Working under moderate supervision, the Information Assurance Analyst works with the Information Security Team to protect the confidentiality and integrity of customer, employee, and business information in compliance with organization policies and standards. Activities will include performing daily security operational tasks including but not limited to security monitoring, administering user accounts, responding to help desk tickets, and delivery of basic security awareness training to individuals and small groups.
Operate security tools and services to detect, protect, and defend the IT enterprise. (35%)
Analyze findings from security monitoring systems to recognize and respond to potential security violations and incidents. Report incidents, and take immediate action to mitigate adverse impacts. Acts with discretion when in support of investigations. (15%)
Provide Tier 2 customer support from Help Desk calls for security related matters. (15%)
Assist the security team in the continuous review, evaluation, and rollout of security tools and security administration tools. (7%)
Serve as an incident response team member. Respond to security incidents and events. Investigate and resolve incidents, executes action plans, communicates with end-users or other impacted parties. (6%)
Assess user desktop configurations for security risks, assist end-user groups with security practice implementation. (6%)
Perform identity-based security functions supporting the user identity lifecycle including creation, removal, and update of user account information. (6%)
Consult with departments on security setup, products, services, and/or procedures to mitigate security risk. (2%)
Participate in campus-wide information security awareness events and programs to ensure alignment of policy and practice of security among stakeholders. (3%)
Assist in performing physical access controls audits of IT infrastructure facilities. (2%)
Serve as a resource person in assessing systems, processes, and projects against compliance requirements, control objectives, and security best practices; interacts with internal and external technical staff and consults with project teams at various stages of project cycles. (2%)
Perform other duties as assigned. (1%)
Department: Regular contact with supervisor to review goals, achievements and overall performance. Daily contact with managers and staff to address issues and opportunities collaboratively and to resolve any outstanding issues or challenges. Frequent contact with all other UTech staff to facilitate and promote joint action and cooperation to achieve results.
University: Daily contact with faculty, staff, undergraduate, graduate and professional students to effectively understand and define internal customer requirements as they relate to assigned duties.
External: Regular contact with vendor partners to manage the execution of tasks, coordinate efforts and learn about new capabilities. Occasional contact with peer institutions regarding best practices.
Students: Daily contact to effectively understand and define internal customer requirements as they relate to assigned duties. Regular contact with UTech student employees to maintain workflow.
Education/Experience: Associate’s degree with 2 years progressive experience in a dedicated information security function or responsibility. Exposure to Information Technology concepts such as applications, security systems design, implementation and administration required. – OR – Bachelor’s degree in an IT related field, with no experience required (prefer experience in an IT-focused field or industry).
Certification: The position requires the attainment and maintenance of Information Assurance certification appropriate to the position within 2 years of hire, if not currently certified (SANS GIAC, CISSP, Security+, or equivalent).
Core knowledge and understanding of security concepts including malware, intrusion detection, risk analysis, and threat/vulnerability management.
Basic knowledge of information security risk assessment and management processes and standards.
Demonstrated working knowledge in at least three of the following infrastructure security concepts: Incident response practices; Data encryption technologies and standards (email, transit, file, etc.); Data loss protection systems and tools; Endpoint security software and management; Firewalls and firewall techniques; Vulnerability management; Computer forensics practices; Virtual private networking.
Basic knowledge of IT security concepts (disaster recovery, etc.).
Experience with commercial or open source security tools (preferred)
Basic knowledge of security processes and procedures relating to security compliance or controls management frameworks (preferred).
Basic knowledge of networking and system administration in at least one major desktop OS (UNIX, Windows, MacOs).
Advanced security configuration knowledge and skills of the OS is preferred.
Relevant technology-based certification, such as CISCO CCNA or CCNP, Microsoft, Apple, RedHat (preferred).
Consistently models high standards of honesty, integrity, discretion, trust, openness and respect for the individual. Embraces diversity. (Ethic/Integrity Skills)
Ability to work in a team concert, being able to play the roles of team leader and team player as required. Ability to actively listen, responsive to verbal and non-verbal clues. (Listening Skills)
Ability to develop in-depth understanding of client needs in order to be more helpful. The ability to consider how different audiences are likely to respond and choose the best method of communicating the message to each audience. (Customer Focus Skill)
Ability to recognize the importance of certain tasks and responsibilities and the ability to prioritize to ensure that deadlines are met. (Dependability & Reliability Skill)
Ability to look at situations from multiple perspectives, break problems into component parts, and look for underlying causes and think through the consequences of different courses of action (Analytical Skills).
Ability to optimize the use of time and resources to achieve the desired results; effectively plans and organizes work to minimize crises; prioritized appropriately. (Planning and Organization Skills)
Ability to be flexible in order to meet the constant changing scope and needs of the department, division and customers being served.
Demonstrated superior interpersonal skills, conflict resolution and negotiation skills.
Demonstrated familiarity with project management approaches, tools and phases of the project lifecycle (preferred).
19. Prefer familiarity with current office applications (Microsoft, Apple, Google, etc.).
Professional office setting. The position is required to be available to respond to emergency security issues and incidents on a 24/7/365 basis. On-call status and some off-hours work effort required. The employee will be required are to carry a cell phone, during and after their normal work hours, including weekends to attend to after-hours emergencies. There may be occasional pressure from demanding customers. Due to time constraints, many functions must be completed on set deadlines. Travel between various locations on campus may be required. The position requires typing on a computer keyboard and using a computer mouse and a printer. Office attire includes business casual dress.
In employment, as in education, Case Western Reserve University is committed to Equal Opportunity and Diversity. Women, veterans, members of underrepresented minority groups, and individuals with disabilities are encouraged to apply.
Case Western Reserve University provides reasonable accommodations to applicants with disabilities. Applicants requiring a reasonable accommodation for any part of the application and hiring process should contact the Office of Inclusion, Diversity and Equal Opportunity at 216-368-8877 to request a reasonable accommodation. Determinations as to granting reasonable accommodations for any applicant will be made on a case-by-case basis.