Skip to Main Content

IT Security Analyst Senior

Position Information

Position Details

Position Number 42717
Class Title IT Security Analyst Senior
Job Description

Provides support for a variety of operational & consultative IT security functions. A shared function between the Office of Export Control Compliance (ECC) & UCF Information Security (IS) Office with broad awareness & understanding of IS, federal regulatory requirements & IT methods utilized to ensure compliance with university policies, state statutes, & federal regulations. Architects, implements, manages, monitors, & enforces IT security controls that protect the confidentiality, integrity, & availability of the organization’s controlled technical data assets in accordance with legal, regulatory, & institutional requirements; ensures users of controlled technical data & systems receive required security training; consults with Principle Investigators, university IT staff, & subject matter experts to identify, implement, monitor, & enforce compliance solutions; documents solutions; provides guidance & recommendations to the research community in area of data security; reviews new regulations to determine impact on the institution & applicable faculty, staff, or students.

Apply information security concepts, frameworks, regulations and guidelines to organizational requirements and document practices, procedures and policy. Convert IT/technical concepts into easily digestible and actionable policies and procedures with summaries that are accessible to audiences of varying technical aptitudes.

Working in conjunction with cross-functional teams (Sponsored Programs, Export Control, Principal Investigators and university IT), evaluate existing IT infrastructure resources for variances with NIST and other applicable standards, document variances, coordinate and architect solutions with university IT security solutions to meet NIST requirements, document security methods in a technology control plan (TCP), provide IT security training, and monitor compliance with the TCP.

Previous demonstrated experience developing, documenting and managing IT security TCP plans to attain and maintain compliance with various regulatory requirements, including but not limited to EAR, ITAR, OFAC, NARA, NIST, FIPS, etc.

Develop, document and manage IT security TCP plans to attain and maintain compliance with various regulatory requirements, including but not limited to EAR, ITAR, OFAC, NARA, NIST, FIPS, etc.

Conduct physical audits and inventories of IT assets used in restricted research activities, analyzing variances of IT assets with federal NIST standards.

Implement IT security compliance solutions and negotiating gaps with sponsors.

Conduct risk assessments, coordinate vulnerability scans, and penetration tests to identify security risks, and report on findings to system owners and management.

Use automated and manual testing, examination, scanning, interviewing, and discovery techniques to identify, validate, and assess security vulnerabilities.

Using output from risk assessments and requirements analysis, assist system, application, and data owners/managers with selecting security controls and documenting system security plans.

Develop and publish information security policies, standards, procedures and guidelines based on compliance requirements and latest security best practices and standards.

Review existing security plans with system, application, and data owners/managers to ensure that controls are properly implemented, and to pro actively identify any gaps that may result in non-compliance with regulatory requirements.

Assist in conducting forensic investigations, provide guidance on remediation planning, and prioritize remediation efforts.

Perform intermediate and advanced analysis and assessments of research and non-research related activities and necessary regulatory requirements to maintain institutional compliance in both research and non-research areas as required by export control laws and regulations.

Work directly with faculty, staff, and students to provide expert advice on both federal regulations, UCF policy and procedures, and IT security protocols implemented to achieve compliance.

Maintain the university loaner-laptop program for international travel by faculty, staff and students.

Provide maintenance and support for recordkeeping resources used to support the trade compliance function.

Manage all tasks associated with implementing IT security solutions on restricted research programs.

Implement, monitor and audit NIST 800-171 security controls.

Respond to relevant service requests received from end users conducting activities subject to IT security requirements.

Provide reports and presentations on the status of security controls and industry trends to management and technical staff.

Develop and deliver IT security awareness training for the organization’s staff, including required training sessions for research teams conducting restricted research.

Acquire and analyze regulatory updates impacts on university activities and provide guidance to UCF department, units, research centers and institutes and faculty, staff and students.

Maintain membership in export and security-related organizations and attend annual security briefings, conferences, trade-shows and training events.

Perform miscellaneous job duties as assigned.

Minimum Qualifications

Bachelor’s degree and two years of information technology experience.

Additional Minimum Requirements
Preferences

5 years IT security, information technology, information assurance or related experience, with preferred service in a Federal Government or DoD Industrial Security environment. Experience with cybersecurity policies based on NIST 800-53, NIST 800-171 and ISO 27001. Knowledge of complex government regulations, including the ITAR, EAR and OFAC.

Project Management Professional (PMP) Certification preferred.

Special Conditions

This is a reposted position. Previous applicants are still being considered and do not need to reapply.

Must be able to maintain a U.S. Government Security Clearance. U.S. Citizenship is required due to the confidential nature of the technical data and technology accessible to this position.

If you are selected as the final candidate for an employment opportunity here at UCF, both your position and salary will be significantly based upon the information that you have provided in your application for employment. We urge you to please take the time to complete the application in its entirety.

The University of Central Florida is proud to be a smoke-free campus and an E-Verify employer.

Equal Employment Opportunity Employer
FTE 1.0-Full-Time
Requisition Number 402640
Job Open Date 06/02/2017
Job Close Date
Open until filled Yes
Division Academic Affairs
College/Area Office of Research & Commercialization (Research)
Department Research-Commercialization
Annual Salary Negotiable
Type of Appointment Regular
If Visiting A&P, please specify timeframe
Job Category A&P
Work Schedule

Monday through Friday
8am to 5pm
Schedule may vary as required

Work Location Orlando (Main)
Quick Link http://www.jobswithucf.com/postings/49786

Supplemental Questions

Required fields are indicated with an asterisk (*).

  1. * Do you have a bachelor's degree and two years of information technology experience?
    • Yes
    • No

Optional & Required Documents

Required Documents
Optional Documents
  1. Curriculum Vitae/Resume
  2. Cover Letter
  3. Other Doc 1
  4. Other Doc 2
  5. Other Doc 3
  6. Other Doc 4