Department:

Location:

Belknap Campus

Time Type:

Full time

Worker Type:

Regular

Job Req ID:

R105628

Minimum Requirements:

Bachelor's degree in Computer Science or a related field and eight (8) years of relevant experience or an equivalent combination of education and experience. (9E Salaried)

Position Description:

The research computing-focused Information Security Analyst, in collaboration with the CISO, ISO, University Legal, and the EVPRI’s office, will play a pivotal role in ensuring the security and compliance of the University’s research computing environments. This position will be responsible for planning and implementing a comprehensive research information security program at the University of Louisville by developing, documenting, and maintaining security measures that meet internal and external regulatory requirements and protect sensitive research data. The ideal candidate will have a strong background in information security, a thorough understanding of regulatory frameworks, and experience in a research computing environment.

ESSENTIAL DUTIES AND RESPONSIBILITIES

• Ensure that research computing environments comply with all relevant regulatory requirements, including but not limited to HIPAA, FERPA, FISMA, CUI, CMMC, DFARS, ITAR.

• Develop and maintain documentation related to compliance policies, procedures, standards, baselines, and guidelines. Ensure that all policies and procedures align with both internal and external security standards and regulatory requirements. Understand and communicate information security legislation, contractual obligations, regulations and university policies, standards and procedures. Offer insight, participate in and lead projects, task forces or work with constituents to assess or develop relevant policies, standards and procedures.

• Regularly review and update policies and procedures to adapt to new regulations and emerging threats.

• Plan and conduct regular audits and compliance assessments to identify compliance gaps and develop plans for corrective actions.

• In collaboration with ITS Research Computing and the EVPRI’s office, determine information security requirements for research computing projects and assess the feasibility of implementing them.

• Develop and maintain security policies, procedures, and system security plans for research computing systems in collaboration with the ITS Research Computing, Infrastructure and Security teams.

• Conduct risk and technical assessments to identify potential security threats and vulnerabilities within research computing environments.

• Monitor and analyze security incidents and develop response plans to address them effectively.

• Develop and deliver training programs to educate researchers and staff about information security best practices and regulatory requirements.

• Promote a culture of security awareness within the research community.

• Stay current with the latest security trends, technologies, and regulatory changes. Develop comprehensive plans to ensure ITS has the capability to implement future requirements.

• Serve as project manager/lead on research computing security projects.

PREFERRED QUALIFICATIONS

• Bachelor’s Degree in Cyber or Information Security, Information Systems, Management, Business or related discipline.

• Related work experience with an emphasis in information security, compliance, governance or related area.

• Excellent oral, written, and interpersonal communications skills, with the ability to collaborate effectively with diverse stakeholders.

• Knowledge of security frameworks and federal, state or industry security regulations.

• Experience with risk management, security plan development, and incident response.

• Experience with risk management, security plan development, and incident response.

• Proficiency in using security tools and technologies.

• Experience in conducting security audits and assessments.

• Knowledge of technical infrastructure, networks, databases and systems in relation to IT Security and IT Risk.

• Professional certifications such as CISSP, CISM, CISA, or CRISC are highly desirable.

• Experience with an information security framework, e.g., NIST’s CSF applied to a research computing environment, is highly desirable.

• HIPAA, GLBA, FERPA, FISMA, CUI, CMMC, DFARS, PCI-DSS, and/or ITAR compliance experience.

• Experience with cloud security.

Target Compensation Maximum:

$110,400.00

Target Compensation Minimum:

$73,600.00

Compensation will be commensurate to candidate experience.

Equal Employment Opportunity

The University of Louisville is an equal opportunity, affirmative action employer, and is committed to providing employment opportunities to all qualified applicants without regard torace, sex, age, color, national origin, ethnicity, creed, religion, disability, genetic information, sexual orientation, gender, gender identity and expression, marital status, pregnancy, or veteran status. If you are unable to use our online application process due to an impairment or disability, please contact the Employment team atemployment@louisville.eduor 502.852.6258.

Assistance and Accommodations

Computers are available for application submission at the Human Resources Department located at 215 Central Avenue, Ste 205 - Louisville, Kentucky 40208.

If you require assistance or accommodation with our online application process, please contact us by email atemployment@louisville.eduor by phone 502-852-6258.