Über
Senior Information Security Analyst
Executive Area:
Information Technologies
College/School/MBU:
Information Technology
Department:
IT Information Security
Work Location:
Amherst
Schedule:
Full time
Work Arrangement:
Hybrid
Job Summary The Senior Information Security Analyst delivers advanced technical and strategic leadership for the University's hybrid information security program. The role oversees enterprise security operations—including vulnerability management, threat detection, incident response, and digital forensics—across on‑premises and cloud environments. The analyst leads secure architecture design for major technology projects, conducts complex security audits and risk assessments, and implements technical safeguards to protect institutional systems. They research emerging security technologies, advise leadership on solution strategy, and collaborate with stakeholders to manage risk, ensure compliance, and support the ongoing maturity of security policies, training, and metrics.
Essential Functions Provides advanced technical leadership for enterprise security operations across hybrid on‑premises and cloud environments. Directs end‑to‑end vulnerability lifecycle management, coordinates complex incident response and digital forensics, and oversees continuous threat detection, containment, and remediation using traditional security platforms and cloud native services such as AWS Security Hub.
Drives the architecture, automation, and optimization of security operations to ensure resilient, scalable, and intelligence‑driven protection aligned with institutional risk and compliance requirements.
Conducts advanced security audits and enterprise risk assessments across hybrid environments. Designs and implements technical safeguards to protect university systems, leveraging both traditional security technologies and cloud native controls. Provides expert level support for security tools and frameworks, performs deep‑dive analysis of intrusion artifacts and malware, and reconstructs attack timelines to identify indicators of compromise and strengthen detection and response capabilities.
Leads secure architecture design for major security and technology projects by evaluating, selecting, and engineering security solutions across hybrid environments. Ensures project designs incorporate appropriate security controls, architecture principles, and governance requirements, and provides expert direction on how security technologies should be implemented and integrated throughout the project lifecycle.
Conducts deep technical research and analysis of emerging security capabilities—both traditional and cloud‑native—to inform technology strategy and solution design. Advises senior leadership and project teams on optimal approaches for implementing, integrating, and operationalizing security solutions to strengthen the institution's overall security posture.
Manages complex system and information security incidents across on‑premises and cloud environments, including coordinating digital forensics investigations, analyzing cloud native logs and telemetry, and leading containment, eradication, and notification activities.
Works with internal and external stakeholders on strategic security initiatives. Collaborates with campus business units to manage information security risks and meet relevant compliance requirements, including conducting risk assessments, analyzing security threats, and advising on risk mitigation strategies aligned with institutional goals.
Develops and recommends updates to policies, standards, procedures, solutions, and governance frameworks to address information security, compliance, and privacy risks.
Contributes to documentation, training, and metrics gathering in support of the information security program.
Other Functions Performs other duties as assigned.
Minimum Qualifications
Bachelor's Degree with 7 years’ relevant experience
Associate degree with 9 years’ relevant experience
High school diploma with 11 years’ relevant experience
Expert understanding of multiple IT domains and their interdependence
Expert understanding of and experience with information security frameworks, privacy laws, and regulatory requirements (e.g., NIST, FERPA, HIPAA, PCI‑DSS, ISO 27001)
Demonstrated technical understanding of system and network security, incident response, and compliance requirements
Expertise in forensic analysis and security architecture
Experience with security tools such as SIEM, EDR/XDR, forensics tools, firewalls, IDS/IPS, and vulnerability management platforms
Deep understanding of security governance, risk management frameworks, and regulatory compliance
Demonstrated ability to lead security initiatives and projects at an enterprise level
Strong analytical and critical‑thinking skills to assess security risks and develop mitigation strategies
Experience designing, assessing, and implementing security controls in one or more cloud environments such as Microsoft Azure, Amazon AWS, or Google GCP
Experience with computer incident response, including data collection, investigations, containment, and remediation
Excellent written and verbal communication skills with ability to work with a diverse constituency in a service‑based organization with both technical and non‑technical team members
Ability to pass a CJIS background check
Ability to manage multiple competing priorities and deadlines in a fast‑paced working environment
Preferred Qualifications
Computer Information Systems Security Professional (CISSP) or a related information security or computer forensics certification
Higher Education experience
Additional Details Required to work some nights and weekends. Team on‑call participation required.
Working Conditions Work is performed in a standard office or indoor university environment and involves minimal physical exertion.
Work Schedule and Work Arrangement Monday to Friday 8:30 a.m. to 5:00 p.m.
This position has the opportunity for a hybrid work schedule, which is defined by the University as an arrangement where an employee’s work is regularly performed at a location other than the campus workspace for a portion of the week. As this position falls within the Professional Staff Union, it is subject to the terms and conditions of the Professional Staff Union collective bargaining agreement.
#J-18808-Ljbffr
Sprachkenntnisse
- English
Hinweis für Nutzer
Dieses Stellenangebot stammt von einer Partnerplattform von TieTalent. Klick auf „Jetzt Bewerben”, um deine Bewerbung direkt auf deren Website einzureichen.