Information Security Risk & Compliance Analyst - Computing Services
- Employer
- Carnegie Mellon University
- Location
- Pittsburgh, Pennsylvania, United States
- Salary
- Competitive Salary
- Date posted
- Jul 23, 2024
View more categoriesView less categories
- Position Type
- Administrative, Business & Administrative Affairs, IT & Technology, Financial Affairs, Technology Administration/Other
- Employment Type
- Full Time
Job Details
The Computing Services central IT department provides services that have a strategic impact on university goals. We make service decisions based on interaction and valuable input from colleagues engaged in the education, research, and administration efforts of the university. We are a learning organization and approach successes and mistakes as a learning experience to continually cultivate a culture of intelligent risk taking. We want to hire versatile team members who are inspired and passionate about their work. Join us and be part of a team committed to excellence, innovation, diversity, team and individual growth.
CMU’s Computing Services department is searching for an Information Security Risk & Compliance Analyst. The Information Security Risk & Compliance Analyst will assess, document, and implement various controls for the University. This individual manages the control documentation and advises on best business practices for all stakeholders. The incumbent is responsible for managing processes for third party vendor assessment, systems audit assistance, coordination, and support (e.g., internal audit for information security). This includes familiarity with risk assessments, privacy regulations, and sets of controls. The incumbent will have a well-rounded technical background in Information Technology (IT). This includes and is not limited to software development, DevOps, systems, help desk, risk management, and information security.
Your core responsibilities will include:
- Assist in enhancing existing risk metrics and report high
impact items to key campus stakeholders.
- Audit IT systems and ensure the established controls are being
followed. Identify security findings and assist in driving risk
items to closure with the correct stakeholders.
- Familiarity with risk assessments and common control sets:
Cyber Security Framework (CSF), Cybersecurity Maturity Model
Certification (CMMC/ NIST 800-171), and Payment Card Industry –
Data Security Standard (PCI-DSS).
- Lead compliance projects involving multiple stakeholders within
established deadlines.
- Manage the documentation and development of policies, guidance
and procedures related to information security for the University’s
Information Security Office (ISO). This includes writing,
evidence-gathering, and investigating existing processes and
regulations and implementing best practices.
- Managing requests for information related to privacy
regulations and risk management: General Data Protection Regulation
(GDPR) and California Consumer Privacy Act (CCPA).
- Must be a quick learner with an interest in the intersection of
information security, people, and the law. The incumbent needs a
strong understanding of the bridge between security and business,
and be attentive to details.
- Partner with key internal campus stakeholders on processes and
controls, including the Office of the Vice Provost for Research,
University Libraries, University Health Services, Treasury, and
Enterprise Risk Management (ERM).
- Proficient with Microsoft Office Suite (e.g., Word, Excel,
PowerPoint, etc.) and other document-sharing tools (e.g., Google
Docs, Box, etc.).
- Review 3rd party documentation to determine information
security risk, and communicate those risks to stakeholders.
- Strong communication skills, both written and oral. The
incumbent will communicate with a variety of audiences, so it will
be imperative to write and speak to both technical, end-user and
executive audiences, depending on the context of the situation and
matter at hand.
- Other duties as assigned.
Qualifications:
- Bachelor’s Degree
- 3-5 years of relevant work experience
- Certified Information Systems Auditor (CISA)
- Certified Information Systems Security Practitioner
(CISSP)
- Successful background check
Carnegie Mellon’s Computing Services can rely on ITAR authorizations to provide access to ITAR-controlled items for certain eligible applicants who are not U.S. Persons. However, for Computing Services to ensure compliance with the ITAR, applicants who are NOT U.S. Persons are not eligible for this position if they are current or former permanent residents, nationals, or citizens of the following arms-embargoed or ITAR-restricted countries: Afghanistan, Belarus, Burma, Cambodia, Central African Republic, China, Cuba, Cyprus, Democratic Republic of Congo, Ethiopia, Eritrea, Haiti, Iran, Iraq, Lebanon, Libya, Nicaragua, North Korea, Russia, Somalia, South Sudan, Sudan, Syria, Venezuela, and Zimbabwe.
Joining the CMU team opens the door to an array of exceptional benefits, available to all full-time Carnegie Mellon University employees. Experience the full spectrum of advantages, from comprehensive medical, prescription, dental, and vision insurance to enticing retirement savings programs. Unlock your potential with tuition benefits, and take well-deserved breaks with generous paid time off and holidays. Rest easy knowing you're covered by life and accidental death and disability insurance. For a comprehensive overview of the benefits awaiting you, explore: https://www.cmu.edu/jobs/benefits-at-a-glance .
At Carnegie Mellon, we value the whole package when extending offers of employment. Beyond just credentials, we consider the role & responsibilities, your invaluable work experience, and the knowledge gained through education and training. We acknowledge and appreciate your unique key skills and the diverse perspectives you bring. Our commitment to fostering an inclusive work environment means we also account for geographic differentials. Your journey with us is about more than just a job; it is about finding the perfect fit for your professional growth and personal aspirations.
