Position Vacancy ID:
95224-AS

Employment Class:
Academic Staff-Renewable

Working Title:
Cloud Security Risk Analyst

Official Title:
SR IS SPECIALIST(S45BN)

Hiring Department(s):
A060370-INFORMATION TECHNOLOGY/SEC/CYBERSECURITY

FTE:
100%

Anticipated Begin Date:
SEPTEMBER 01, 2018

Term:
This is a renewable appointment.

Advertised Salary:
Minimum $75,000 Maximum $95,000 ANNUAL (12 months)
Depending on Qualifications

Degree and area of specialization:
Bachelor's Degree in Information Technology Security or related discipline and two years' experience; OR five or more years of applicable professional services and/or information security experience and expertise.

Minimum number of years and type of relevant work experience:
Required Qualifications:
* Minimum of three years' experience conducting risk assessments using recognized standards (e.g. HIPAA, NIST, COBIT or ISO).
* Minimum of 7 years of experience delivering IT services in a large organization.
* Detailed understanding of network design, security protocols and cloud integration security, with excellent analytical and problem-solving skills.
* Experience and/or training with integrating Cloud services with on premise technologies from Microsoft, IBM, Oracle, etc.
* Must display working knowledge of PCI Data Security, HIPAA and NIST standards along with virtual environment and cloud computing services.
* Knowledge of IT security and data privacy best practices and familiarity with extending on-premise security policies into the public Cloud.
* Experience and/or training with Cloud management (e.g. monitoring, automation, orchestration, etc.), cloud costing, and cloud security tools.
* Experience executing project management skills including design review, threat modeling and risk profiling while working across a large, distributed organization that is representative of a diverse IT community to include policy, regulations, and compliance requirements.

Preferred Qualifications:
* Hold, or be able to obtain within six months, a management-oriented security certification (e.g., CISSP, CISM or GSEC).
* Hold or be able to obtain within 1-year, the Certified Cloud Security Professional certification from ISC(2).
* Detailed understanding of the shared responsibility model for security in the public cloud.

License or Certificate:


Position Summary:
The University of Wisconsin-Madison's Cloud Security Risk Analyst will report to the Chief Information Security Officer in Office of Cybersecurity. This position is a key role for the CIO's vision for the future and acts as a focal point for the realization of the institution's overall Cloud strategy, which emphasizes and promotes adoption of secure Cloud-based IT services. This position provides risk analysis and compliance programs that support for the Governance, Risk and Compliance (GRC) domain of the UW-Madison Office of Cybersecurity. Responsibilities include evaluating security risks and compliance strategies; offering direction, guidance and consultation; and making recommendations for the improvement in integration of cloud-based services primarily for University of Wisconsin-Madison. This position coordinates implementing university-wide, proactive and distributed information security management programs to ensure the continuous availability, integrity, and confidentiality information assets that are provided by cloud vendors.

The Cloud Security Risk Analyst will engage campus IT groups to identify security controls for implementation of Cloud solutions that support the instructional technology, research computing, administration, and outreach activities of the institution. Working closely with the UW-Madison Director of Cloud Strategy, the Cloud Security Risk Analyst will recommend and identify security controls that reduce risk to an acceptable level for cloud solutions in accordance with the policies, procedures, and governance guidelines for the institution.

Key Responsibilities include:
* Execute the UW-Madison Risk Management Framework specifically for report the risk level and risk mitigation options for cloud-based integrations.
* Consult with UW-Madison community to enhance the understanding of how to securely use public cloud services.
* Provide guidance to the Enterprise Architecture, developers, and infrastructures teams related to the deployment and on-going management of cloud services.
* Operate continuous diagnostic and mitigations processes to continually assess cloud-based solutions.
* Support cultural and organizational change related to a moving toward a "cloud first" operating model.

Additional Information:
Please note that DoIT is not able to provide sponsorship for this position.

Contact:
Bradley Molzahn
bradley.molzahn@wisc.edu
608-262-0596
Relay Access (WTRS): 7-1-1 (out-of-state: TTY: 800.947.3529, STS: 800.833.7637) and above Phone number (See RELAY_SERVICE for further information. )

Instructions to Applicants:
Please click on the "Apply Online" button to start the application process. To apply for this position you will need to upload a cover letter and resume. Your cover letter should specifically address the required qualifications listed.

Additional Link:
Full Position Details

NOTE: A Period of Evaluation will be Required

The University of Wisconsin is an Equal Opportunity and Affirmative Action Employer.

The Annual Security and Fire Safety Report contains current campus safety and disciplinary policies, crime statistics for the previous 3 calendar years, and on-campus student housing fire safety policies and fire statistics for the previous 3 calendar years. UW-Madison will provide a paper copy upon request; please contact the University of Wisconsin Police Department.

Applications Open: Jul 10 2018 Central Daylight Time
Applications Close: Aug 7 2018 11:55 PM Central Daylight Time


To apply please click here!