The Information Security, Risk & Compliance Analyst plays a crucial role in safeguarding the University against cybersecurity threats. Their main responsibility is to implement a range of risk assessment and compliance processes to identify, evaluate, and monitor potential cybersecurity risks. By collaborating with various teams across the University, they ensure that security risks are effectively managed, adhering to industry cybersecurity standards and government regulations. Typical tasks for this role include conducting ongoing risk reviews, ensuring compliance with relevant regulations, conducting vulnerability scans, and analyzing information from diverse sources to assess risks associated with third-party IT suppliers during onboarding and continuous monitoring. The Information Security, Risk & Compliance Analyst also works with the Senior Analyst to guide stakeholders in integrating appropriate security measures into business operations, system designs, and software development processes. They enhance and execute processes that aid in planning remediation strategies to ensure compliance with policies and regulations. To provide valuable insights for risk prioritization, the Analyst prepares reports highlighting trends, risk levels, and metrics. Additionally, they focus on building trust and fostering cross-functional partnerships to raise awareness and successfully implement cybersecurity controls as part of a Unified Security Program.
Required Education:
Bachelor's Degree or equivalent Discipline relevant to Information Security or equivalent combination of education and experience.
Preferred Education:
Bachelor's Degree Discipline relevant to Information Security or Engineering
Required Experience:
2+ years Experience supporting cybersecurity risk and controls management programs with familiarity with cybersecurity frameworks including but not limited to ISO 27001, PCI-DSS, SOC, NIST CSF and regulatory requirements and compliance practices. Experience collaborating closely with security partners, including incident response, architects, and engineers to support and seamlessly incorporate cybersecurity controls and risk management processes into their day-to-day operations.
Preferred Experience:
2+ years Experience with Governance, Risk, and Compliance (GRC) technologies such as RSA Archer, ServiceNow, etc. Working knowledge in Cloud Security assessments, systems, tools, and web application reviews including Secure SDLC life cycle assessments. Working knowledge of enterprise infrastructure and application monitoring tools.
Required Skills, Knowledge and Abilities:
In-depth knowledge of foundational security controls and Information Security best practices, Ability to understand the implications of new information for both current and future problem-solving and decision-making. Must possess strong interpersonal, critical, analytical, organizational, written and verbal communication skills to clearly communicate information and security concepts to non-technical audiences. Demonstrate reliability, responsibility, and dependability to fulfill job requirements.
Preferred Skills, Knowledge and Abilities:
Knowledge of enterprise infrastructure and application monitoring tools. Working knowledge of network systems, security principles, applications, and risk and compliance initiatives. Knowledge to bring clarity to projects by digging into documentation, and asking the right questions to the right people.
In compliance with NYC's Pay Transparency Act, the annual base salary range for this position is USD $69,300.00 to USD $84,700.00. New York University considers factors such as (but not limited to) scope and responsibilities of the position, candidate's work experience, education/training, key skills, internal peer equity, as well as, market and organizational considerations when extending an offer. This pay range represents base pay only and excludes any additional items such as incentives, bonuses, clinical compensation, or other items.
NYU aims to be among the greenest urban campuses in the country and carbon neutral by 2040. Learn more at nyu.edu/nyugreen.
EOE/AA/Minorities/Females/Vet/Disabled/Sexual Orientation/Gender Identity