Information Security Analyst - Risk & Compliance

Job Summary

Under the general supervision of the Information Security Officer, the Information Security Analyst is responsible for ensuring the success of CSULB’s governance, risk, and compliance (GRC) program, and ensures that security policies, standards, procedures, and practices align with University goals and compliance requirements. This position provides functional GRC reporting, oversight, user support, and serve as a backup team member for technical security operations. Additionally, this position also conduct third party vendor risk assessments (PCR), and assists with security awareness content development.

Key Responsibilities

• Information Security Risk Management. Develop, implement, track, and maintain a campus-wide risk management framework that encompasses annual risk assessment life cycles for internal and external entities, risk register, risk controls, responses and exceptions, and preventative measures; perform and monitor third party vendor (PCR) risk review; baseline maturity gap analysis such as asset inventory, sensitive data inventory and protection, privilege user access review, HEISC, and more.
• Security Audit and Compliance. Develop, implement, and track campus-wide compliance efforts to ensure Information Security requirements are met in accordance with established CSU and University security policies, standards, procedures, and regulatory mandates. Document security non-compliance, assist with audit readiness activities, perform internal audit risk assessments, and report non-compliance issues.
• Security Governance and Awareness Training. Assists with development, implementation, maintenance, and awareness of university Information Security policies, standards, procedures, and practices to ensure alignment with industry standards such as ISO2700x, NIST, CIS control sets, and other regulatory mandates. Also assists with security incident response management and the development of security awareness training and delivery.
• Technical security operations support. Serve as a backup Security Analyst and assist the Security Administrator as needed.
• Security Risks and Metrics Reporting. Develop a security metrics model to automate reporting.

Knowledge Skills and Abilities

Effective written and oral communication and presentation skills. Demonstrated competence in independently applying technical judgment to standard and non-standard technology, to solve a wide range of problems with pragmatic solutions. Demonstrated strong analytical, diagnostic, critical thinking, troubleshooting, and project management skills. Demonstrated exemplary professional code of ethics to preserve confidentiality and privacy of sensitive information and maintain discipline to the highest standards of ethical and professional conduct.

Demonstrated ability to effectively identify, prioritize, and manage multiple projects in an organized and coordinated manner. Superb ability to interpret, synthesize, and represent data in technical graphical forms for non-technical staff. Works independently and as part of a team to facilitate group discussions and achieve agreed upon outcomes. Proficient understanding and application of IT risk management frameworks and processes, security audit and compliance requirements, regulations, and standards such as FERPA, HIPAA, GLBA, PCI DSS, Red Flags, frameworks such as ISO2700x security domains and controls, technical security operations of access control, network security, Information Security architecture, data protection, endpoint security, threat and vulnerability management, patch management, incident response, etc. Service and customer-oriented mindset to engage, promote, and educate all campus staff, faculty, and students.

Ability to communicate with an ethnically and culturally diverse campus community. Ability to follow all university policies, procedures, and guidelines including but not limited to safety, civility, Information Security, and non-discrimination policies and procedures. Ability to contribute to a positive university experience for each and every student, and assist in achieving the university's commitment to a "vision of excellence."

Education and Experience

• Equivalent to a bachelor’s degree in computer information systems, Management Information Systems, Computer Science, Communications, IS educational technology, or job-related field or similar certified coursework in applicable fields of study required and two years of related experience required.

• Minimum of 5 years full-time job-related experience demonstrating proficiency in performing most or all the duties defined for the position preferred.

• Security related certification such as CISSP, CRISC, CISA, CISM, HITRUST, etc. preferred.

Physical Summary

• Light work - Job involves some lifting of medium weight objects (10-20 pounds) and/or 10% - 20% of the job involves standing or walking.

Department

Information Technology Services

Classification

Network Analyst - Career

Compensation

Salary placement is determined by the education, experience, and qualifications the candidate brings to the position, internal equity, and the hiring department’s fiscal resources.

CSU Classification Salary Range: The CSU Classification Salary Range for this position is $4,912 - $12,124 per month.

Benefits

Excellent benefits through CalPERS (health, vision, dental), tuition fee waiver, generous vacation and sick leave, and 14 paid holidays each year.

Time Base

1.0 time-base, 40 hours per week.

Duration of Appointment

This is a regular position.

Application Procedures

Click to complete the CSULB Online Employment Application.

PLEASE FILL OUT THE APPLICATION COMPLETELY. It is important that all sections of the on-line application are filled out completely and accurately. Please include all relevant education and experience. Your application will be used to determine whether you meet the minimum qualifications for this position.

Additional Information

The person holding this position is considered a 'mandated reporter' under the California Child Abuse and Neglect Reporting Act and is required to comply with the requirements set forth in CSU Executive Order 1083 Revised July 21, 2017 as a condition of employment.

A background check (including a criminal records check) must be completed satisfactorily and is required for employment. CSU will make a conditional offer of employment, which may be rescinded if the background check reveals disqualifying information, and/or it is discovered that the candidate knowingly withheld or falsified information. Failure to satisfactorily complete the background check may affect the continued employment of a current CSU employee who was conditionally offered the position.

Due to the nature of this position, current CSULB employees are subject to a criminal record check unless they have successfully completed a criminal background check through CSULB within the past 12 months.

CSULB is not a sponsoring agency for staff and management positions (i.e. H-1B Visas).

California State University Long Beach expects respectful, professional behavior from its employees in all situations. Acts of harassment or abusive conduct are prohibited. Demonstrated appropriate professional behavior, treating others with civility and respect, and refusing to tolerate abusive conduct is expected of all employees.

Equal Employment Statement

California State University Long Beach is an Affirmative Action/Equal Opportunity Employer that is strongly committed to promoting diversity in all areas of the campus community. We consider qualified applicants for employment without regard to age, physical or mental disability, gender or sex, genetic information, gender identity, gender expression, marital status, medical condition, nationality, race or ethnicity, religion or religious creed, sexual orientation, and veteran or military status.

Accommodations

We provide reasonable accommodations to applicants and employees with disabilities. Applicants with questions about access or requiring a reasonable accommodation for any part of the application or hiring process should contact StaffHR-Accommodations@csulb.edu.

Out of State Employment Policy

California State University, Long Beach, as part of the CSU system, is a State of California Employer. As such, the University requires all employees upon date of hire to reside in the State of California.

As of January 1, 2022 the CSU Out-of-State Employment Policy prohibits the hiring of employees to perform CSU-related work outside the state of California.