POSITION IDENTIFICATION
TITLE Senior Cybersecurity Analyst
CLASSIFICATION NUMBER 5184
GRADE 36
CLASSIFICATION Exempt
IMMEDIATE SUPERVISOR Director, Cybersecurity and Enterprise Systems
GENERAL FUNCTION
The Senior Cybersecurity Analyst guides the Cybersecurity Analysts and Cybersecurity Specialist, serving as project leader ensuring that all information security-related regulations and policies are properly implemented, providing technical assistance to University units in that implementation, and ensuring that information security training and awareness material is current and available. The Senior Cybersecurity Analyst assists the Director, Cybersecurity and Enterprise Systems in planning, personnel selection, and personnel training.
MINIMUM ACCEPTABLE QUALIFICATIONS
Education: A Bachelor’s degree or an equivalent combination of education and the specified experience as outlined below and in the Job Family 3 Knowledge Equivalencies Chart is required. A Bachelor’s degree in a computer-related field is preferred.
Experience: Four years of information technology experience with demonstrated expertise in personal computers and operating systems, server operating systems, network protocols, and enterprise architecture is required. Two years of experience in a position requiring familiarity with regulatory compliance practices in a setting such as, but not limited to, healthcare, operational, financial, quality assurance, or human resources is required. Experience in project management is preferred. Supervisory experience is preferred. Experience in a university setting is preferred.
Skills: Excellent technical aptitude is required. A basic understanding of file server administration, application software, and computer-related diagnostic techniques is required. The ability to maintain confidentiality in regard to information processed, stored, or accessed by the systems is required. The ability to perform in a problem-solving capacity including the evaluation of crisis and emergency situations is required. The ability to organize and manage efficiently is required. Excellent verbal, presentation, and written communication skills are required. Effective interpersonal, customer service, organizational, project management, and team-building skills are required. Strong technical skills and current technical knowledge are required. The ability to work effectively with a variety of constituencies possessing a wide range of technical knowledge is required. The ability to develop knowledge of, respect for, and skills to engage with those of other cultures or backgrounds is required.
Other: Information technology professional certifications, especially professional information security certifications, such as Certified Information Systems Security Professional (CISSP), Global Information Assurance Certification (GIAC), Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), etc., are preferred. The nature of this position requires the incumbent to be available evenings, nights, and weekends to respond to concerns regarding security of the University’s information resources.
DUTIES AND RESPONSIBILITIES
1. Assists the Director, Cybersecurity and Enterprise Systems in creating short-term and long-term cybersecurity and regulatory compliance strategies.
2. Supervises and coordinates the activities of Cybersecurity Analysts and Cybersecurity Specialists.
3. Assures regulatory compliance related to electronic information in areas such as Health Insurance Portability and Accountability Act (HIPAA), Family Educational Rights and Privacy Act (FERPA), and Gramm-Leach-Bliley (GLB) and works with the HIPAA Unit Security Officers to ensure full compliance in securing electronic Protected Health Information (ePHI).
4. Leads the implementation and administration of tools and systems to support the University’s information security program.
5. Leads a vulnerability management program to ensure the security of servers connected to Missouri State University networks.
6. Identifies potential areas of information security compliance vulnerability and risk, develops and implements corrective action plans for resolution of problematic issues, and provides general guidance on how to avoid or deal with similar situations in the future.
7. Develops and periodically reviews and updates information security policies, procedures, and associated documentation to ensure continuing currency and relevance in providing guidance to management and employees regarding regulatory compliance.
8. Collaborates with other departments (e.g. Internal Audit, General Counsel, Human Resources, etc.) to direct information security compliance issues to appropriate existing channels for investigation and resolution.
9. Leads a risk assessment program for new and existing electronic information systems and remains familiar with the University’s goals and business processes so effective controls can be put in place for those areas presenting the greatest risk.
10. Provides reports on a regular basis, and as directed or requested, to keep senior management informed of the operation and progress of compliance efforts.
11. Acts as an independent reviewer and evaluator to ensure that compliance issues and concerns within the institution are being appropriately evaluated, investigated, and resolved.
12. Communicates the results of risk assessments to stakeholders in non-technical terms so effective decisions can be made to ensure the safety and security of data subject to government regulation.
13. Ensures that the University’s information security policies and procedures are followed to secure information at rest or in motion with the Missouri State University system.
14. Executes responsibilities outlined in the Information Security Incident Response Plan to appropriately contain, investigate, remediate, and report information security incidents.
15. Works with the Director, Cybersecurity and Enterprise Systems and others as appropriate to develop an effective information security training program, including appropriate introductory training for new employees as well as ongoing training for employees and managers.
16. Contributes to the development of policies and procedures by serving on appropriate committees and supporting the mission of the department.
17. Participates in task forces and project teams in advanced systems software and hardware project efforts.
18. Contributes to a work environment that encourages knowledge of, respect for, and development of skills to engage with those of other cultures or backgrounds.
19. Remains competent and current through self-directed professional reading, developing professional relationships with colleagues, attending professional development courses, attending training, conferences, and/or courses as directed by the supervisor, and obtaining certifications relevant to job duties.
20. Contributes to the overall success of University by performing all other duties and responsibilities as assigned.
SUPERVISION
The Senior Cybersecurity Analyst is supervised by the Director, Cybersecurity and Enterprise Systems, supervises Cybersecurity Analysts and Cybersecurity Specialists and may supervise graduate assistants and student workers.
OFFICE OF HUMAN RESOURCES
MARCH 2021
