications, skills, and competencies.  Absent exceptional circumstances, candidates will be offered a salary within this range for this position. The minimum salary will be offered based on the minimum exemption threshold based on state of residency. Base pay is one component of National University’s total rewards package, as we are dedicated to supporting the needs of the “whole you” with our holistic approach to employee benefits by offering comprehensive well-being benefits for you and your family.  For full details about our benefit plan offerings, please visit benefits.nu.edu. For Part-time benefits, please click here.

Compensation Range:

National University is committed to maintaining a high-quality, diverse workforce representative of the populations we serve. National University employs more than 5,000 faculty and staff and serves over 41,000 students. We are united in our mission to meet the global education demands of the 21st Century and are dedicated to creating a supportive academic and work environment that allows students, faculty and staff to develop their interests and talents while experiencing a sense of community and a commitment to diversity. With programs available both online and at our many campus locations, National University is a leader in creating innovative solutions to education and meeting the needs of our diverse student population, including adult learners and working professionals.

National University offers an opportunity to work in an innovative environment that supports diversity.

National University (NU) is proud to be an equal opportunity employer and does not discriminate against any employee or applicant per applicable federal, state and local laws. At NU, a diverse mix of highly talented, innovative and creative people come together to make the impact of a lifetime for each of our student learners. All qualified applicants will receive equal consideration for employment, education, and admission at National University. We are focused on equality and believe deeply in diversity of race, color, ancestry, age, family care status, veteran status, marital status, creed, religion, sex, gender, sexual orientation, religion, ethnicity, national origin, and other legally protected group status.