UConn Careers

JOB SUMMARY

Under the general direction of the Chief Information Security Officer, the Information Security Policy, Compliance and Risk Analyst is responsible for the development and operation of UConn’s Information Security Governance, Risk and Compliance activities. The analyst develops policy recommendations, standards, risk assessments and technical solutions. This role will assess, develop and maintain a set of defined control standards designed to improve UConn’s information security posture through periodic assessments against the established standards and industry best practices. 
 
The Information Security Policy, Compliance and Risk Analyst is responsible for investigating a diverse range of policy, compliance and technical issues across multiple platforms, working with a wide range of clients whose technical skills range from minimal to extensive. The analyst works among a team of skilled information security and information technology professionals to assess and address problems within a complex network and cloud environment.  

The Information Security Analyst may specialize in a number of areas related to the continuous improvement of policy, compliance, monitoring, detection, and mitigation capabilities as part of the Information Security Office’s mission. Individual analyst will bring or develop expertise in one or more expertise areas including, but not limited to Policy, Compliance, Vulnerability Management, Application Security, Firewalls, VPN, and IDS/IPS, Security Architecture and other related Information Security disciplines.  The Analyst plans, organizes and establishes priorities related to an assignment; works independently with minimal outside support; and handles sensitive information in a confidential manner. 

DUTIES AND RESPONSIBILITIES

Information Security Analyst 2

• Build, deliver, and manage an effective risk management program based on industry standard risk management strategies and frameworks and participate in the development and maintenance of relevant IT policy. 
• Lead compliance initiatives such as establishing security standards; performing periodic benchmarking assessments against chosen security standards; implement industry best practices; testing of controls; and engaging in incident response activities as required. 
• Coordinate and participate in risk assessment activities and analyze the output of such activities. 
• Produce and communicate recommendations to remediate risk in line with business objectives, perform security assessments against systems and applications. 
• Act as a liaison with third parties who are performing security or risk assessments and drive remediation of issues identified by the assessments. 
• Research, evaluate and recommend information security related hardware and software and produce, maintain and update documentation. 
• Manage key security processes for ensuring the University’s compliance with industry regulations (e.g. NIST 800-171, CMMC 2.0, DFARS 252.204-70xx, HIPAA, CJIS, PCI-DSS) and maintain awareness of external regulations for new or changed requirements. 
• Serve as an operational member and technical compliance expert for the university’s Secure Research Infrastructure (SRI) program. 
• Draft and maintain systems security plans. Serve as subject matter expert regarding sufficiency of controls and conformance to documented SSP(s) to address regulatory or compliance framework requirements. 
• Use security tools (Firewall/VPN, Vulnerability Management, IDS/IPS, SIEM) in identifying and investigating threats to the environment, assessing compliance, and identifying risk reduction initiatives. 
• Administer security tools (such as Vulnerability Management, DLP, IDS/IPS, GRC, VRM, etc) to prevent threats and reduce risk in the environment.   
• Monitor Security Information and Event Management (SIEM) platform and other logging environments for security events and alerts to potential (or active) threats, intrusions and/or compromises.   
• Triage and respond to service requests from customers and internal teams. 
• Participate in incident response activities in the event of cyber security incidents.   
• Identify system security gaps, perform risk assessments, and recommend solutions to ensure the best practices and security measures are being met for university systems. 
• Promote security awareness providing direction, advice and insight in all areas of information security to faculty, staff, researchers and students of the university community. 
• Maintains awareness of potential and developing threats across applicable industries and disciplines. 
• Other duties as assigned. 

Additional Job Responsibilities for Information Security Analyst 3

• Design, implement, and maintain new security solutions.   
• Lead major projects / initiatives related to security.   
• Integrate security data for use between various applications, systems, and services. 
• Identify enterprise level security gaps, perform risk assessments, and recommend solutions to ensure best practices and security measures are being met across and between enterprise level systems. 
• Creates custom code, api/rest integrations, or other maintainable integrations to facilitate data gathering / sharing across applications and platforms. 
• Ability to operate autonomously and with limited supervision.   

MINIMUM QUALIFICATIONS FOR INFORMATION SECURITY ANALYST 2 

Note: Applicants must meet all minimum requirements of a specific level to be considered for the position. 

