Data Security Analyst Sr
University of Utah
Salt Lake City, UT
Job posting number: #7293800
Posted: November 14, 2024
Application Deadline: Open Until Filled
Job Description
Job SummaryLead the information security team for the Center for High Performance Computing at the University of Utah, focusing on compliance and documentation. Analyze existing processes to reveal shortcomings and develop plans to address them.
Ensure that CHPC operates in compliance with U of U policy and applicable laws and regulations. Supported research includes projects using data governed by one or more of the following frameworks: HIPAA, NIST 800-171, CMMC, ITAR, and FISMA Moderate.
The applicant will develop and maintain plans and documentation, including system security plans (SSPs) and plans of actions and milestones (POAMs); work with CHPC teams to analyze and mitigate risk and improve security posture; advise department policies and procedures; and engage with other campus security and compliance teams. CHPC resources include HPC clusters, virtual machines, large-scale storage, and other systems.
** It is anticipated that this position will involve access to federally funded research that is subject to federal sponsorship regulatory restrictions (e.g. certain export control, data security, acquisition regulations, or federal contract clauses) that mandate U.S. citizen participation only.
Responsibilities
· Develop and maintain plans and documentation for compliance with various regulatory frameworks, including system security plans and plans of actions and milestones.
· Ensure required reviews and audits take place as scheduled and are documented in a timely fashion.
· Work closely with CHPC teams ensure deployments are compliant with documented plans and legal, regulatory, or contractual requirements.
· Analyze and mitigate risk, improve security posture, and advise departmental policies and procedures.
· Work with the University of Utah Institutional Security Office (ISO) and other campus organizations to leverage tools, techniques, and resources as appropriate.
· Attend departmental and institutional meetings and security conferences and participate, contribute and/or present as appropriate, network with peer institutes, and form collaborative relationships.
This job description is not designed to contain or be interpreted as a comprehensive inventory of all duties, responsibilities and qualifications required of employees assigned to the job.
Work Environment and Level of Frequency typically required
Nearly Continuously: Office environment.
Physical Requirements and Level of Frequency that may be required
Nearly Continuously: Sitting, hearing, listening, talking.
Often: Repetitive hand motion (such as typing), walking.
Seldom: Bending, reaching overhead.
Minimum Qualifications
Requires a bachelor’s degree in area of specialty, or equivalency (one year of education can be substituted for two years of related work experience); and 2-4 years of experience in the field or in a related area.
Applicants must demonstrate the potential ability to perform the essential functions of the job as outlined in the position description.
Department Specific Requirements
· Demonstrated group lead experience
· Experience in developing and maintaining compliance plans and documentation (e.g. SSPs and POAMs) for a primarily Unix/Linux environment
· Ability to develop recommendations to meet compliance needs
· Excellent organization, communication, and documentation skills
· Ability to work proactively under minimal supervision in a flexible work environment
· A commitment to provide excellent customer service
· Ability to work in a team environment
· Ability to maintain a culture of openness, trust, and transparency while ensuring a safe, secure, and protected environment for our customers
Preferences
· Experience with cybersecurity auditing strongly preferred
· Experience with IT security tools, including anti-virus/anti-malware, EDR (Endpoint Detection and Response), Data Loss Prevention (DLP), or Next Gen Firewall systems
· System administration background, especially Linux/Unix
· Experience working with contracts or grants, especially in an academic environment