Are you interested in this exciting opportunity?! Apply today!
Joining the CMU team opens the door to an array of exceptional benefits available to eligible employees.
Those employees who are benefits eligible have the opportunity to experience the full spectrum of advantages from comprehensive medical, prescription, dental, and vision insurance to an enticing retirement savings program offering a generous employer contribution. You can also unlock your potential with tuition benefits and take well-deserved breaks with ample paid time off and observed holidays . Finally, rest easy knowing you are covered by life and accidental death and disability insurance.
Other perks include a free Pittsburgh Regional Transit bus pass, our Family Concierge Team to help navigate childcare needs, fitness center access , and so much more!
For a comprehensive overview of the benefits that may be awaiting you, explore our Benefits page .
At Carnegie Mellon, we value the whole package when extending offers of employment. Beyond just credentials, we consider the role and responsibilities, your invaluable work experience, and the knowledge gained through education and training. We acknowledge and appreciate your unique skills and the diverse perspective you bring. Your journey with us is about more than just a job; it’s about finding the perfect fit for your professional growth and personal aspirations.
Are you interested in an exciting opportunity with an exceptional organization?! Apply today!
Location
Pittsburgh, PA
Job Function
Security
Position Type
Staff – Regular
Full Time/Part time
Full time
Pay Basis
Salary
More Information:
- Please visit “ Why Carnegie
Mellon ” to learn more about becoming part of an
institution inspiring innovations that change the world.
- Click here to view
a listing of employee benefits
- Carnegie Mellon University is an Equal Opportunity
Employer/Disability/Veteran .
-
Statement of Assurance
Company
Carnegie Mellon University challenges the curious and passionate to imagine and deliver work that matters.
A private, global research university, Carnegie Mellon stands among the world's most renowned educational institutions, and sets its own course.
Carnegie Mellon was founded in 1900 by Andrew Carnegie under the premise that a school established to foster and develop the technical skills of its students would soon produce students and graduates whose work would astound Pittsburgh and the world. Over 120 years later, our institution continues to produce talented alumni and draws faculty and staff eager to be a part of the university's creative, passionate and close-knit community. We place emphasis on practical problem solving, interdisciplinary learning, an entrepreneurial spirit, and collaboration.
Over the past 10 years, more than 400 startups linked to CMU have raised more than $7 billion in follow-on funding. Those investment numbers are especially high because of the sheer size of Pittsburgh’s growing autonomous vehicles cluster – including Uber, Aurora, Waymo and Motional – all of which are here because of their strong ties to CMU.
With cutting-edge brain science, path-breaking performances, innovative startups, driverless cars, big data, big ambitions, Nobel and Turing prizes, hands-on learning, and a whole lot of robots, CMU doesn't imagine the future, we create it.
Pittsburgh is home to over 86,000 students from 10 colleges and universities. Pittsburgh was ranked as one of the top U.S. cities for millennials.
Some 177,000 people work in Pittsburgh's tech-related industries, and their ranks continue to grow as the city tops lists for jobs. Networking opportunities, small business accelerators, and an innovative community make the city appealing to entrepreneurs, especially recent graduates.
Pittsburgh is emerging as a tech and culture hub that The Washington Post praises for its "world-class art museums and colorful neighborhoods."
Robotics and software engineering lead the way. The city is home to Google, Uber and Apple offices and a budding ecosystem of tech startups including Duolingo, Modcloth and 4Moms, all of which have CMU roots.
Many seek Pittsburgh for being a hot spot for entrepreneurship and a model for future cities. Others come for the city's burgeoning food scene.
You’ll find CMU locations nationwide — and worldwide. Silicon Valley. Qatar. Africa. Washington, D.C. To name a few.
If your heart is in your work, come work with us.
Carnegie Mellon University isn't just one of the world’s most renowned educational institutions — it’s also a hotspot for some of the most talented doers, dreamers and difference-makers on the planet. When you join our staff, you’ll become an important part of our mission to create a healthier, safer and more just life for all. No matter what your role or location, you’ll connect and collaborate with dedicated, passionate colleagues — and you’ll have the satisfaction of delivering work that truly matters.
Carnegie Mellon University offers a wide range of competitive employee benefits to help you live well. Benefit eligibility varies based on the hours per week employees are scheduled to work and the employee's geographic location
We seek to cultivate diverse populations and perspectives and promote equity and inclusion. Our devotion to these ideals springs from a core belief in the power of education to be a transformative and enriching force for every person, irrespective of their background, identity or life circumstances.
Inclusion and belonging are intricately interwoven into the very essence of our university, helping to shape our values, policies and practices. Diversity, equity, inclusion and belonging are not only central to our ethos but also indispensable to our pursuit of academic excellence and innovation.
Get job alerts
Create a job alert and receive personalized job recommendations straight to your inbox.
Create alert