Human Resources
Finance & Administration
decorative banner

Careers at Lehigh

Refine your search

Work Type



Information Security Risk Analyst

Apply now Job no: 502031
Work type: Exempt Staff Full-time
Location: Bethlehem
Categories: Information Technology

The Information Security Risk Analyst performs risk assessments of sensitive research data and systems, vendor security reviews, maintaining an inventory of all systems involving the storage of sensitive data or involving critical systems, documenting and maintaining a “risk register” and conducting campus IT risk assessments and documenting risk exceptions. The incumbent maintains information allowing the CISO to apprise the University of the current risk assessments and make recommendations for mitigation. The Lehigh community takes seriously our commitment to antiracism and The Principles of our Equitable Community.

1. Risk Assessment - 50%
*Develops and implements schedule of risk assessments to meet compliance and legal obligations
*Ensures that the information security environment is well coordinated throughout the University
*Creates and implements procedures to assist departments with conducting risk assessments
*Recommends control baselines and risk assessment procedures
*Collaborates on recommendations and consultation on security systems, tools, and procedures to meet defined security requirements and goals

2. Vendor Security Reviews - 25%
*Responsible for evaluating legal, regulatory and contractual information security compliance requirements for new and existing vendors
*Performs risk assessments on new and high-risk vendors to collect relevant information and to access risk profile on Lehigh’s vendor partners

3. Training and System Maintenance 25%
*Contributes to the information security training and awareness program by ensuring staff and faculty complete programs required by regulation or University policy
*Develops of procedures to implement information security measures as part of University procurement processes
*Implements internal systems, software and documentation to support operation of the Office of Information Security
*Primarily responsible for configuration and maintenance of the GRC system
*Collects and contributes to operational and management metrics required to support the University’s security objectives

Grade: 10-40

Position Number: S97800

Special Considerations

The duties of this position may allow the employee to work partially remote as deemed appropriate by their supervisor 


Bachelor's Degree in Computer Science or the equivalent combination of education and experience

Two years experience in Risk Management, Information Technology or Information Security

Strong interpersonal, writing, presentation and facilitation skills

Ability to create successful working relationships with a variety of team members and stakeholders

Experience documenting policies, practices and procedures

Experience performing and documenting risk assessments

Experience working inside and outside the IT organization to facilitate risk assessments, risk evaluation, risk exceptions and reporting

Familiarity with a broad range of technologies such as networks, servers, file storage, web application architecture, desktop support, application software and printing in a complex university or organizational setting

Familiarity with different system platforms including web applications, web services, UNIX and Windows

Flexible and responsive, with the ability to juggle competing responsibilities 

Successful completion of standard background checks including but not limited to: social security verification, education verification, national criminal background checks, motor vehicle checks, PATCH, FBI fingerprinting, Child Abuse Clearance and credit history based upon the requirements of the position

All Lehigh faculty and staff are required to be fully vaccinated and receive a booster shot six months after their second vaccine; unless they receive an approved medical or religious exemption from the requirement.

Only complete applications will be considered therefore please complete the application in its entirety.  Once the posting is removed from the website applications may no longer be allowed to be completed.

Advertised: Eastern Standard Time
Applications close:

Back to search results Apply now Refer a friend