TITLE Information Security Analyst
CLASSIFICATION NUMBER 5181
IMMEDIATE SUPERVISOR Information Security Officer (ISO)
MAJOR ADMINISTRATOR Chief Information Officer (CIO)
The Information Security Analyst reviews and evaluates information security compliance issues/concerns within the Missouri State University system, ensures that the University is in compliance with the information security rules and regulations of regulatory agencies, and that University practices meet the standards set by the University in relation to state and federal compliance issues. Under the direction of the Information Security Officer, the Information Security Analyst ensures that all information security-related regulations are properly implemented, provides technical assistance to University units in that implementation, and participates in security awareness activities by speaking to groups and producing awareness materials.
MINIMUM ACCEPTABLE QUALIFICATIONS
Education: A Bachelor’s degree or an equivalent combination of education and experience is required; a Bachelor’s degree in a computer-related field is preferred.
Experience: Three years of information technology experience with demonstrated expertise in personal computers and operating systems, server operating systems, and network protocols and enterprise architecture is required. Two years of experience in a position requiring familiarity with regulatory compliance practices in a setting such as, but not limited to, healthcare, operational, financial, quality assurance, or human resources is required. Experience in project management is preferred. Experience in a university setting is preferred.
Skills: Excellent technical aptitude in the areas of microcomputers and networking technologies is required. A basic understanding of file server administration, application software, and computer-related diagnostic techniques is required. The ability to maintain confidentiality in regard to information processed, stored, or accessed by the systems is required. The ability to perform in a problem-solving capacity including the evaluation of crisis and emergency situations is required. The ability to organize and manage efficiently is required. Excellent verbal, presentation, and written communication skills are required. Effective interpersonal, customer service, organizational, project management, and team-building skills are required. Strong technical skills and current technical knowledge are required. The ability to work effectively with a variety of constituencies possessing a wide range of technical knowledge is required. The ability to develop knowledge of, respect for, and skills to engage with those of other cultures or backgrounds is required.
Other: Information technology management professional demonstrated competency certifications, especially professional information security certifications (CISSP, GIAC, CISA, CISM, etc.), are preferred. The nature of this position requires the incumbent to be available evenings, nights, and weekends to respond to concerns regarding security of the University’s information resources.
ESSENTIAL DUTIES AND RESONSIBLITIES
1. Assists the Information Security Officer in creating short-term and long-term information security and regulatory compliance strategies.
2. Assures regulatory compliance related to electronic information in areas such as Health Insurance Portability and Accountability Act (HIPAA), Family Educational Rights and Privacy Act (FERPA), and Gramm-Leach-Bliley (GLB), and works with the HIPAA Unit Security Officers to ensure full compliance in securing electronic Protected Health Information (ePHI).
3. Implements and administers tools and systems to support the University’s information security program.
4. Identifies potential areas of information security compliance vulnerability and risk, develops/implements corrective action plans for resolution of problematic issues, and provides general guidance on how to avoid or deal with similar situations in the future.
5. Develops and periodically reviews and updates information security policies, procedures, and associated documentation to ensure continuing currency and relevance in providing guidance to management and employees regarding regulatory compliance.
6. Collaborates with other departments (e.g. Internal Audit, General Counsel, Human Resources, etc.) to direct information security compliance issues to appropriate existing channels for investigation and resolution.
7. Conducts risk assessments for all new and existing electronic information systems and remains familiar with the University’s goals and business processes so effective controls can be put in place for those areas presenting the greatest risk.
8. Provides reports on a regular basis, and as directed or requested, to keep the Chief Information Officer and senior management informed of the operation and progress of compliance efforts.
9. Acts as an independent reviewer and evaluator to ensure that compliance issues/concerns within the institution are being appropriately evaluated, investigated, and resolved.
10. Communicates the results of risk assessments to stakeholders in non-technical terms so effective decisions can be made to ensure the safety and security of data subject to government regulation.
11. Ensures that the University’s information security policies and procedures are followed to secure information at rest or in motion within the Missouri State University system.
12. Executes responsibilities outlined in the Information Security Incident Response Plan to appropriately contain, investigate, remediate, and report information security incidents.
13. Works with the Information Security Officer and others as appropriate to develop an effective information security training program, including appropriate introductory training for new employees as well as ongoing training for employees and managers.
14. Contributes to the development of policies and procedures by serving on appropriate committees and supporting the mission of the department.
15. Represents the Information Security Office on task forces and project teams in advanced systems software and hardware project efforts.
16. Contributes to a work environment that encourages knowledge of, respect for, and development of skills to engage with those of other cultures or backgrounds.
17. Remains competent and current through self-directed professional reading, developing professional contacts with colleagues, attending professional development courses, attending training, conferences, and/or courses as directed by the supervisor, and obtaining certifications relevant to job duties.
18. Contributes to the overall success of the University by performing all other duties and responsibilities as assigned.
The Information Security Analyst is supervised by the Information Security Officer, supervises the tasks and projects of Information Security Specialists as assigned, and may supervise graduate assistants and student workers.
OFFICE OF HUMAN RESOURCES
REVISED AUGUST 2017
JOB FAMILY 3
Factor 1: Educational/Experience Requirements of the Job
Level 10 - 1970 Points: A combination of education and experience equivalent to a Level 10 as indicated by the Equivalencies Chart, when permitted by the Minimum Acceptable Qualifications.
Factor 2: Supervisory Responsibility
Level 1 - 299 Points: Little or no supervisory responsibility for the work of others.
Factor 3: Skill, Complexity, and Technical Mastery
Level 7 - 2200 Points: Professional knowledge of the principles, concepts, and specialized complicated techniques of a profession. Knowledge of a wide range of information technology methods and procedures and specialized knowledge in one or more specific functions. Knowledge permits the incumbent to provide authoritative advice on difficult assignments such as planning advanced systems. Skill in applying knowledge through analyzing, designing, organizing, and developing major programs, systems, and networks.
Factor 4: Budgetary Control
Level 1 - 193 Points: Jobs at this level involve no budgetary control except for the normal responsibilities associated with monitoring and reporting everyday expenses.
Factor 5: Work Environment and Physical Demands
Level 1 - 25 Points: The work environment has only everyday discomforts associated with an office or commercial vehicle. The work area is adequately lighted, heated or cooled, and ventilated. Work is largely sedentary involving mostly sitting with occasional walking, standing, bending, or carrying of small items. No special physical demands are required of the work.
Factor 6: Work Impact and Effect
Level 5 - 3780 Points: Work products or services directly impact the entire university system and the well-being of large numbers of individuals. Typically the work is complex and may involve addressing conventional problems or situations with established methods or resolving critical problems or developing new processes or models to address specific problems. Improperly performed work and/or equipment or software failures produce errors and delays that affect the operations and/or reputations of the entire University. Improperly performed work and/or equipment or software failures may be remedied in the short to medium term, but at very substantial cost of time and resources. The scope of improperly performed work and/or equipment or software failure is system-wide and the nature of the activity requires that emergency repairs be performed.