UMass Amherst, the Commonwealth's flagship campus, is a nationally ranked public research university offering a full range of undergraduate, graduate and professional degrees. The University sits on nearly 1,450-acres in the scenic Pioneer Valley of Western Massachusetts, and offers a rich cultural environment in a bucolic setting close to major urban centers. In addition, the University is part of the Five Colleges (including Amherst College, Hampshire College, Mount Holyoke College, and Smith College), which adds to the intellectual energy of the region.
The Research Data Risk and Compliance Analyst, dually reporting to the Assistant Vice Chancellor for Research & Engagement (Research Compliance) and the Chief Information Security Officer, is a lead analyst with an emphasis on: risk and compliance management for research data; policy, procedure, standard and guideline development; and security training and awareness, as these categories relate to information assets and research data. This position assists in building and managing an effective, comprehensive security program that reduces the risk to research data and information assets, and supports compliance with legal and business requirements in support of the University's research mission.
* Risk and Compliance Management: * Perform information risk and compliance assessments as needed for the campus, with a focus on research activities. * Analyze data use agreements (DUAs) and technology control plans (TCPs); adapt current technology offerings to meet DUA/TCP requirements. * Manage the remediation activities from assessments, audit findings and compliance related issues. * Collect compliance and evidentiary reports and review for accuracy and completeness. * Conduct security audits, review security risk assessments, and make recommendations for security improvements in existing application, network, technology, and processes, or to achieve compliance with applicable regulations relating to research data and information. * With other relevant campus parties, coordinate external audit activities (SSAE18 SOC1/SOC2, SOX, and vulnerability/penetration testing) including authoring control narratives, test procedures, and testing/validation of controls. * Lead Information Risk and Compliance projects by coordinating activities and timetables with business units and researchers. * Maintain the schedule of activities required for compliance in various areas of the campus, and assist in the completion of these activities. * Evaluate existing controls from a risk and compliance perspective, and propose changes or additional controls as appropriate.
* Policy, Procedure, Standard, and Guideline development * Support, implement, maintain, and keep current information security policies, standards, and procedures. * Perform gap analysis on existing policies and procedures relating to information security, acceptable use, security development standards, and other applicable areas based on risks, current threats, and industry best practices. * Propose additional policies, or changes to existing policies, based on identified gaps.
* Security Awareness and Training * Curate, develop, review, and administer information security awareness and training material for compliance obligations for the campus.
* Bachelor's degree with 5 years assessment experience to include experience in Information Security or Audit, and Information Security Risk or Compliance Assessment OR an equivalent combination of Education and Training totaling 4 years with an additional 7 years of experience in Information Security and Information Security Assessment. * Valid driver's license required upon hire.
* Bachelor's degree (in IT Related, Assessment, or Analysis Field preferred) OR an equivalent combination of Education and Training totaling 4 years (in IT related, Assessment, or Analysis field preferred) * Experience in higher education/research environment. * Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), GIAC Systems and Network Auditor (GSNA), or a related information security or information security assessment certification.
* M-F, 8:30 - 5:00. * Required to be available nights. * Required to be available weekends
Professional Staff salary Administration-Program Position Level 30
PSU Salary Schedule
Special Instructions to Applicants
Review of applications will begin on August 7, 2019 and continue until the position is filled. Required application materials include a cover letter, resume, and the names and contact information for three professional references
UMass Amherst is committed to a policy of equal opportunity without regard to race, color, religion, gender, gender identity or expression, age, sexual orientation, national origin, ancestry, disability, military status, or genetic information in employment, admission to and participation in academic programs, activities, and services, and the selection of vendors who provide services or products to the University. To fulfill that policy, UMass Amherst is further committed to a program of affirmative action to eliminate or mitigate artificial barriers and to increase opportunities for the recruitment and advancement of qualified minorities, women, persons with disabilities, and covered veterans. It is the policy of the UMass Amherst to comply with the applicable federal and state statutes, rules, and regulations concerning equal opportunity and affirmative action.