University of Florida is hiring: Cybersecurity Risk Analyst IV in Gainesville

Overview

IT Risk Analyst IV at UF Information Technology (UFIT) is a professional level Cybersecurity Risk Analyst within the Information Security Office. The role supports the university’s success through service and operational excellence, focusing on conducting information security risk assessments, providing guidance for secure implementation of technology and processes, and developing risk assessment methodologies to protect the confidentiality, integrity, and availability of UF data and information systems in compliance with applicable laws, regulations, policies, and standards. The incumbent serves as a subject matter expert in information security and provides advice, documentation, training, and mentoring to junior staff.

Responsibilities

• Execute the UF Information risk assessment process, including:
• Conduct risk assessments for internal information systems using established procedures and baselines
• Conduct risk assessments on third-party products and services
• Develop remediation plans and recommendations for IT staff to address identified risks
• Prepare executive-level residual risk reports to prompt risk disposition decisions
• Guide units in creating security plans for all systems
• Establish and maintain a non-technical monitoring program with measures of compliance and effectiveness for administrative processes and technical controls related to information security

• Consult on security systems, tools, and procedures to meet defined security requirements and goals:
• Assist units in selecting technology that fits UF’s environment and supports information security goals
• Provide expert security guidance to help units improve security posture and reduce risk
• Guide units in developing processes and procedures to implement UF information security policies and standards
• Produce and publish documentation and guidance for units on complying with information security policies and standards

• Contribute to the development of the UF information security risk management program:
• Evaluate and provide recommendations regarding legal, regulatory, and contractual information security compliance requirements
• Serve as subject matter expert on security control frameworks and establish/update control baselines at UF
• Optimize procedures used to conduct information security risk assessments
• Contribute to the creation and modification of university information security policies and standards
• Collaborate on changes to the university’s Governance, Risk, and Compliance (GRC) platform used to conduct risk assessments

Train and mentor junior risk analysts, interns, and distributed university IT staff on the risk assessment process. Contribute content and collateral material to information security training and awareness programs.

About UF Information Technology

UFIT is led by Vice President and CIO Elias Eldayrie. The eight departments comprise UFIT, including the Information Security Office, and UFIT enables teaching, learning, research, and service on campus and across the region with enterprise IT systems, including SEC and SUS universities, and HiPerGator.

About the University of Florida

UF is a leading research university located in Gainesville, Florida. For more information about UF, prepare to visit the university’s official pages.

Benefits

UF provides various leave programs based on salary plan, including vacation, sick leave, holidays, personal leave days, and paid family leave. The university offers a competitive benefits package.

Salary and Qualifications

Expected Salary: $121,205-$133,205; commensurate with education and experience.

Required Qualifications: Bachelor’s degree in an appropriate area and four years of relevant experience; or a high school diploma or equivalent and eight years of relevant experience. Appropriate college coursework may substitute at an equivalent rate for the required experience, but does not negate the minimum degree requirements.

Preferred Education, Experience, and Skills

Education & Training – Bachelors or Masters in Computer Science, Cybersecurity, or related field. GIAC Security Essentials (GSEC) or equivalent (preferred), CISA or equivalent (preferred), CISSP or equivalent (preferred).

Experience – Minimum of 10 years of combined IT and security experience with broad exposure to data, networks, systems, and web applications; experience conducting cybersecurity risk assessments in large organizations.

Skills – Excellent written, verbal, and interpersonal communication; strong organizational skills; attention to detail; customer service orientation; and ability to manage multiple projects with minimal supervision.

Knowledge – Security standards and applicable laws/regulations (NIST, HIPAA, HITECH, PCI, FERPA, Florida statutes); security issues across platforms; familiarity with client/server, networks, web technologies, and IT auditing/risk management.

Abilities – Ability to work collaboratively, build relationships, think critically and creatively, maintain integrity, and apply best practices.

Special Instructions to Applicants

Work visa sponsorship is not available for this position. A criminal background screening is required. Applicants must submit a cover letter, resume or CV, and professional references (minimum of 3). The application must be submitted by 11:55 p.m. ET on the posting end date. This requisition has been reposted; previous applicants are still under consideration and need not reapply.

Health Assessment Required: No