Job Description

Job Summary:

The Information and Technology Services (ITS) organization at the University of Michigan has an exciting opportunity for a Data Security Analyst Intermediate to join the Responsible Information Security for Campus (RISC) Team within Information Assurance (IA). As part of a high performance team with expanding responsibilities, you will have the opportunity to work in a very collaborative and dynamic environment to perform risk and compliance assessments of critical systems to improve the security posture of the University's most sensitive and assets, and provide security consulting for university systems and units.

This is a hybrid position based in Ann Arbor, MI. You will need to attend meetings on campus and be within a reasonably commutable distance. Details can be worked out with the hiring manager. May also require on-call availability and working during non-business hours.

For more information about ITS, please visit our website: http://its.umich.edu/

Who we are:

Information and Technology Services (ITS) supports U-M faculty, researchers, staff, and students in their use of technology to teach, learn, research, and work, and be leaders in their fields. We are dedicated to creating cohesive digital experiences and promoting university wide innovations. ITS's mission is to be trusted enablers of technology for the U-M community. ITS works together to provide cohesive digital experiences and seamless support to the U-M community. For more information about ITS, visit: https://its.umich.edu/about

The Information Assurance (IA) Office:

Directs IT security, policy, compliance, privacy, enterprise continuity, and identity and access management (IAM) strategy across the entire university.
Proactively mitigates IT security risks in partnership with U-M's campuses UM-Ann Arbor, UM-Dearborn, UM-Flint, and Michigan Medicine.
Collaborates with U-M units to:
Develop university IT security, privacy, and IAM strategy.
Implement best practice security, privacy, and IAM infrastructure and protocols.
Takes a risk-based approach to securing the university's most sensitive information assets that enables teaching, learning, research, and healthcare in a large open environment.
Provides operational information assurance and IAM services that enable the university to excel in its research, teaching, and patient care missions
Provides guidance to the entire university community on IT security and privacy compliance best practices to help individuals protect university systems and data, as well as their own personal information.


For more information about Information Assurance, please visit our website: https://safecomputing.umich.edu

Responsibilities:

Participate in the successful execution of a potentially wide range of security services and activities. Primary responsibilities include:


Risk Management Use tools and methodology to assess the information security risks associated with sensitive and mission critical systems based on the NIST 800-53 security control framework and develop mitigation strategies to bring risk levels into an acceptable range.
Compliance Determine applicability and scope of various regulations; interpret and implement technical requirements to ensure compliance.
System and Application Hardening Develop, implement, and monitor secure system and application configuration standards in accordance with applicable policies, regulations, and laws
Education & Awareness - Support campus units through creation and delivery of education and awareness materials, security orientations and training.
Additional Duties may include the following based on skills and experience of the candidate -



Security Advising - Provide on-demand and in-depth ongoing security advising to campus units regarding security initiatives, systems procurement and hardening, handling sensitive data, system security plans, research proposals, and other security related topics.
Subject Matter Expert Participate as an information assurance subject matter expert in the analysis and design of new enterprise systems and services; Participate in the design, implementation, and continuous improvement of security service offerings. Provide consulting services to campus units on your subject matter expertise.
Required Qualifications:

Bachelor's degree in Computer Science, Computer Engineering, or Information Assurance or an equivalent combination of education and experience
Minimum of 4 years information technology experience
Minimum of 2 years of experience applying security related technologies, practices, or services
System administration background with Microsoft, Macintosh or *nix environments
Solid understanding of fundamental Operating System and TCP/IP Networking concepts
Solid understanding of fundamental information security concepts including: Authentication, Authorization, Audit, Encryption, Firewalls
Extensive exposure to, experience with, responsibility for, and deep understanding of at least two security related technologies or practices including Risk Management, Incident Response, Vulnerability Management, Penetration Testing, IDS/IPS, System and Application Hardening, Identity and Access Management, Security Information and Event Management, Firewall management, IDS/IPS
A strong commitment to collaboration, teamwork, and continual improvement
Outstanding verbal, written, and presentation communication skills, including the ability to explain technical concepts to a non-technical audience
Demonstrated success working independently, and completing tasks within established deadlines