Information Security Analyst

Job Summary

The Information Security Analyst is responsible for identifying information security risks, recommending appropriate controls, and promoting compliance with applicable regulatory and contractual requirements. This role supports the University's information security governance, risk, and compliance (GRC) efforts by collaborating with technical teams, auditors, and institutional stakeholders to assess controls, mitigate risk, and strengthen the overall security posture.

The successful candidate will apply sound judgment, strong analytical skills, and effective communication to support compliance initiatives, evaluate risk, and contribute to a culture of security awareness and continuous improvement.

Minimum Education and Experience

Bachelor's degree in computer science, information management, or other relevant field. One (1) year of general work experience in any field. An equivalent combination of education and experience may be considered.

Preferred Education and Experience

Preferred Education and Experience

• Advanced degree in Computer Science, Information Management, Business Administration, Engineering, Education, Library Science, or another relevant field.
• One to three years of relevant experience designing, implementing, and/or auditing information security programs, demonstrating a strong understanding of information security processes, technologies, and best practices
• Experience working in a higher education environment in a role accountable for system security
• Hands-on experience with governance, risk, and compliance (GRC) tools and technologies, such as HECVAT, BitSight, and LogicGate

Other Qualifications

To the extent this position requires the holder to research, work on, or have access to critical infrastructure as defined in Section of the Texas Business and Commerce Code, the ability to maintain the security or integrity of the critical infrastructure is a minimum qualification to be hired and to continue to be employed in the position.

Essential Duties and Responsibilities

Essential Duties

• Generate metrics and reports to convey the status of information security compliance and risks to stakeholders, including but not limited to University leadership, UT System Administration, Texas Department of Information Resources, and insurance providers
• Work closely with OIT, Internal Audit, and schools and departments to understand, assess, and develop plans for achieving compliance and mitigating risk across all aspects of the operational environment
• Support the successful outcome of projects
• Maintain accurate documentation of ISO systems and processes
• Demonstrate understanding of security technologies including, but not limited to, traffic analysis, anti-malware endpoint protection, intrusion detection systems, intrusion prevention systems, and firewalls
• Demonstrate the ability and willingness to learn to keep up with industry trends and best practices
• Maintain the highest levels of ethics and integrity while performing duties, representing ISO and UTD, and handling University data
• Communicate and collaborate effectively with all teammates and stakeholders in written and verbal formats
• Demonstrate professionalism, dependability, and responsibility if approved to work remotely
• Perform other duties as assigned

GRC Role-Specific Duties

• Contribute to information security policies, standards, procedures, and guidelines
• Review exemption requests including compensating controls and tracking of recommendations and expiration
• Contribute to classification of information assets
• Assess compliance with regulations including, but not limited to, Texas Administrative Code 202 (TAC 202), Texas Medical Records Privacy Act, Texas Public Information Act (TPIA), Family Educational Rights and Privacy Act (FERPA), Health Insurance Portability and Accountability Act (HIPAA), FBI's Criminal Justice Information Services (CJIS), GDPR, Gramm–Leach–Bliley Act (GLBA), Digital Millennium Copyright Act (DMCA), and TX-RAMP.
• Understand and perform risk assessments using framework such as NIST 800-53, NIST , University of Texas System 165 (UTS 165),