Sign up
Sign up
empty
Information Security Risk & Compliance Analyst - Computing Services
Carnegie Mellon University
.svg)
Remote Eligibility
On-site
Domain
GRC
State
Pennsylvania
City
Pittsburgh
Job Description
Posted on:
September 17, 2024
Primary NIST Speciality
Oversee and Govern
NIST Sub-speciality
Cybersecurity Management
Seniority
Experienced
Salary ($K)
-
Summary and company overview
Summary:
The Computing Services central IT department provides services that have a strategic impact on university goals. We make service decisions based on interaction and valuable input from colleagues engaged in the education, research, and administration efforts of the university. We are a learning organization and approach successes and mistakes as a learning experience to continually cultivate a culture of intelligent risk taking. We want to hire versatile team members who are inspired and passionate about their work. Join us and be part of a team committed to excellence, innovation, diversity, team and individual growth.
CMU’s Computing Services department is searching for an Information Security Risk & Compliance Analyst. The Information Security Risk & Compliance Analyst will assess, document, and implement various controls for the University. This individual manages the control documentation and advises on best business practices for all stakeholders. The incumbent is responsible for managing processes for third party vendor assessment, systems audit assistance, coordination, and support (e.g., internal audit for information security). This includes familiarity with risk assessments, privacy regulations, and sets of controls. The incumbent will have a well-rounded technical background in Information Technology (IT). This includes and is not limited to software development, DevOps, systems, help desk, risk management, and information security.
Company Overview:
Flexibility, excellence, and passion are vital qualities within Computing Services. Inclusion, collaboration, and cultural sensitivity are valued competencies at CMU. Therefore, we are in search of a team member who is able to effectively interact with a varied population of internal and external partners at a high level of integrity. We are looking for someone who shares our values and who will support the mission of the university through their work.
Responsibilities
- Assist in enhancing existing risk metrics and report high impact items to key campus stakeholders.
- Audit IT systems and ensure the established controls are being followed. Identify security findings and assist in driving risk items to closure with the correct stakeholders.
- Familiarity with risk assessments and common control sets: Cyber Security Framework (CSF), Cybersecurity Maturity Model Certification (CMMC/ NIST 800-171), and Payment Card Industry – Data Security Standard (PCI-DSS).
- Lead compliance projects involving multiple stakeholders within established deadlines.
- Manage the documentation and development of policies, guidance and procedures related to information security for the University’s Information Security Office (ISO). This includes writing, evidence-gathering, and investigating existing processes and regulations and implementing best practices.
- Managing requests for information related to privacy regulations and risk management: General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA).
- Must be a quick learner with an interest in the intersection of information security, people, and the law. The incumbent needs a strong understanding of the bridge between security and business, and be attentive to details.
- Partner with key internal campus stakeholders on processes and controls, including the Office of the Vice Provost for Research, University Libraries, University Health Services, Treasury, and Enterprise Risk Management (ERM).
- Proficient with Microsoft Office Suite (e.g., Word, Excel, PowerPoint, etc.) and other document-sharing tools (e.g., Google Docs, Box, etc.).
- Review 3rd party documentation to determine information security risk, and communicate those risks to stakeholders.
- Strong communication skills, both written and oral. The incumbent will communicate with a variety of audiences, so it will be imperative to write and speak to both technical, end-user and executive audiences, depending on the context of the situation and matter at hand.
- Other duties as assigned.
Job Requirements
Required Qualifications:
- Bachelor’s Degree
- 3-5 years of relevant work experience
- Successful background check
- U.S. Persons, as defined under U.S. export control laws
Preferred Qualifications:
- Certified Information Systems Auditor (CISA)
- Certified Information Systems Security Practitioner (CISSP)
Additional commentary
NA
Summary and company overview
Summary:
The Computing Services central IT department provides services that have a strategic impact on university goals. We make service decisions based on interaction and valuable input from colleagues engaged in the education, research, and administration efforts of the university. We are a learning organization and approach successes and mistakes as a learning experience to continually cultivate a culture of intelligent risk taking. We want to hire versatile team members who are inspired and passionate about their work. Join us and be part of a team committed to excellence, innovation, diversity, team and individual growth.
CMU’s Computing Services department is searching for an Information Security Risk & Compliance Analyst. The Information Security Risk & Compliance Analyst will assess, document, and implement various controls for the University. This individual manages the control documentation and advises on best business practices for all stakeholders. The incumbent is responsible for managing processes for third party vendor assessment, systems audit assistance, coordination, and support (e.g., internal audit for information security). This includes familiarity with risk assessments, privacy regulations, and sets of controls. The incumbent will have a well-rounded technical background in Information Technology (IT). This includes and is not limited to software development, DevOps, systems, help desk, risk management, and information security.
Company Overview:
Flexibility, excellence, and passion are vital qualities within Computing Services. Inclusion, collaboration, and cultural sensitivity are valued competencies at CMU. Therefore, we are in search of a team member who is able to effectively interact with a varied population of internal and external partners at a high level of integrity. We are looking for someone who shares our values and who will support the mission of the university through their work.
