Primary Purpose:
The Information Security Analyst II provides support for the operational and consultative functions of the University of the Pacific Information Security Office in collaboration with the Office of Information Technology and stakeholders across the University. The Information Security Analyst II designs, implements, manages, and monitors technical, administrative, and physical controls used to protect the confidentiality, integrity, and availability of the University's information assets.
Essential Functions:
Design/configure/operate/audit various information security controls such as antivirus/antimalware, firewall, identity management, etc. to meet regulatory and University requirements.
Analyze findings from security monitoring systems, such as Data Loss Prevention, Firewall, and Security Information Event Management consoles, to identify and respond to security incidents.
Conduct vulnerability scans and penetration tests to identify security risks and report findings to system owners and advise on remediation as needed.
Lead or participate in security incident response by conducting forensic investigations, isolating malware, identifying attack vectors, and providing guidance on containment and remediation.
Participate in the organizations disaster recovery and business continuity planning, testing, and execution.
Respond to service requests received from end users or other teams (e.g. for investigation of security events, reviewing change requests on systems impacting security, or addressing user access requests).
Develop and deliver training on information security policies, standards, procedures, and best practices for faculty, staff, students, and others.
Participate in campus-wide information security events and programs to ensure alignment and knowledge sharing between departments.
Collaborate with system, application, and data owners/custodians to conduct threat modeling exercises, risk assessments, and workshops to analyze business, legal, and regulatory requirements.
Use output from risk assessments and requirements analysis to assist system, application, and data owners/custodians with selecting security controls and documenting security plans.
Review existing security plans with system, application, and data owners/custodians to ensure that controls are properly implemented, and proactively identify gaps and recommend corrections.
Assist system, application, and data owners/custodians with selecting and documenting controls to address security-related audit findings.
Provide reports and presentations on the status of security controls to management and technical staff.
247 on-call support rotation may be required.
Performs other related duties.
University of the Pacific recognizes that diversity, equity, and inclusion is foundational to the success of our valued students and employees. We prioritize policy and decision-making that demonstrates awareness of, and responsiveness to, the ways socio-cultural forces related to race, gender, ability, sexuality, socio-economic status, etc. impede or propel students, faculty, and staff.
Minimum Qualifications:
Associates Degree in computer science, technology, or related field.
Five (5) years of increasingly responsible experience in IT and/or information security in higher education or enterprise environment.
One (1) security industry certification (e.g. CISSP, CISA, CEH, GCIH).
Preferred Qualifications:
Bachelors Degree in Computer Science or related field preferred.
Two (2) technical information security industry certifications in incident handling or forensics (e.g. CEH, CGIH, GCFA, or equivalent). Additional technical or management certifications are preferred (e.g. MSCS, CCNP, CCIE, PMP, or equivalent).
Skills/Knowledge and Expertise:
Deep knowledge of networking and endpoint configuration standards and best practices.
Ability to perform/lead forensic analysis of computers and/or networks.
Ability to act as a subject matter expert in one or more areas of information security.
Demonstrated troubleshooting and problem-solving skills.
Ability to analyze data using spreadsheets, databases, scripts, etc.
Ability to work in a team environment and take direction and guidance.
Ability to research and learn outside of formal training.
Time management, organizational skills, and ability to complete tasks as assigned.
Experience and sensitivity in working with people of diverse backgrounds and cultures.
Demonstrated experience in advancing social justice, equity, and inclusion in a university setting.
Ability to engage and integrate culturally responsive practices and knowledge in their work.
Physical Requirements:
The physical demands described here are representative but not definitive of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
Duties require extended periods of sitting and repetitive hand and wrist motion while using computer keyboard and phone. Occasional walking, standing, and simple grasping. Infrequent climbing stairs, walking across campus, stooping, and reaching. Constant communication using both spoken and written means. May be required to lift up to 25 lbs.
Work Environment/Work Week/Travel:
Primarily office setting, AV closets, and /or data center with exposure to noise and cooler temperatures. Work performed during standard business hours, occasional overtime, and hours worked outside of normal schedule may be required to meet business deadlines. Travel may be required to other campuses, meetings, or training.
Hiring Range: Commensurate with experience, non-exempt
Background Check Statement:
All applicants who receive a conditional offer of employment are required to execute a release and authorization for a background screening.
To apply, visit https://pacific.peopleadmin.com/postings/23782
University of the Pacific is an affirmative action and equal opportunity employer dedicated to workforce diversity. In compliance with applicable law and its own policy, Pacific is committed to recruiting and retaining a diverse faculty and staff and does not discriminate in its hiring of faculty and staff, or in the provision of its employment benefits to its faculty and staff on the basis of race, color, religion, national origin, ancestry, age, genetic information, sex/gender, marital status, military and veteran status, sexual orientation, medical condition, pregnancy, gender identity, gender expression, or mental or physical disability.
jeid-78d9328e543e1641868e7b641c4df31f