Information Security Risk Analyst 2
About The Job
Please note that this position is not eligible for H-1B or Green Card sponsorship. This position does not offer a STEM OPT training program. The University of Minnesota is committed to fostering local talent through employment opportunities. While this position utilizes a hybrid work modality, prospective applicants must be located either in the state of Minnesota or near the Wisconsin border OR otherwise open to relocation.
Position Overview
The University of Minnesota's University Information Security seeks an Information Security Risk Analyst who will improve the information security of the University through information security risk assessments, security standards development, and exception management. The Information Security Risk Analyst will assess the information security posture of collegiate and administrative units by conducting information security risk assessments, including analyzing security controls and processes, interviewing subject matter experts, and helping to shape a risk-based approach to security across the entire University system.
Why Join Our Team?
As a Risk Analyst at the University of Minnesota, you won’t just be checking boxes on a spreadsheet. You will act as a trusted consultant across a massive ecosystem — ranging from cutting-edge research labs and medical clinics to athletics and student services. Your work directly protects the privacy of our 50,000+ students and safeguards groundbreaking academic research.
Job Responsibilities
- Security Analysis - 80%
- Cover information security assessments utilizing ISO 27001 / 27002, NIST 800-171 or other appropriate information security control structures;
- Develop risk remediation plans, and facilitate risk remediation efforts.
- Facilitate the information security risk management program by identifying areas most in need of risk assessment, coordinating risk assessments with other information security risk analysts, and consulting with information security architects.
- Maintain a strong working knowledge of regulatory frameworks impacting higher education, including GLBA, PCI and FERPA while building knowledge of applicable security standards (SANS, OWASP, NIST).
- Procedural Support - 20%
- Facilitate the exception management process by tracking exceptions to information security policies and standards, evaluating associated risks by working with the other information security staff, and coordinating communication with the risk owner.
- Aid with information security reviews of vendors and suppliers.
Qualifications
- Required Qualifications:
- Bachelor’s degree in a related field and 2 years of relevant work experience or a Master's degree.
- 1 year experience in information security risk assessment, audit, quality assurance, or similar.
- Excellent communication (oral, written, presentation), interpersonal and consultative skills.
- Preferred Qualifications:
- Relevant work experience in a technical role, such as enterprise system management, or working within an IT-role in higher education.
- Knowledge of information security standards (e.g., ISO 27001/27002, NIST 800-171.), rules and regulations related to information security and data confidentiality (e.g., FERPA, GLBA, PCI DSS, HIPAA).
- CISSP, CISA, or other security certifications are desirable.
- Strong capability to analyze complex, ambiguous situations and synthesize conflicting information into clear, data-driven risk recommendations.
- Demonstrated ability to look beyond surface-level technical symptoms to identify underlying root causes of systemic risk.
Pay And Benefits
Pay Range: $85,000 - $95,000 ; depending on education/qualifications/experience
Time Appointment: 100% Appointment
Position Type: Faculty and P&A Staff
How To Apply
Applications must be submitted online. To be considered for this position, please click the Apply button and follow the instructions.
You will have the opportunity to complete an online application for the position and attach a cover letter and resume or CV.
Required Application Materials
- Resume
- Cover Letter
Employment Requirements
- Any offer of employment is contingent upon the successful completion of a background check.
About University Of Minnesota
The University of Minnesota, Twin Cities (UMTC) The University of Minnesota, Twin Cities (UMTC), is among the largest public research universities in the country, offering undergraduate, graduate, and professional students a multitude of opportunities for study and research. Located at the heart of one of the nation's most vibrant, diverse metropolitan communities, students on the campuses in Minneapolis and St. Paul benefit from extensive partnerships with world-renowned health centers, international corporations, government agencies, and arts, nonprofit, and public service organizations.