Skip to Main Content

Information Security Analyst, Sr.

Position Details

Position Information

Title Information Security Analyst, Sr.
Department Defense & Security Rsch Inst (2499)
Location Main Campus
Position Summary

The University of Arizona is accepting applications for an Information Security Analyst, Senior. This position will support a new secure research computing environment required for Controlled Unclassified Information (CUI). The Information Security Analyst, Senior will work with UA researchers to assess project information security requirements and other compliance controls, recommend, and implement appropriate controls.

The position will work closely with department/college technology staff, the University Export Control Program (UECP) and the UA Information Security Office to ensure a collaborative and common approach to security information issues across the institution. Responsibilities include the generation, review and update of documentation for the process and procedures for secure IT environments for UA research projects. The incumbent may contribute to the University of Arizona’s technology architecture planning process to ensure information security is a core principle for all services. This position reports through Defense & Security Research Institute and will work closely with the UA Information Security Office and the University Information Technology Service unit.

The Defense & Security Research Institute leverages the UA’s research strengths to create economic alliances with Arizona and the nation’s defense and security industries.

With more than $606 million in research and development dollars from federal, state, and private sources, The University of Arizona currently ranks #21 among public universities in the US in overall research expenditures and #2 in physical science research. With world class faculty in fields as diverse as astronomy and space exploration, plant science, biomedical science and biotechnology, anthropology, Native peoples, business, law, philosophy, music, and dance, the UA is one of only 62 members in the Association of American Universities. The University’s main campus is situated in the heart of Tucson. Surrounded by mountains and the high Sonoran Desert, Tucson boasts a distinctive southwestern feel and enjoys more than 300 days of sunshine each year.

The UA today has over 43,000 students, and nearly 15,600 employees. The main campus has grown from its original 40 acres to more than 350 acres, and boasts the oldest continually maintained green space in Arizona. The University of Arizona offers a broad range of educational programs and support services that attract an excellent and diverse student body.

Outstanding UA benefits include health, dental, and vision insurance plans; life insurance and disability programs; paid vacation, sick leave, and holidays; UA/ASU/NAU tuition reduction for the employee and qualified family members; state and optional retirement plans; access to UA recreation and cultural activities; and more!

Accepting a new position is a big life step. We want potential candidates and their families to be able to make informed decisions. Candidates who are considering relocation to the Tucson or Phoenix area, and have been offered an on-site interview, are encouraged to use the free services offered by Above & Beyond Relocation Services (ABRS).Ask your department contact to be introduced to ABRS prior to your visit.

The University of Arizona has been listed by Forbes as one of America’s Best Employers in the United States and WorldatWork and the Arizona Department of Health Services have recognized us for our innovative work-life programs. For more information about working at the University of Arizona, please click here.

