Skip to Main Content
Community/Job Board/Job Board/Technical (Programmer, Developer, Analyst)/Information Security & Compliance Analyst

Information Security & Compliance Analyst

Posted: August 13, 2020
Description
Skills
Education
Company Description

Work closely with the VP for IT/CIO, the Senior Director, Enterprise IT Architecture and Security and other ITS Staff to develop, implement and ensure compliance with University-level, information security and data privacy policy. Apply expert knowledge of professional concepts and industry practices to continuously evaluate aspects of the University’s security/privacy program and suggest improvements to data management workflows, documentation processes, and data/privacy policies to ensure compliance with University policy and relevant regulatory requirements related to the security and privacy of University data assets. Collaborate extensively with IT staff and University data managers to define, build and implement appropriate training and awareness programs. Develop and maintain third-party risk management program for University IT-related contracts to ensure University data assets are properly monitored and accounted for during contract reviews and renewals.

SPECIFIC RESPONSIBILITIES

Monitor and advise on information security/privacy issues related to information assets, data systems, information workflows and business processes to ensure administrative security/privacy controls for the University are appropriate and operating as intended; and to identify and mitigate security and privacy risks.
Stay abreast of external regulations, data security/privacy standards, and relevant data/breach notification laws applicable to higher education; assess potential risks; translate appropriate information security and data privacy requirements into coherent University policy and data management processes.
Develop and revise University policies and procedures related to data security, privacy and management.
Work with data owners on revised process improvements; participate in incident response activities as required.
Review all 3rd party vendor services/contracts (applications, hosting, systems, etc.) that involve the collection, processing, transmission, or storage of Sensitive or Highly Sensitive data as defined by the University’s Data Classification standards; develop and implement an ongoing contract monitoring process / risk assessment; develop and keep current, core contract language that should be included as terms/definitions in relevant contracts.
Monitor, assess, and document the data-related components of the University’s business continuity and disaster recovery program; ensure external regulatory requirements, industry standards and functional business partners’ operational needs are appropriately represented.
Develop communications and information briefs that outline University impact of external regulations, data security/privacy standards, and relevant data/breach notification laws; develop and implement training and awareness programs to support University’s understanding and compliance; partner with other IT staff on phishing simulation campaigns and other CBT data security/privacy training.
Serve as staff support to the University’s Information Security/Privacy Council.
Participate in annual University audit and other data security/privacy reviews as needed.
Manage end user information security and data privacy training programs to include, but not limited to, in-person sessions, computer-based modules, and phishing simulations.
As appropriate, participate in external professional organizations that are relevant to the objectives of NYIT’s information security/privacy program such as EDUCAUSE, REN-ISAC, etc; provide reports and presentations on the status of security/privacy trends/technologies.
Stay abreast of latest security technologies; maintain a strong knowledge base of industry and technology trends that help the support the information security requirements of the University.
Foster a collaborative environment with team members internal to ITS as well as members of the entire NYIT  community
Serve on various NYIT committees and working groups as appropriate.
Other duties as needed and defined by the supervisor.

Demonstrated ability to ability to translate information security/privacy compliance requirements and University business needs into enterprise-wide data security/privacy standards and policy. Working knowledge of information security/privacy standards and best practices (e.g., NIST, SANS) as well as regulations related to information security and data confidentiality (e.g., NYS SHIELD Act, FERPA, HIPAA, PCI, GDPR, etc.). Experience reviewing and monitoring third-party vendor contracts for appropriate data security/privacy considerations preferred. Must possess a high degree of integrity relative to computer security and the confidentiality of information. The ability to see how various parts interact with the whole (big picture thinking) as well as engage with projects at the micro level when necessary. Exceptional verbal and written communications and consultative customer service skills.  This includes, but is not limited to: the ability to communicate effectively with people at varying levels of technical fluency – including the ability to explain complex technical issues in a way that non-technical people may understand; the ability to establish collaborative working relationships at all contact levels of the University; and the ability to effectively communicate progress/challenges to appropriate personnel. Demonstrated passion for problem solving; excellent project and portfolio management experience with the ability to work autonomously in a fast-paced environment with multiple priorities and deadlines. Team player with excellent consulting skills and a fun, but professional presence required. Knowledge of IT governance and operations. Ability to work nights and weekends on an as-needed basis

