Job No. 152602
- Job Title:
- Data Security and PCI Risk Analyst Senior
- Employer:
-
University of Michigan-Ann Arbor
- Location:
-
Ann Arbor , MI
- Posting Date:
- 28-Mar-2024
- Description:
-
Job Summary:
Information and Technology Services (ITS) at the University of Michigan has an exciting opportunity for a Data Security Analyst Senior working with the Information Assurance (IA) team. This position will report to the Information Systems Security Assistant Director responsible for managing information assurance operations including, Payment Card Industry (PCI) support, risk and compliance management, vulnerability management, OS hardening, and network security. Individuals in this position are assigned to tasks of broad scope that require an expert understanding of security technologies and security and compliance frameworks. They will work independently in complex situations, and will be expected to coordinate the efforts of others.
This position will require a highly qualified individual who can proactively anticipate and work to resolve problems; as well as someone that is detail oriented and a strong critical thinker.
Flexible work arrangements are available and the position is hybrid, based in Ann Arbor, MI, requiring some days on site due to the collaborative nature of the team. Details can be worked out with the hiring manager. May require some after-hours/on-call support based on business needs. Will require travel to various locations on and off University campus.
Underfill Statement:
UM-ITS welcomes a healthy applicant pool so we encourage all interested applicants to apply. This position may be underfilled at a lower classification depending on the qualifications of the selected candidate.
Who we are:
Information and Technology Services (ITS) supports U-M faculty, researchers, staff, and students in their use of technology to teach, learn, research, and work, and be leaders in their fields. We are dedicated to creating cohesive digital experiences and promoting university wide innovations. ITS's mission is to be trusted enablers of technology for the U-M community. ITS works together to provide cohesive digital experiences and seamless support to the U-M community. For more information about ITS, visit: https://its.umich.edu/about
Responsibilities:
Participate in the design, development and evolution of the university's approach to risk and compliance management.
Serve as the internal security assessor (ISA) for U-M, leading internal reviews of payment card processing systems to ensure compliance with PCI DSS requirements.
Support university compliance efforts by serving as a technical subject matter expert on related information assurance areas.
Participate in the analysis and design of the university's security architecture.
Provide training, guidance, and assistance to university security staff to successfully accomplish objectives. Serve as a technical resource in support of ensuring the safety of information systems assets and protecting systems from intentional or inadvertent access or destruction.
Participate in the evaluation of proposed systems, applications, and network design to determine security and compliance implications. Assess risks to university systems and identify countermeasures, plan and implement mitigating technologies and processes.
Make recommendations and participate in the development of information assurance policies, standards, and procedures. Propose, author, maintain, and enhance information security guidelines. Monitor compliance with information security policies and procedures, referring problems to the appropriate department manager.
Collaborate with and support other areas of the Information Assurance team including Identity and Access Management, Risk Management, Vulnerability Management, Data Loss Prevention, System and Applications Hardening, Security Consulting, Network Monitoring and Protection, and Compliance
Develop skills by actively participating in growth opportunities for continuous development and improvement and applying new skills/knowledge.
Provide training and mentoring to less experienced staff, resulting in staff and teams using and implementing the latest policies, procedures, and best practices to accomplish tasks.
Required Qualifications:
Bachelor degree in computer science or a related field and/or equivalent combination of education, certification and experience.
Minimum of four years demonstrated experience in information systems security.
Experience with technical aspects of regulatory and compliance requirements such as HIPAA, PCI, CUI, FISMA, CMMC compliance.
Demonstrated understanding of security related technologies and practices
Experience with technical aspects of regulatory and compliance requirements such as HIPAA, CUI, and SOX.
Demonstrated knowledge of TCP/IP networking.
Demonstrated understanding of attack methodologies and vectors.
System administration background with Microsoft or UNIX environments including experience securing operating systems.
Ability to contribute and collaborate effectively as a lead member of a highly-functioning and productive team.
A strong commitment to collaboration, teamwork, and continual improvement
Excellent organizational, analytical, and independent problem solving skills.
Ability to communicate effectively, both verbally and in writing.
Demonstrated success giving presentations.
Respects diversity; demonstrates respect for the opinion of others; values each person's contribution to the team.
Demonstrated ability to establish and maintain effective relationships with internal and external customers in a manner that consistently meets the organization's expectations for exemplary customer service.
Demonstrated behavior aligned with the values and ethics of the organization and profession.
Demonstrated ability to provide necessary attention to solve different level problems, often multitasking to solve moderate level problems.
Desired Qualifications:
Minimum of 7 years experience in information systems security and compliance.
Experience with PCI DSS compliance.
Current PCI ISA certification or the ability to obtain it within a specified timeframe after hire.
Extensive experience assessing security and compliance risks to information systems and defining appropriate mitigation strategies.
Familiarity with industry standard security and compliance control frameworks.
CISSP, GIAC, or other equivalent information security certification.
- Contact information:
- University of Michigan-Ann Arbor
- Ann Arbor, MI 48109
- United States
- Employer's Website:
-
Visit Employer's website