Associate Information Security Analyst

Position Overview


The client is currently seeking a talented Information Security Officer to play a vital role in our dynamic and close-knit team within the Information Security Office. In this essential position, you will lead initiatives to protect our digital resources, developing and implementing innovative security strategies to effectively mitigate risks. Your expertise will contribute to our mission of maintaining a secure and resilient environment for education, research, and healthcare.

The Information Security Office is a high-profile team, and is one of the few departments with client-wide purview, so you'll have plenty of opportunity to share and shine. We operate with a high degree of autonomy, expecting each of our contributors to bring their own special talents to bear on the tough challenges facing the client.

The Cybersecurity Governance, Risk, and Compliance (GRC) team within the Information Security Office is an innovative, newly-formed team with an entrepreneurial spirit, and we invite you to help us grow while advancing your own career.

Job Responsibilities
In this role, you will support the research community by providing support and guidance on information security matters. You will collaborate with local client groups and client Research Computing to help implement and improve security measures that meet NIST 800-171 standards.
Your main responsibilities will include helping to execute a strategy that prepares the client for an increasing number of security audits and changing regulatory requirements, particularly focusing on the Cybersecurity Maturity Model Certification (CMMC) and NIST 800-171 standards. This will involve helping to assess the client's current security practices and identifying any gaps that could affect compliance. You will assist in implementing best practices and guidelines to strengthen cybersecurity measures and support audit preparations.
You will also play a key role in developing an awareness and training program aligned with NIST to educate the organization to foster a culture of security awareness and responsibility.

Typical Activities
Assist in the preparation and implementation of the NIST readiness project, ensuring alignment with NIST frameworks and guidelines to improve the organization's security posture.
Collaborate in developing and executing a comprehensive strategy to prepare the client for security audits and regulatory requirements, with a particular focus on the Cybersecurity Maturity Model Certification (CMMC).
Support the assessment and implementation of security controls in accordance with NIST standards, assisting in identifying gaps and recommending corrective actions.
Develop and deliver an awareness and training program aligned with NIST to educate the organization.
Collaborate in the review and update of security policies and procedures to ensure they meet NIST requirements and reflect best practices in cybersecurity.
Support the monitoring of security controls and risk management practices, regularly evaluating the effectiveness of existing security measures.
Help prepare and maintain documentation related to security policies, procedures, and compliance efforts, including risk assessments and operational reports.
Collaborate with cross-functional teams, including IT, Finance, Human Resources, and Legal, to integrate information security into the organization's overall risk management program.
Keep abreast of industry trends, emerging threats, and evolving regulatory requirements to inform security practices and compliance strategies.
Perform any other related duties assigned to support the organization's information security program.

Requirements:

Minimum Education & Experience Required
You're a well-rounded, critical thinker with a bachelor's degree (or equivalent experience).
A minimum of three years of experience in information security, risk management, or compliance.

Qualifications
Experience in information security, risk management, and compliance.
Knowledge of industry standards and regulations, particularly NIST & HIPAA.
Strong analytical and problem-solving skills, with the ability to identify and assess security risks.
Exposure to security audits, risk assessments, or vulnerability assessments.
Knowledge of security technologies such as encryption, firewalls, intrusion detection systems, and SIEMs.
Experience with working as part of a team in cybersecurity, information security, assurance or related fields.
Ability to express complicated, highly technical information using accessible language, proficiently in English, to a wide variety of audiences with varying degrees of technical savviness.
Ability to stay up-to-date with the latest security threats, technologies, and industry regulations.

Bonus Points & Plusses
Knowledge of ISO 27001 and PCI DSS.
Security+ or other professional cybersecurity certifications.
Proficiency in setting up and managing a learning management system (LMS), including course creation and configuration
Prior work in a highly-regulated industry or higher education.

Required experience:
Minimum 3 years

Notes:
Hybrid
Shift timing/schedule: 9 am PST - 5 pm PST
You may be expected to come to campus, but generally expect that to be no more than a few days each quarter.

VIVA is an equal opportunity employer. All qualified applicants have an equal opportunity for placement, and all employees have an equal opportunity to develop on the job. This means that VIVA will not discriminate against any employee or qualified applicant on the basis of race, color, religion, sex, sexual orientation, gender identity, national origin, disability or protected veteran status.