Information Security Risk Analyst

Below you will find the details for the position including any supplementary documentation and questions you should review before applying for the opening.

To apply for the position, please click the Apply for this Job link / button.

If you would like to bookmark this position for later review, click on the Bookmark link. If you would like to print a copy of this position for your records, click on the Print Preview link.

Job Category : Staff & Executive - Information Technology

Department : OIT-Info Protection & Security-Z26723

Overview

Rutgers, The State University of New Jersey, stands among the nation’s highest-ranked, most diverse public research universities.

The oldest, largest, and top-ranked public university in the New York / New Jersey metropolitan area, you’ll find us at our main locations in three New Jersey cities, and our footprint can be seen around the region.

As one of the nation’s most diverse universities, Rutgers draws strength from the rich variety of perspectives and life experiences of our community.

We’re an academic, health, and research powerhouse and a university of opportunity.

The Office of Information Technology (OIT) is Rutgers’ enterprise IT office. OIT provides university-wide services and support and collaborates with department and unit IT professionals on projects and initiatives for the Rutgers community.

• OIT’s services and systems include the Rutgers network; email and calendaring systems; IDs / passwords and identity management;
• data centers; computer labs; help desk support; wireless connectivity; a software portal; information security, risk, and compliance services;

research computing; and many others. OIT’s staff members work closely with the broader university community to advance Rutgers’ missions of teaching, research, and service.

For more information, please visit https : / / it.rutgers.edu.

Posting Summary

Rutgers, The State University of New Jersey, is seeking an Information Security Analyst for the Office of Information Technology (OIT).

This position is responsible for facilitating and evaluating internal and 3rd party information security risk assessments.

Key Duties

• Provides risk remediation recommendations to mitigate identified control gaps and drives awareness of available supporting resources and technologies.
• Works closely with stakeholders across campus to ensure that risks are well documented and communicated.
• Maintains a formal risk register that drives security governance and ensures security findings are aligned with business objectives.
• Acts as an SME for end-to-end management of findings for information security assessments for vendors and applications.
• Assists in creating policies and procedures to help reduce risk.
• Performs other tasks as assigned.

Minimum Qualifications

• Bachelor’s degree is required, preferably in Computer Science, Information Systems, or Management Information.
• Minimum of five (5) years of experience performing Information Security assessments with knowledge of HIPAA, GLBA, and PCI DSS regulations and frameworks such as NIST CSF.

Required Knowledge, Skills, and Abilities

• Possess excellent interpersonal, communication, and influencing skills.
• Ability to collaborate effectively across a variety of disciplines and levels inside / outside the organization.
• Ability to effectively analyze, document, and communicate information security concepts to different user bases, including students, faculty, staff, and systems personnel.
• Demonstrates skill in conducting internal or external risk assessments and providing guidance on the implementation, monitoring, and reporting of control processes, documentation, and compliance measures and / or remediation items.
• Ability to communicate complex and technical issues to diverse audiences, orally and in writing, in an easily understood, authoritative and actionable manner.
• Ability to identify and assess the severity and potential impact of risks and to communicate findings effectively to risk owners.

Preferred Qualifications

• Knowledge of common cybersecurity frameworks and standards (e.g., NIST 800-171, ISO 27001 / 27002).
• Experience with Governance, Risk & Compliance and / or Vendor Risk Management platforms.
• Interpersonal skills sufficient to work effectively with both technical and non-technical personnel at various levels in the organization.
• CISSP, CRISC certification.

Physical Demands and Work Environment

Special Conditions

Multiple Vacancies.

Posting Details

Posting Number : 23ST2561

Posting Open Date : 09 / 19 / 2023

Special Instructions to Applicants

Regional Campus : Rutgers University-New Brunswick

Home Location Campus : Rutgers University - New Brunswick

City : New Brunswick, State : NJ

Pre-employment Screenings

All offers of employment are contingent upon successful completion of all pre-employment screenings. Immunization Requirements under Policy 100.

3.1 Immunization Policy for Covered Individuals, if employment will commence during Flu Season, Rutgers University may require certain prospective employees to provide proof that they are vaccinated against Seasonal Influenza for the current Flu Season, unless the University has granted the individual a medical or religious exemption.

Affirmative Action / Equal Employment Opportunity Statement

It is university policy to provide equal employment opportunity to all its employees and applicants for employment regardless of their race, creed, color, national origin, age, ancestry, nationality, marital or domestic partnership or civil union status, sex, pregnancy, gender identity or expression, disability status, liability for military service, protected veteran status, affectional or sexual orientation, atypical cellular or blood trait, genetic information (including the refusal to submit to genetic testing), or any other category protected by law.

Supplemental Questions

Required fields are indicated with an asterisk (*).

• Do you have a bachelor’s degree is required, preferably in Computer Science, Information Systems, Management Information?
• Do you have a minimum of five (5) years of experience performing Information Security assessments with knowledge of HIPAA, GLBA and PCI DSS regulations and frameworks such as NIST CSF?

Required Documents

• Resume / CV
• Cover Letter / Letter of Application
• List of Professional References (contact Info)

Optional Documents

Writing Sample 1

J-18808-Ljbffr