Position Title: Information Security Analyst
Position Number: 100109
Pay Rate: $80,000 to $85,000 annually, plus benefits
Position Type: Full-Time
Posting Detail: Posting Number 033
The Information Security Analyst is responsible for maintaining the security and integrity of all Oklahoma State Regents for
Higher Education (OSRHE) information and systems, to include the Oklahoma College Assistance Program (OCAP) and OneNet.
The Information Security Analyst must have a deep understanding of industry security principles, standards, best practices, and quickly acquire knowledge of every aspect of information security, technical and business related, across all OSRHE divisions.
The primary function of this position is to analyze security measures in place, determine how effective these measures are
given the current threat environment, take steps to remediate vulnerabilities, recommend and implement changes to improve the agency’s long-term security posture, provide extensive technical guidance, and coordinate with management and staff, including the Chief Information and Security Officer (CISO), on all matters related to information security.
The Information Security Analyst will organize and implement required security training including instructing staff on proper security measures across all facets of agency operations.
Responsibilities and Duties
- Ensure that all security measures employed are current and adequate to protect OSRHE information and assets.
- Create and maintain all security related documentation for OSRHE including IT Security Policy, inventories of staff training, system security plans, risk register, and mitigation efforts.
- Prepare and submit reports as required by IT policy
- Organize and conduct IT security training for all employees, including technical staff.
- Utilize a suite of security tools to assess the agency’s security posture and the ability to meet evolving threats. This would include internal vulnerability scans and penetration testing.
- Develop and produce reports, assessments, and recommendations to share with management and technical staff related to the efficacy of security mechanisms, controls, processes, systems and services.
- Work closely with the Chief Information and Security Officer (CISO) to ensure that all technical and business related configurations and changes meet or exceed minimum industry standards and mandated security standards set forth by state and federal statutes.
- Participate in / lead research activities and make recommendations regarding the development, implementation and testing of appropriate security plans, products and control techniques.
- Act as liaison with external entities to include the United States Department of Education (ED), State of Oklahoma, vendors, contractors and consultants to maintain and enhance information and data security.
- Complete security assessments as required by entities such as ED, State of Oklahoma, commercial banks, etc.
- Participate in IT disaster recovery / business continuity exercises and tests.
- Review technology acquisitions, including open source and free products / services, for potential security issues and fit within the OSRHE environment.
- Participate in or lead response to information security incidents. Assess when an incident has occurred, at what level and with whom the communication of the event should be, what the immediate actions are that need to be taken to properly protect the State Regents and what steps should be performed to contain, manage, and appropriately document and report the incident.
- Other similar duties as assigned.
- Bachelor’s degree in Computer Science, Management Information Systems or related field required or at least three (3) to five (5) years of progressively responsible information technology experience in a corporate, government or university setting.
- An equivalent combination of post-secondary education and work-related experience may be considered.
- A minimum of three (3) to five (5) years of information security experience or equivalent experience in risk mitigation, risk assessment, and risk remediation required.
- Strong experience in Internet and network security products and platforms, including intrusion detection, intrusion prevention, incidence response, vulnerability assessments and penetration testing.
- Comprehensive understanding of industry standards and requirements for information security management, state and federal statutes and 3rd party security assessments required.
- Strong project management, communication and organizational skills.
- Proven ability to communicate security-related concepts to technical and non-technical staff.
- Strong working knowledge of applicable laws and law enforcement community activities and initiatives.
- Proven ability to work collaboratively across an organization and with peer groups and organizations external to the agency.
- Strong experience with business continuity planning, disaster recovery testing and exercises, and contract/vendor relations.
- Must provide a cellular telephone and service for work-related activities.
- Must be available after hours as needed.
- Documented security-related certifications and training is a plus.
The employee performs work under the primary supervision of the Chief Information and Security Officer (CISO with secondary reporting responsibilities to the Executive Director of OCAP for OCAP-related issues).
Agency offices are open to the public from 8 A.M. to 5 P.M. Monday through Friday. These are the normal office hours for Agency employees.
The above statements are intended to describe the general nature and level of work being performed by people assigned to this classification. They are not intended to be construed as an exhaustive list of all responsibilities, duties and skills required of personnel so classified. The Oklahoma State Regents for Higher Education is an Equal Opportunity Employer.
Posting Date: 12/22/2015
Open Until Filled: Yes
Special Instructions to Applicants
Required fields are indicated with an asterisk (*).
* Please provide information on any certifications you hold in the information security field.
(Open Ended Question)
* Please describe your experience in the information security field.
(Open Ended Question)
* Please describe your experience with securing various host operating systems and network infrastructure.
(Open Ended Question)
* Have you ever been on a security incident response team? Please describe your role.
(Open Ended Question)
* How did you hear about this employment opportunity?
Public Job Posting
Internal Job Posting
Documents Needed to Apply:
2. Cover Letter