Unit Information Security Analyst

Key Responsibilities:

The UCI Division of Finance and Administration (DFA) needs help with the the implementation of its information security management program. This role will work closely with the Unit Information Security Architect. This role involves understanding the Unit's information security strategy and significantly contributing to the development, maintenance, and implementation of a comprehensive UC System-Wide information security program (IS-3) and the UCI Information Security Standard (ISS) to protect information systems. The successful candidate will manage substantial work within the overall security program, demonstrating project management skills, gathering business requirements, creating supporting plans, and coordinating all aspects of their work for on-time delivery or escalating issues to management as needed.
1. Maintaining Inventory of Information Systems: Keep an updated inventory of all unit information systems.
2. Conducting Risk Assessments: Perform risk assessments of information systems on a priority basis according to existing controls in the unit information security policy.
3. Developing Risk Mitigation Strategies: Maintain a risk log from the security risk assessments. Develop and implement risk mitigation strategies and actions on a priority basis.
4. Coordinating with Stakeholders: Plan and monitor interactions with a broad group of stakeholders for conducting risk assessments and implementing mitigation actions. Provide regular status reports on program progress and follow up with related issues and impediments.
5. Project Management: Demonstrate critical project management skills. Gather business requirements, create supporting plans, and coordinate all aspects of work for on-time delivery. Escalate issues to management as needed.
6. Implementing Information Security Policies: Implement UCI Information security policies and ensure adherence to them.
7. Applying Advanced IT Security Concepts: Apply advanced IT security concepts, governmental regulations, and organizational policies to handle complex IT security issues.
8. Incident Response and Analysis: Respond to and appropriately escalate complex IT security incidents. Collect, examine, analyze, and report to management on the causes, effects, and implications of security incidents.
9. Ensuring Compliance with Regulations and Policies: Ensure compliance with industry practices, governmental regulations, and campus/medical center/Office of the President policies and procedures.
10. Monitoring and Ensuring Progress in Complex Environments: Organize and manage tasks effectively. Monitor and ensure progress in complex environments, demonstrating competency in recommending methods and techniques to obtain results.

Experience Skillset Required:
Bo flexibility: • 5+ years of IT security or information security experience with a proven ability to engage with Senior Management and regulators • 2+ years of experience in administering IT security controls in an organization • 2+ years of experience with security incident response in a SOC or Security Operations role.
Must have:
2+ years of experience with networking security technologies to include but not limited Experience in defining Information Security strategies and integrating security technologies into corporate frameworks Preferred experience:
• Knowledge of technical infrastructure, networks, databases and systems in relation to IT Security and IT Risk
• Experience with implementing and/or supporting the processes for the following security technologies are preferred:
• Logging and monitoring: SIEM and Cloud Access Security Broker (CASB)
• Endpoint security: EDR, AntiVirus, DLP and host compliance
• Network security: NDR, IPS/IDS, traditional 5 tuple firewalls, next-gen firewalls, cloud security group, User Behavioral Analysts (UBA)
• Data Protection: encryption/decryption, HSM, KMS, DLP
• Azure/AWS cloud services and infrastructure
• IS-3