Information Security Analyst I
Role details
Job location
Tech stack
Job description
Iowa State University (ISU) and its Information Technology Services (ITS) Security team is currently accepting applications for an Information Security Analyst I position. ITS Security helps safeguard the information and technology used by the Cyclone community. As part of this work, ITS Security helps ensure controlled datasets are both secure and compliant with relevant security standards.
Your work will support efforts to secure payment card activity, research with sensitive datasets, and university business and financial records. Your role will be primarily consultative. You'll provide guidance to the campus community on how best to align processes with external and internal security standards. You will serve as a technical liaison to assess, track, and remediate technical control deficiencies.
To be successful in this role, you should have strong oral communication, business writing, and presentation skills. You'll be working with many different stakeholder groups, so your ability to guide and influence them is another important skill. Each environment at the university is unique, so you should be good at learning business processes and evaluating the unique risks for each one.
Some key responsibilities include:
-
Meet with campus units to understand the people, process, and technology involved in work identified as in-scope for compliance with an external or internal security standard.
-
Evaluate the security controls around systems against relevant security standards.
-
Identify compliance gaps and general security risks.
-
Help design cost-beneficial technical and administrative remedial actions if necessary.
-
Communicate the associated security risks, compliance requirements, and necessary remedial steps to key personnel at campus units.
-
Liaise with campus unit administrators and other IT professionals to implement remedial actions.
-
Answer ad hoc questions from the campus community about security compliance.
-
Document work using tools such as Service Now and Atlassian JIRA.
-
Review and understand the impact of security language in contractual agreements with external partners.
-
Work with researchers and IT professionals to design, document, and implement System Security Plans aligned to standards such as NIST SP 800-171 for research with regulated datasets.
- Candidates must be U.S. citizenship or permanent resident status legally authorized to work in the U.S. on an ongoing basis without sponsorship. Immigration sponsorship is not available for this position.
Level Guidelines* Individual contributor position with developing professional and/or technical skills working under immediate to general supervision* Grasps professional-level knowledge and concepts of field while working in a progressive learning mode* Works on problems and issues of somewhat limited scope* Follows standard practices and procedures in analyzing situations or data for which answers are available or can be obtained* Responds to inquiries and issues, escalating to manager or higher level workers as appropriate* May lead projects of limited scope and complexity
Requirements
Required Minimum Qualifications:Bachelor's degree
Preferred Qualifications:Bachelor's degree in Information Technology, Information Systems, Management Information Systems or a related field
Internship, part-time, or early-career experience in technology audit, risk, or compliance working in an advisory role or within an audit/consulting environment
Direct experience with the PCI DSS and/or NIST SP 800-171
Experience working in Higher Education or other large public sector organizations