Bachelor's degree plus 4 years of relevant experience working in information technology, security, or risk management.  Comparable success and work experience may be considered in lieu of degree requirement. Experience in a higher education environment preferred. CISSP or equivalent certification is preferred. Please submit cover letter & resume for consideration New York Institute of Technology is an Equal Opportunity Employer – M/F/Veteran/Disability/Sexual Orientation/Gender Identity

New York Institute of Technology offers 90 undergraduate, graduate, and professional degree programs in more than 50 fields of study, including computer science, data, and cybersecurity; biology and biomedical studies; architecture and design; engineering; health professions and medicine; IT and digital technologies; management; communications and marketing; education and counseling; and energy and sustainability. A nonprofit, independent, private, and nonsectarian institute of higher education, it welcomes more than 9,000 students worldwide. The university has campuses in New York City and Long Island, New York; Jonesboro, Arkansas; and Vancouver, British Columbia, as well as programs around the world. New York Tech embraces its mission to provide career-oriented professional education, give all qualified students access to opportunity, and support research and scholarship that benefits the larger world. More than 100,000 alumni comprise an engaged network of doers, makers, and innovators prepared change the world, solve 21st-century challenges, and reinvent the future. For more information, visit nyit.edu.

Description

Work closely with the VP for IT/CIO, the Senior Director, Enterprise IT Architecture and Security and other ITS Staff to develop, implement and ensure compliance with University-level, information security and data privacy policy. Apply expert knowledge of professional concepts and industry practices to continuously evaluate aspects of the University’s security/privacy program and suggest improvements to data management workflows, documentation processes, and data/privacy policies to ensure compliance with University policy and relevant regulatory requirements related to the security and privacy of University data assets. Collaborate extensively with IT staff and University data managers to define, build and implement appropriate training and awareness programs. Develop and maintain third-party risk management program for University IT-related contracts to ensure University data assets are properly monitored and accounted for during contract reviews and renewals.

SPECIFIC RESPONSIBILITIES

Monitor and advise on information security/privacy issues related to information assets, data systems, information workflows and business processes to ensure administrative security/privacy controls for the University are appropriate and operating as intended; and to identify and mitigate security and privacy risks.
Stay abreast of external regulations, data security/privacy standards, and relevant data/breach notification laws applicable to higher education; assess potential risks; translate appropriate information security and data privacy requirements into coherent University policy and data management processes.
Develop and revise University policies and procedures related to data security, privacy and management.
Work with data owners on revised process improvements; participate in incident response activities as required.
Review all 3rd party vendor services/contracts (applications, hosting, systems, etc.) that involve the collection, processing, transmission, or storage of Sensitive or Highly Sensitive data as defined by the University’s Data Classification standards; develop and implement an ongoing contract monitoring process / risk assessment; develop and keep current, core contract language that should be included as terms/definitions in relevant contracts.
Monitor, assess, and document the data-related components of the University’s business continuity and disaster recovery program; ensure external regulatory requirements, industry standards and functional business partners’ operational needs are appropriately represented.
Develop communications and information briefs that outline University impact of external regulations, data security/privacy standards, and relevant data/breach notification laws; develop and implement training and awareness programs to support University’s understanding and compliance; partner with other IT staff on phishing simulation campaigns and other CBT data security/privacy training.
Serve as staff support to the University’s Information Security/Privacy Council.
Participate in annual University audit and other data security/privacy reviews as needed.
Manage end user information security and data privacy training programs to include, but not limited to, in-person sessions, computer-based modules, and phishing simulations.
As appropriate, participate in external professional organizations that are relevant to the objectives of NYIT’s information security/privacy program such as EDUCAUSE, REN-ISAC, etc; provide reports and presentations on the status of security/privacy trends/technologies.
Stay abreast of latest security technologies; maintain a strong knowledge base of industry and technology trends that help the support the information security requirements of the University.
Foster a collaborative environment with team members internal to ITS as well as members of the entire NYIT  community
Serve on various NYIT committees and working groups as appropriate.
Other duties as needed and defined by the supervisor.