Duties & Responsibilities
  • Conduct physical audits and inventories of IT assets used in restricted research activities, analyzing variances of IT assets with federal standards.
  • Implement IT security compliance solutions and negotiating gaps with sponsors.
  • Conduct risk assessments, coordinate vulnerability scans, and penetration tests to identify security risks, and report on findings to system owners and management.
  • Perform intermediate and advanced analysis and assessments of research and non-research related activities and necessary regulatory requirements to maintain institutional compliance in both research and non-research areas as required by U.S. export control laws and regulations.
  • Work directly with faculty, staff, and students to provide expert guidance on federal regulations, UA policy and procedures, and IT security protocols implemented to achieve compliance.
  • Use automated and manual testing, examination, scanning, interviewing, and discovery techniques to identify, validate, and assess IT security vulnerabilities.
  • Using output from risk assessments and requirements analysis, assist system, application, and data owners/managers with selecting IT security controls and documenting system IT security plans.
  • Review existing IT security plans with system, application, and data owners/managers to ensure that controls are properly implemented, and to pro-actively identify any gaps that may result in non-compliance with regulatory requirements.
  • Manage all tasks associated with implementing IT security solutions on restricted research programs.
  • Support the implementation, monitoring and audit of the NIST 800-171 security controls in the University environment.
  • Respond to relevant service requests received from end-users conducting activities subject to IT security requirements.
  • Provide reports / presentations on the status of IT security controls and industry trends to management, technical staff, and other stakeholders.
  • Provide technical expertise to faculty and departmental technology staff to ensure compliance with NIST 800-171 controls, including hands-on technical assistance when needed.
  • Participate in institution-wide efforts to ensure compliant technical solutions are in place and readily accessible for researchers.
  • Build and maintain positive working relationships with research faculty and technology staff.
  • Assist researchers and departments to develop consistent reporting methodology for granting agency requirements.
  • Support the development, documentation and management of Technology Control Plans (TCPs) that include IT security measures to attain and maintain compliance with various regulatory requirements, including but not limited to EAR, ITAR, OFAC, NARA, NIST, FIPS, etc.
  • Other tasks as assigned.
Knowledge, Skills, & Abilities
  • In-depth knowledge of securing IT systems, networks, and data, with deep expertise in at least one of the following areas: secure development practices, system administration, network security, securing cloud resources, end-point management and protection, administration of Windows Active Directory or other access management systems.
  • Familiarity with privacy and security laws and regulations (state and federal) and information security best practices.
  • Proven strong communication and interpersonal skills.
  • A team player, able to practice discretion around sensitive issues.
Minimum Qualifications
  • Bachelor’s degree in computer or information systems or a related area AND three years of information technology experience which may include systems administration, network administration, application design/development, middleware, identity and access management or other specific technical expertise.
  • OR, five years of progressive information technology experience which may include systems administration, network administration, application design/development, middleware, identity and access management or other specific technical expertise.
  • OR, any equivalent combination of experience, training and/or education.
  • Candidate must be a U.S. Citizen or Permanent Resident.
Preferred Qualifications
  • IT security, information technology, information assurance or related experience, with preferred service in a Federal Government or DoD Industrial Security environment.
  • Security specific certification such as CISSP, various GIAC (such as GCED, GPPA), or CISM.
  • Experience with cybersecurity policies based on NIST 800-53, NIST 800-171 and ISO 27001.
  • Knowledge of complex government regulations, including the ITAR, EAR and OFAC. Experience in a Higher Education environment.
  • Experience leading technical initiatives in a collaborative environment.
  • Experience with problem solving in secure IT environments.
  • Already have or be able to obtain a U.S. Government Security Clearance.
FLSA Exempt
Full Time/Part Time Full Time
Number of Hours Worked per Week 40
Job Category General
Benefits Eligible Yes - Full Benefits
Posted Rate of Pay DOE
Type of criminal background check required: Fingerprint criminal background check (security sensitive due to title or department)

Posting Detail Information

Posting Number A22039
Number of Vacancies One
Desired Start Date
Position End Date (if temporary)
Limited to Current UA Employees No
Contact Information for Candidates

Christopher Shinohara

Open Date 09/08/2017
Close Date
Open Until Filled Yes
Review Begins On 09/29/2017
Special Instructions to Applicant
Diversity Statement

At the University of Arizona, we value our inclusive climate because we know that diversity in experiences and perspectives is vital to advancing innovation, critical thinking, solving complex problems, and creating an inclusive academic community. We translate these values into action by seeking individuals who have experience and expertise working with diverse students, colleagues and constituencies. Because we seek a workforce with a wide range of perspectives and experiences, we encourage diverse candidates to apply, including people of color, women, veterans, and individuals with disabilities. As an Employer of National Service, we also welcome alumni of AmeriCorps, Peace Corps, and other national service programs and others who will help us advance our Inclusive Excellence initiative aimed at creating a university that values student, staff and faculty engagement in addressing issues of diversity and inclusiveness.

Quick Link for Internal Postings

Supplemental Questions

Required fields are indicated with an asterisk (*).

  1. * Where did you first learn about this position?
    • Arizona Daily Star
    • Arizona Republic
    • Chronicle of Higher Education
    • Department of Economic Security (DES)
    • Diverse Issues in Higher Education
    • Hispanic Outlook in Higher Education
    • Jobing.Com
    • LinkedIn
    • Local Job Banks
    • Pima County One-Stop
    • Professional Conference
    • Professional journal/publication
    • Referred by UA Employee
    • Invited by Dept to Apply
    • UA Website
    • Other
  2. * How many years of progressive information technology experience do you have with systems administration, network administration, application design/development, middleware, identity and access management or other specific technical expertise?
    • Five (5) or more years.
    • Three (3) to Four (4) years.
    • One (1) to Two (2) years.
    • I have no experience.
  3. * Do you have a Bachelor’s degree in computer or information systems or a related area?
    • Yes
    • No

Documents Needed to Apply

Required Documents
  1. Resume
  2. Cover Letter
Optional Documents