The Information Security Risk Analyst performs risk assessments of sensitive research data and systems, vendor security reviews, maintaining an inventory of all systems involving the storage of sensitive data or involving critical systems, documenting and maintaining a “risk register” and conducting campus IT risk assessments and documenting risk exceptions. The incumbent maintains information allowing the CISO to apprise the University of the current risk assessments and make recommendations for mitigation. The Lehigh community takes seriously our commitment to antiracism and The Principles of our Equitable Community.
1. Risk Assessment - 50%
*Develops and implements schedule of risk assessments to meet compliance and legal obligations
*Ensures that the information security environment is well coordinated throughout the University
*Creates and implements procedures to assist departments with conducting risk assessments
*Recommends control baselines and risk assessment procedures
*Collaborates on recommendations and consultation on security systems, tools, and procedures to meet defined security requirements and goals
2. Vendor Security Reviews - 25%
*Responsible for evaluating legal, regulatory and contractual information security compliance requirements for new and existing vendors
*Performs risk assessments on new and high-risk vendors to collect relevant information and to access risk profile on Lehigh’s vendor partners
3. Training and System Maintenance 25%
*Contributes to the information security training and awareness program by ensuring staff and faculty complete programs required by regulation or University policy
*Develops of procedures to implement information security measures as part of University procurement processes
*Implements internal systems, software and documentation to support operation of the Office of Information Security
*Primarily responsible for configuration and maintenance of the GRC system
*Collects and contributes to operational and management metrics required to support the University’s security objectives
Grade: 10-40
Position Number: S97800
Special Considerations
The duties of this position may allow the employee to work partially remote as deemed appropriate by their supervisor
Qualifications
Bachelor's Degree in Computer Science or the equivalent combination of education and experience
Two years experience in Risk Management, Information Technology or Information Security
Strong interpersonal, writing, presentation and facilitation skills
Ability to create successful working relationships with a variety of team members and stakeholders
Experience documenting policies, practices and procedures
Experience performing and documenting risk assessments
Experience working inside and outside the IT organization to facilitate risk assessments, risk evaluation, risk exceptions and reporting
Familiarity with a broad range of technologies such as networks, servers, file storage, web application architecture, desktop support, application software and printing in a complex university or organizational setting
Familiarity with different system platforms including web applications, web services, UNIX and Windows
Flexible and responsive, with the ability to juggle competing responsibilities
Successful completion of standard background checks including but not limited to: social security verification, education verification, national criminal background checks, motor vehicle checks, PATCH, FBI fingerprinting, Child Abuse Clearance and credit history based upon the requirements of the position
All Lehigh faculty and staff are required to be fully vaccinated and receive a booster shot six months after their second vaccine; unless they receive an approved medical or religious exemption from the requirement.
Only complete applications will be considered therefore please complete the application in its entirety. Once the posting is removed from the website applications may no longer be allowed to be completed.