Skills

Demonstrated ability to ability to translate information security/privacy compliance requirements and University business needs into enterprise-wide data security/privacy standards and policy. Working knowledge of information security/privacy standards and best practices (e.g., NIST, SANS) as well as regulations related to information security and data confidentiality (e.g., NYS SHIELD Act, FERPA, HIPAA, PCI, GDPR, etc.). Experience reviewing and monitoring third-party vendor contracts for appropriate data security/privacy considerations preferred. Must possess a high degree of integrity relative to computer security and the confidentiality of information. The ability to see how various parts interact with the whole (big picture thinking) as well as engage with projects at the micro level when necessary. Exceptional verbal and written communications and consultative customer service skills.  This includes, but is not limited to: the ability to communicate effectively with people at varying levels of technical fluency – including the ability to explain complex technical issues in a way that non-technical people may understand; the ability to establish collaborative working relationships at all contact levels of the University; and the ability to effectively communicate progress/challenges to appropriate personnel. Demonstrated passion for problem solving; excellent project and portfolio management experience with the ability to work autonomously in a fast-paced environment with multiple priorities and deadlines. Team player with excellent consulting skills and a fun, but professional presence required. Knowledge of IT governance and operations. Ability to work nights and weekends on an as-needed basis

Education

Bachelor's degree plus 4 years of relevant experience working in information technology, security, or risk management.  Comparable success and work experience may be considered in lieu of degree requirement. Experience in a higher education environment preferred. CISSP or equivalent certification is preferred. Please submit cover letter & resume for consideration New York Institute of Technology is an Equal Opportunity Employer – M/F/Veteran/Disability/Sexual Orientation/Gender Identity

Company Description

New York Institute of Technology offers 90 undergraduate, graduate, and professional degree programs in more than 50 fields of study, including computer science, data, and cybersecurity; biology and biomedical studies; architecture and design; engineering; health professions and medicine; IT and digital technologies; management; communications and marketing; education and counseling; and energy and sustainability. A nonprofit, independent, private, and nonsectarian institute of higher education, it welcomes more than 9,000 students worldwide. The university has campuses in New York City and Long Island, New York; Jonesboro, Arkansas; and Vancouver, British Columbia, as well as programs around the world. New York Tech embraces its mission to provide career-oriented professional education, give all qualified students access to opportunity, and support research and scholarship that benefits the larger world. More than 100,000 alumni comprise an engaged network of doers, makers, and innovators prepared change the world, solve 21st-century challenges, and reinvent the future. For more information, visit nyit.edu.

Position Overview

Company

New York Institute of Technology

Location

Old Westbury, NY

Job Type

Full time

Apply Now

Position Details

Description

Work closely with the VP for IT/CIO, the Senior Director, Enterprise IT Architecture and Security and other ITS Staff to develop, implement and ensure compliance with University-level, information security and data privacy policy. Apply expert knowledge of professional concepts and industry practices to continuously evaluate aspects of the University’s security/privacy program and suggest improvements to data management workflows, documentation processes, and data/privacy policies to ensure compliance with University policy and relevant regulatory requirements related to the security and privacy of University data assets. Collaborate extensively with IT staff and University data managers to define, build and implement appropriate training and awareness programs. Develop and maintain third-party risk management program for University IT-related contracts to ensure University data assets are properly monitored and accounted for during contract reviews and renewals.

