5181 Cybersecurity Analyst

POSITION IDENTIFICATION

TITLE Cybersecurity Analyst

CLASSIFICATION NUMBER 5181

GRADE 35

CLASSIFICATION Exempt

IMMEDIATE SUPERVISOR Senior Cybersecurity Analyst

GENERAL FUNCTION    

The Cybersecurity Analyst reviews and evaluates information security compliance issues and concerns within the Missouri State University system, ensures that the University is in compliance with the information security rules and regulations of regulatory agencies, and that University practices meet the standards set by the University in relation to state and federal compliance issues. Under the direction of the Senior Cybersecurity Analyst, the Cybersecurity Analyst ensures that all information security-related regulations are properly implemented, and provides technical assistance to University units in that implementation. The Cybersecurity Analyst administers access control for the University’s Enterprise Resource Planning (ERP) information system, monitors access controls to assure adherence to University policies, maintains the integrity of the access control process, and adjusts access control rights when personnel changes occur. 

MINIMUM ACCEPTABLE QUALIFICATIONS

Education: An Associate’s degree and a minimum of two years of information technology experience with demonstrated expertise in personal computers and operating systems, server operating systems, and network protocols and enterprise architecture is required. An equivalent combination of years of experience and education may be considered for substitution of educational requirements. 

Experience: One year of experience in a position requiring familiarity with regulatory compliance practices in a setting such as, but not limited to, healthcare, operational, financial, quality assurance, or human resources is required. 

Skills: Excellent technical aptitude is required. A basic understanding of file server administration, application software, and computer-related diagnostic techniques is required. The ability to maintain confidentiality in regard to information processed, stored, or accessed by the systems is required. The ability to perform in a problem-solving capacity including the evaluation of crisis and emergency situations is required. The ability to organize and manage efficiently is required. Excellent verbal, presentation, and written communication skills are required. Effective interpersonal, customer service, organizational, project management, and team-building skills are required. Strong technical skills and current technical knowledge are required. The ability to work effectively with a variety of constituencies possessing a wide range of technical knowledge is required. The ability to develop knowledge of, respect for, and skills to engage with those of other cultures or backgrounds is required.

Other: The nature of this position requires the incumbent to be available evenings, nights, and weekends to respond to concerns regarding security of the University’s information resources.

DUTIES AND RESPONSIBILITIES

1. Assures regulatory compliance related to electronic information in areas such as Health Insurance Portability and Accountability Act (HIPAA), Family Educational Rights and Privacy Act (FERPA), and Gramm-Leach-Bliley (GLB) and works with the HIPAA Unit Security Officers to ensure full compliance in securing electronic Protected Health Information (ePHI).

2. Grants and revokes access to the University’s ERP information systems by using professional judgement and effective communication skills to confirm the validity of the request, gain approval from system owners, and grant access according to define roles.

3. Implements and administers tools and systems to support the University’s information security program.

4. Conducts periodic vulnerability scans on servers connected to Missouri State University networks.

5. Identifies potential areas of information security compliance vulnerability and risk, develops and implements corrective action plans for resolution of problematic issues, and provides general guidance on how to avoid or deal with similar situations in the future.

6. Develops and periodically reviews and updates information security policies, procedures, and associated documentation to ensure continuing currency and relevance in providing guidance to management and employees regarding regulatory compliance.

7. Collaborates with other departments (e.g. Internal Audit, General Counsel, Human Resources, etc.) to direct information security compliance issues to appropriate existing channels for investigation and resolution.

8. Conducts risk assessments for new and existing electronic information systems and remains familiar with the University’s goals and business processes so effective controls can be put in place for those areas presenting the greatest risk.

9. Acts as an independent reviewer and evaluator to ensure that compliance issues and concerns within the institution are being appropriately evaluated, investigated, and resolved.

10. Communicates the results of risk assessments to stakeholders in non-technical terms so effective decisions can be made to ensure the safety and security of data subject to government regulation.

11. Ensures that the University’s information security policies and procedures are followed to secure information at rest or in motion with the Missouri State University system.

12. Executes responsibilities outlined in the Information Security Incident Response Plan to appropriately contain, investigate, remediate, and report information security incidents.

13. Participates in the development and implementation of an effective information security training program, including appropriate introductory training for new employees as well as ongoing training for employees and managers.

14. Contributes to the development of policies and procedures by serving on appropriate committees and supporting the mission of the department.

15. Participates in task forces and project teams in advanced systems software and hardware project efforts.

16. Contributes to a work environment that encourages knowledge of, respect for, and development of skills to engage with those of other cultures or backgrounds.

17. Remains competent and current through self-directed professional reading, developing professional relationships with colleagues, attending professional development courses, attending training, conferences, and/or courses as directed by the supervisor, and obtaining certifications relevant to job duties.

18. Contributes to the overall success of University by performing all other duties and responsibilities as assigned.

SUPERVISION

The Cybersecurity Analyst is supervised by the Senior Cybersecurity Analyst and may supervise graduate assistants and student workers.

OFFICE OF HUMAN RESOURCES

NOVEMBER 2022

Loading