• Must be a US Citizen 
• Must be eligible to apply for a US Government security clearance. 
• Bachelor’s degree and two (2) years of related information security experience, OR 
• Associates degree and four (4) years of related information security experience, OR 
• Six (6) years of related information security experience and at least one (1) year of experience working in a dedicated information security role. 
• Demonstrable practical experience overseeing or participating in projects designed to improve institutional adherence to security policies or regulatory compliance. 
• Experience administering a information security tool / platform and interpreting or leveraging the capabilities of that platform. 
• Experience administering a data loss prevention system, governance, risk and compliance system, vulnerability management system, vendor risk management platform or similar enterprise level platform. 
• Knowledge of current security regulatory requirements including (but not limited to) HIPAA, CMMC 2.0, NIST 800-171, CJIS, and PCI-DSS security requirements. 
• Experience conducting security and risk assessments.  
• Experience crafting and implementing plans of action and milestones (POAMs) 
• Experience and competency in threat management and protection protocols. 
• Excellent communication skills and attention to detail and the demonstrated ability to successfully interface with administrators, technical and non-technical community members at all levels. 
• Demonstrated understanding of common security controls (e.g. Firewalls, IPS/IDS, Network Architecture, Vulnerability Scanners, SIEM/SIM). 
• Demonstrated ability to weigh business needs against security concerns. 
• Demonstrated ability to operate under pressure and manage multiple priorities/deadlines. 

ADDITIONAL MINIMUM QUALIFICATION FOR INFORMATION SECURITY ANALYST 3 

• Bachelor’s degree and four (4) years of related information security experience, OR 
• Associates degree and six (6) years of related information security experience, OR 
• Eight (8) years of related information security experience and at least three (3) years of experience working in a dedicated information security role. 
• Senior level practical and technical information security experience. 
• Demonstrated experience leading compliance and certification efforts for CMMC, NIST 800-53, NIST 800-171, DFARS 252.204-70xx, HIPAA, CJIS or other complex regulatory framework resulting in certification or acceptance of a standards compliance program by a regulating authority or agency. 

PREFERRED QUALIFICATIONS FOR INFORMATION SECURITY ANALYST 2 

• Relevant information security certification(s) in one or more applicable information security domains. 
• Experience in higher education. 
• Enterprise scale project management experience. 

ADDITIONAL PREFERRED QUALIFICATIONS FOR INFORMATION SECURITY ANALYST 3 

• Master’s degree in information security, computer science, information management or related discipline. 
• CISSP/CISA/CISM certification or equivalent. 

APPOINTMENT TERMS

This is a full-time, permanent position. The University offers a competitive salary, and outstanding benefits, including employee and dependent tuition waivers at UConn, and a highly desirable work environment. For additional information regarding benefits visit: https://hr.uconn.edu/health-benefits/.

Other rights, terms, and conditions of employment are contained in the collective bargaining agreement between the University of Connecticut and the University of Connecticut Professional Employees Association (UCPEA).

TERMS AND CONDITIONS OF EMPLOYMENT

Employment of the successful candidate is contingent upon the successful completion of a pre-employment criminal background check.

TO APPLY

Please apply online at https://hr.uconn.edu/jobs, Faculty and Staff Positions, Search #499074 to upload a resume, cover letter, and contact information for three (3) professional references.

This job posting is scheduled to be removed at 11:55 p.m. Eastern time on June 23, 2025. 

All employees are subject to adherence to the State Code of Ethics which may be found at http://www.ct.gov/ethics/site/default.asp.

All members of the University of Connecticut are expected to exhibit appreciation of, and contribute to, an inclusive, respectful, and diverse environment for the University community.

The University of Connecticut aspires to create a community built on collaboration and belonging and has actively sought to create an inclusive culture within the workforce.  The success of the University is dependent on the willingness of our diverse employee and student populations to share their rich perspectives and backgrounds in a respectful manner.  This makes it essential for each member of our community to feel secure and welcomed and to thoroughly understand and believe that their ideas are respected by all.  We strongly respect each individual employee’s unique experiences and perspectives and encourage all members of the community to do the same.  All applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status.

The University of Connecticut is an AA/EEO Employer.