Reference #: 2022006
The Computing Services central IT department provides services that have a strategic impact on university goals. We make service decisions based on interaction and valuable input from colleagues engaged in the education, research, and administration efforts of the university. We are a learning organization and approach successes and mistakes as a learning experience to continually cultivate a culture of intelligent risk taking. We want to hire versatile team members who are inspired and passionate about their work. Join us and be part of a team committed to excellence, innovation, diversity, team and individual growth.
CMU's Computing Services department is searching for an Information Security Risk & Compliance Analyst. The Information Security Risk & Compliance Analyst will assess, document, and implement various controls for the University. This individual manages the control documentation and advises on best business practices for all stakeholders. The incumbent is responsible for managing processes for third party vendor assessment, systems audit assistance, coordination, and support (e.g., internal audit for information security). This includes familiarity with risk assessments, privacy regulations, and sets of controls. The incumbent will have a well-rounded technical background in Information Technology (IT). This includes and is not limited to software development, DevOps, systems, help desk, risk management, and information security.
Your core responsibilities will include:
Assist in enhancing existing risk metrics and report high impact items to key campus stakeholders.
Audit IT systems and ensure the established controls are being followed. Identify security findings and assist in driving risk items to closure with the correct stakeholders.
Familiarity with risk assessments and common control sets: Cyber Security Framework (CSF), Cybersecurity Maturity Model Certification (CMMC/ NIST 800-171), and Payment Card Industry - Data Security Standard (PCI-DSS).
Lead compliance projects involving multiple stakeholders within established deadlines.
Manage the documentation and development of policies, guidance and procedures related to information security for the University's Information Security Office (ISO). This includes writing, evidence-gathering, and investigating existing processes and regulations and implementing best practices.
Managing requests for information related to privacy regulations and risk management: General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA).
Must be a quick learner with an interest in the intersection of information security, people, and the law. The incumbent needs a strong understanding of the bridge between security and business, and be attentive to details.
Partner with key internal campus stakeholders on processes and controls, including the Office of the Vice Provost for Research, University Libraries, University Health Services, Treasury, and Enterprise Risk Management (ERM).
Proficient with Microsoft Office Suite (e.g., Word, Excel, PowerPoint, etc.) and other document-sharing tools (e.g., Google Docs, Box, etc.).
Review 3rd party documentation to determine information security risk, and communicate those risks to stakeholders.
Strong communication skills, both written and oral. The incumbent will communicate with a variety of audiences, so it will be imperative to write and speak to both technical, end-user and executive audiences, depending on the context of the situation and matter at hand.
Other duties as assigned.
Flexibility, excellence, and passion are vital qualities within Computing Services. Inclusion, collaboration, and cultural sensitivity are valued competencies at CMU. Therefore, we are in search of a team member who is able to effectively interact with a varied population of internal and external partners at a high level of integrity. We are looking for someone who shares our values and who will support the mission of the university through their work.
Qualifications:
Bachelor's Degree
3-5 years of relevant work experience
Certifications:
Certified Information Systems Auditor (CISA)
Certified Information Systems Security Practitioner (CISSP)
Requirements:
Successful background check
This position involves access to items or technical data controlled under the U.S. International Traffic in Arms Regulations ("ITAR"). Under U.S. export control laws, restrictions apply to the release or disclosure within the United States of ITAR-controlled technical data to individuals who are NOT "U.S. Persons." U.S. Persons include U.S. citizens, U.S. nationals, persons lawfully admitted for U.S. permanent residence ("green card" holders), persons granted U.S. asylum status and persons granted U.S. refugee status.
Carnegie Mellon's Computing Services can rely on ITAR authorizations to provide access to ITAR-controlled items for certain eligible applicants who are not U.S. Persons. However, for Computing Services to ensure compliance with the ITAR, applicants who are NOT U.S. Persons are not eligible for this position if they are current or former permanent residents, nationals, or citizens of the following arms-embargoed or ITAR-restricted countries: Afghanistan, Belarus, Burma, Cambodia, Central African Republic, China, Cuba, Cyprus, Democratic Republic of Congo, Ethiopia, Eritrea, Haiti, Iran, Iraq, Lebanon, Libya, Nicaragua, North Korea, Russia, Somalia, South Sudan, Sudan, Syria, Venezuela, and Zimbabwe.
Joining the CMU team opens the door to an array of exceptional benefits, available to all full-time Carnegie Mellon University employees. Experience the full spectrum of advantages, from comprehensive medical, prescription, dental, and vision insurance to enticing retirement savings programs. Unlock your potential with tuition benefits, and take well-deserved breaks with generous paid time off and holidays. Rest easy knowing you're covered by life and accidental death and disability insurance. For a comprehensive overview of the benefits awaiting you, explore: https://www.cmu.edu/jobs/benefits-at-a-glance.
At Carnegie Mellon, we value the whole package when extending offers of employment. Beyond just credentials, we consider the role & responsibilities, your invaluable work experience, and the knowledge gained through education and training. We acknowledge and appreciate your unique key skills and the diverse perspectives you bring. Our commitment to fostering an inclusive work environment means we also account for geographic differentials. Your journey with us is about more than just a job; it is about finding the perfect fit for your professional growth and personal aspirations.
Are you interested in this exciting opportunity?! Apply today!
Joining the CMU team opens the door to an array of exceptional benefits available to eligible employees.
Those employees who are benefits eligible have the opportunity to experience the full spectrum of advantages from comprehensive medical, prescription, dental, and vision insuranceto an enticing retirement savings program offering a generous employer contribution. You can also unlock your potential with tuition benefits and take well-deserved breaks with ample paid time off and observed holidays. Finally, rest easy knowing you are covered by life and accidental death and disability insurance.
Other perks include a free Pittsburgh Regional Transit bus pass, our Family Concierge Team to help navigate childcare needs, fitness center access, and so much more!
For a comprehensive overview of the benefits that may beawaiting you, ex
S:SKINTIAGP11