Security Analyst - Information Security, ITS

The department of Information Security in Information Technology Services at West Virginia University is currently accepting applications for a Security Analyst.

About the Opportunity

This position provides technical support for the systems of WVU's information security program and is a key member of the Information Security team. The position responsibilities include administration and configuration of enterprise information security systems, developing documentation and reports related to security operations, and managing / tracking security and compliance risks. The position will identify, monitor, and analyze security alerts and reports to detect and respond to potential security incidents as part of the Defend Your Data information security awareness program.

We strongly believe in work-life balance and keeping time for things we love outside our work. WVU offers generous benefits, including:

• 37.5-hour work week
• 13 paid holidays (staff holiday calendar)
• 24 annual leave (vacation) days per year or more based on years of service (employee leave)
• 18 sick days per year (for when you're ill, for when you need time to care for sick family, for your own, or your family's, regularly scheduled medical appointments. Who is family for the purpose of this leave? A lot of people in your life including immediate relatives and in-laws as well as others considered to be members of your household living under the same roof)
• WVU offers a range of health insurance and other benefits
• 401(a) retirement savings with 6% employee contribution match, eligibility to continue health insurance, and other retiree perks. Looking for more retirement benefits information? Check out retirement health insurance benefits, retirement income, and FAQ's.
• Wellness programs

What You'll Do

• Independently and as part of a team, maintain WVU's information security program.
• Ensure WVU's IT environment is secured according to established policies, procedures, standards, and applicable federal and state regulations.
• Responsibilities include but are not limited to administration over an enterprise information security system such as antivirus, data loss prevention, vulnerability management.
• Develop, manage, and maintain a defined set of standard operating procedures supporting these efforts.
• Continuously support and improve security controls throughout WVU's IT environment and develop remediation plans for any compliance issue(s).
• Subject matter expert on at least one of the enterprise information security systems, and serve as a backup to one or more additional systems / applications.
• Manage and optimize security tools, ensuring they are configured effectively to provide effective assessment of security risk and how best to mitigate these risks.
• Evaluate and recommend security technologies to enhance the institution's security portfolio.
• Conduct thorough risk assessments of new and existing University Technology Resources and vendors to evaluate their security controls.
• Collaborate with cross-functional teams to assess their security posture and remediate risks.
• Manage, track, evaluate, and report security and compliance risks as part of WVU's vulnerability and risk management process and standards.
• Develop and support remediation plans for any compliance issues
• Support regular security audits and assessments of applications and vendors to identify and address security vulnerabilities.
• Work closely with responsible parties to implement corrective actions and improvements.
• Document, track, and report on the status of the audits and assessments.
• Rapidly respond to security incidents, investigating and containing threats to minimize potential damage.
• Provide insights into the evolving threat landscape and potential impacts on the institution.
• Stay updated on the latest security threats and best practices
• Implement continuous improvement initiatives to enhance the efficiency and effectiveness of the information security across WVU

Salary: Up to $65,000

Remote work is available for this position as determined by the department.

• Undergraduate degree or equivalent combination of training, education, and experience in a relevant field.
• A minimum of four (4) years of combined experience:
  
  
  
  • Information technology experience
  • Experience working in/with information security
  • Experience with enterprise experience with enterprise information security systems
  
  
  
  
• All qualifications must be met by the time of employment.

Knowledge, Skills, & Abilities

• Excellent communication and interpersonal skills to effectively collaborate with stakeholders at all levels.
• Strong analytical and problem-solving abilities, with the ability to make sound decisions under pressure.
• Ability to manage and prioritize competing priorities in a resource constrained organization.
• Demonstrated excellence in written and verbal communication, collaboration, and team building skills. Professional level writing, editing, and oral communication skills are required, including the ability to present technical materials to a large, non-technical audience.
• Demonstrated ability to accurately work unsupervised, think logically, and schedule and coordinate work with others to meet deadlines. Project management skills, organization skills, ability to work under pressure, and skills to coordinate concurrent projects.
• Outstanding people skills, including positive attitude, customer service orientation, the ability to deal effectively with difficult people, the ability to assess sensitive issues and respond appropriately, the ability to interact with people at the highest professional levels, and appropriate communication with people from other cultures.
• Broad knowledge and understanding of information technology infrastructure. The ability to gather information from a wide variety of resources to solve complex problems.
• The ability and desire to continually learn new cybersecurity- and technology-related skills, privacy and risk management best practices, and regulatory changes.
• Ability to identify and assess risk and make recommendations and influence decisions based on risk mitigation.
• Demonstrable knowledge in compliance with common compliance standards (HIPAA, PCI, GLBA, etc)
• Log, update, and monitor service requests with vendors, and monitor vendor communities, e.g. listservs and forums to identify and discover opportunities for improvement in WVU's security posture.
• Perform root cause analysis of information security events to determine cause, severity, and remediation steps.
• Demonstrated ability to manage multiple tasks and prioritize as needed.
• Demonstrated ability to create, expand, and maintain relationships with peers both within a project team and during daily operations.
• Ability to design, install, configure, and maintain information security systems in a higher education environment.

Preferred Qualifications:

• Higher education experience.
• An information security certification, e.g. from CompTIA, Cisco, or GIAC.

At West Virginia University, we leverage our talents and resources to create a better future for our state and the world. As West Virginia's land-grant university, WVU has three campuses that touch each corner of the state. The WVU System includes 518 buildings on 15,880 acres, Extension Service offices in all 55 counties, ten experimental farms and four forests.

From the groundbreaking R1 research of our flagship campus in Morgantown to the career-oriented programs of WVU Potomac State in Keyser to the technology-intensive programs at WVU Tech in Beckley - the contributions of WVU employees directly impact the 1.8 million people of West Virginia every day, no matter their role or position.

Service, curiosity, respect, accountability, and appreciation are the core values that unite Mountaineers, inspiring one another to work tirelessly and support others as they seek to reach new heights. After all, when you're a Mountaineer, impossible is just another mountain to climb.

Creating an inclusive, engaged, and dynamic learning environment is core to WVU's academic mission. We welcome candidates who can contribute a range of ideas, approaches and experiences.

West Virginia University is proud to be an Equal Opportunity employer and is the recipient of an NSF ADVANCE award for gender equity. The University values diversity among its faculty, staff, and students, and invites applications from all qualified applicants regardless of race, ethnicity, color, religion, gender identity, sexual orientation, age, nationality, genetics, disability, or Veteran status.