SPECIFIC RESPONSIBILITIES

Monitor and advise on information security/privacy issues related to information assets, data systems, information workflows and business processes to ensure administrative security/privacy controls for the University are appropriate and operating as intended; and to identify and mitigate security and privacy risks.
Stay abreast of external regulations, data security/privacy standards, and relevant data/breach notification laws applicable to higher education; assess potential risks; translate appropriate information security and data privacy requirements into coherent University policy and data management processes.
Develop and revise University policies and procedures related to data security, privacy and management.
Work with data owners on revised process improvements; participate in incident response activities as required.
Review all 3rd party vendor services/contracts (applications, hosting, systems, etc.) that involve the collection, processing, transmission, or storage of Sensitive or Highly Sensitive data as defined by the University’s Data Classification standards; develop and implement an ongoing contract monitoring process / risk assessment; develop and keep current, core contract language that should be included as terms/definitions in relevant contracts.
Monitor, assess, and document the data-related components of the University’s business continuity and disaster recovery program; ensure external regulatory requirements, industry standards and functional business partners’ operational needs are appropriately represented.
Develop communications and information briefs that outline University impact of external regulations, data security/privacy standards, and relevant data/breach notification laws; develop and implement training and awareness programs to support University’s understanding and compliance; partner with other IT staff on phishing simulation campaigns and other CBT data security/privacy training.
Serve as staff support to the University’s Information Security/Privacy Council.
Participate in annual University audit and other data security/privacy reviews as needed.
Manage end user information security and data privacy training programs to include, but not limited to, in-person sessions, computer-based modules, and phishing simulations.
As appropriate, participate in external professional organizations that are relevant to the objectives of NYIT’s information security/privacy program such as EDUCAUSE, REN-ISAC, etc; provide reports and presentations on the status of security/privacy trends/technologies.
Stay abreast of latest security technologies; maintain a strong knowledge base of industry and technology trends that help the support the information security requirements of the University.
Foster a collaborative environment with team members internal to ITS as well as members of the entire NYIT  community
Serve on various NYIT committees and working groups as appropriate.
Other duties as needed and defined by the supervisor.

Skills and Experience

Demonstrated ability to ability to translate information security/privacy compliance requirements and University business needs into enterprise-wide data security/privacy standards and policy. Working knowledge of information security/privacy standards and best practices (e.g., NIST, SANS) as well as regulations related to information security and data confidentiality (e.g., NYS SHIELD Act, FERPA, HIPAA, PCI, GDPR, etc.). Experience reviewing and monitoring third-party vendor contracts for appropriate data security/privacy considerations preferred. Must possess a high degree of integrity relative to computer security and the confidentiality of information. The ability to see how various parts interact with the whole (big picture thinking) as well as engage with projects at the micro level when necessary. Exceptional verbal and written communications and consultative customer service skills.  This includes, but is not limited to: the ability to communicate effectively with people at varying levels of technical fluency – including the ability to explain complex technical issues in a way that non-technical people may understand; the ability to establish collaborative working relationships at all contact levels of the University; and the ability to effectively communicate progress/challenges to appropriate personnel. Demonstrated passion for problem solving; excellent project and portfolio management experience with the ability to work autonomously in a fast-paced environment with multiple priorities and deadlines. Team player with excellent consulting skills and a fun, but professional presence required. Knowledge of IT governance and operations. Ability to work nights and weekends on an as-needed basis

Education

Bachelor's degree plus 4 years of relevant experience working in information technology, security, or risk management.  Comparable success and work experience may be considered in lieu of degree requirement. Experience in a higher education environment preferred. CISSP or equivalent certification is preferred. Please submit cover letter & resume for consideration New York Institute of Technology is an Equal Opportunity Employer – M/F/Veteran/Disability/Sexual Orientation/Gender Identity

Company Description

New York Institute of Technology offers 90 undergraduate, graduate, and professional degree programs in more than 50 fields of study, including computer science, data, and cybersecurity; biology and biomedical studies; architecture and design; engineering; health professions and medicine; IT and digital technologies; management; communications and marketing; education and counseling; and energy and sustainability. A nonprofit, independent, private, and nonsectarian institute of higher education, it welcomes more than 9,000 students worldwide. The university has campuses in New York City and Long Island, New York; Jonesboro, Arkansas; and Vancouver, British Columbia, as well as programs around the world. New York Tech embraces its mission to provide career-oriented professional education, give all qualified students access to opportunity, and support research and scholarship that benefits the larger world. More than 100,000 alumni comprise an engaged network of doers, makers, and innovators prepared change the world, solve 21st-century challenges, and reinvent the future. For more information, visit nyit.edu.

Become a Member

Complete the application for Institution Membership to start using NERCOMP member benefits now!

Get Started