The Information Security Senior Risk and Compliance Analyst is responsible for driving efforts to proactively identify, assess, and communicate the universitys information security risks through critically analyzing the probable frequency and probable magnitude of future loss.
Looking for individuals who have the ability to understand:what risk management is as it relates to information security in order to aid departments at Yale to identify, analyze, assess, and communicate risk.
The analyst will work in close partnership with Information Security colleagues, IT staff, and academic and business representatives to scope assessments, gather documentation, interview clients, identify risks, document findings, and ensure transparent management of risks by following a structured risk assessment methodology.
The qualified candidate will be expected to independently lead and complete high-quality assessments across a diverse set of technologies, academic and business functions, and complexity. This includes but is not limited to assessments for internal and cloud technologies, network devices, control processes, academic and business functions, and facilitating the ongoing analysis of enterprise-wide risks across the university. The successful candidate will possess advanced knowledge of various multi-platform operating systems and databases. As a senior member of the team, this position will also be expected to proactively drive process improvements, overcome barriers to success, build professional relationships across university departments, brief senior leaders, and mentor others.
1. Evaluate the security controls for IT solutions of all types (mobile, web, client-server, etc.) both pre- and post?implementation. 2. Identify overall security requirements for the proper handling of data, and assist architects and system developers in the identification and implementation of appropriate information security. 3. Identify gaps in technologies that could impact the ability of the University to effectively detect and respond to cyber-attacks. 4. Communicate complicated technical security issues and the risks they pose to R&D programmers, network engineers, system administrators and management. 5. Work with departments to identify and classify data according to their sensitivity and their importance to the functioning of the University.
Required Education and Experience
Bachelors in a related field and 6 years of work experience, or equivalent combination.
Required Skill/Ability 1:
Working knowledge of the components of risk management, including risk processes, risk quantification, governance and reporting, and technology and systems. Knowledge in IT forensics analysis.
Required Skill/Ability 2:
Conceptually proficient with a wide range of technology allowing the ability to navigate different opinions, and synthesize a single cohesive position based on sometimes conflicting input. Proven ability to communicate complex systems and technical topics staff who may have minimal technical knowledge using oral, written and visual presentations.
Required Skill/Ability 3:
Strong foundational knowledge in information technology such as hardware, networking, architecture, protocols, files systems and operating systems. Proven ability application and/or database development. Proven ability in system administration.
Required Skill/Ability 4:
Strong business analytical, verbal, and written communications skills. Self-starter with ability to work both independently and in a team environment and to manage multiple tasks/projects in a disciplined and organized fashion while maintaining attention to detail.
Required Skill/Ability 5:
Knowledge of security standards and regulations such as NIST, CIS, ISO, HIPAA, PCI DSS, FERPA.
Weekend Hours Required?
Evening Hours Required?
Background Check Requirements
All candidates for employment will be subject to pre-employment background screening for this position, which may include motor vehicle, DOT certification, drug testing and credit checks based on the position description and job requirements. All offers are contingent upon the successful completion of the background check.* The salary listed in the header is an estimate based on salary data for similar jobs in the same area. Salary or compensation data found in the job description is accurate.
Launch your career - Create your profile now!Create your Profile
Loading some great jobs for you...