Job Description :
Security Analyst

Location: South Orange
Categories: Administrator

The Security Analyst is a focal point for all IT security related matters. The SA is responsible for reviewing and analyzing the University’s technology security posture, both technically and procedural, then make recommendations on security solutions to ensure the University remains secure and re-mediates any weaknesses. Additionally, the SA will assist in the creation and modification of security or compliance related policies and procedures. The SA is also responsible for reporting on the status of SHU’s security posture and risk assessment and assisting in making the SHU community more security aware.

Duties and Responsibilities:

Technology Security Threat Assessment and Monitoring - The Security Analyst will use various tools to assess the security status of the University’s end points, data center, network, firewalls and other security components to ensure they are secure and meet the University management’s service and operational level objectives. The SA will also establish baselines for security performance and monitor all security systems against those baselines. Based on these tools, the SA will make strategic, tactical and operation recommendations to reduce the risk to SHU assets.
Technology Security and Compliance Posture Reporting - The Security Analyst will report to SHU IT Management on the status of SHU’s security and compliance posture. This will include maintaining the IT Risk Registry, various security dashboards and providing reports on vulnerability analysis, attempted incident reports, security metrics, etc. Additionally, the SA will review SHU’s level of compliance with FERPA, PCI and other regulatory policies as necessary.
Technology Security, Risk and Compliance Policy and Procedure Documentation - The Security Analyst will create new policies or modify and amend existing policies as directed by SHU IT management or as required by regulatory compliance such as PCI. The SA will also create or modify procedures for security operations, compliance enforcement and continual security improvement within the IT Service Management (ITSM) governance framework. The SA will monitor SHU''s compliance with policies and procedures to reduce and mitigate risk to SHU assets and reputation.
Technology Security and Risk Awareness - Working with the Director of ITSM, Compliance and Governance, along with the Web Development Team and Director of Digital Media, the Security Analyst will assist in developing, maintaining and conducting an ongoing security awareness program. This may include print, electronic and video messages to the Seton Hall community regarding cyber security, institutional technical security and personal identity security. The awareness campaigns will be a regular ongoing program as well for specific calendar events such as Cyber Security Month and when there is a specific incident or threat to the SHU environment.
Technology Incident Response - The Security Analyst is focul point of the incident response team that will be respond to a security incident. The team will follow the documented procedures from IT Security Incident Response Plan, the PCI DSS Incident Response plan or other appropriate procedures, such Spam or Virus. The SA will be the key point of contact during an incident and will be responsible for communication with IT and SHU management, Public Safety, third party vendors, insurance agencies and regulatory agencies. Upon resolution of any incident, the SA will document the incident, remediation and lessons learned and the update appropriate policies and procedures. The SA is also responsible for performing a forensics analysis following a security incident.
Third Party Compliance and Security Review - The Security Analyst will review documentation such as SSAE 16 or SOC II Reports, along with vendor contracts to ensure that the vendors use best practice and acceptable security measures. The SA will review these prior to contract signing and then periodically based on either compliance requirements or date of expiration. The SA will also provide a report on the analysis of each including a risk analysis of each vendor and vendor''s architecture.
Required Qualifications:

Log Management (SEIM); Intrusion Prevention and/or Detection (IPS/IDS); Vulnerability scanning; Data Loss Prevention (DLP); Splunk; Qaulys; Carbon Black; End Point Protection (McAfee)
Bachelor''s Degree; please note, 5+ years of experience in IT Security and/or CISSP certification can be substituted for a Bachelor''s Degree.
3-5 years work-related experience
Desired Qualifications:

PCI-DSS; FERPA; NIST 800 -171
Licenses and Certificates:

Security + or other security related certification
Exempt/Non-Exempt:

Exempt
Salary Grade:

Administrative - AD190
Physical Demands:

General Office Environment
Special Instructions to Applicants:

The person in this position is required to perform his or her duties at all Seton Hall University locations and facilities, as assigned.