Working Title

Information Security Analyst

SF State University

San Francisco State is an Equal Opportunity Employer and does not discriminate against persons on the basis of race, religion, color, ancestry, age, disability, genetic information, gender, gender identity, gender expression, marital status, medical condition, National origin, sex, sexual orientation, covered veteran status, or any other protected status.  Reasonable accommodations will be provided for qualified applicants with disabilities who self-disclose by contacting the Senior Human Resources Manager.

Applicants may visit titleix.sfsu.edu for more information on SF State's policy prohibiting discrimination, and how to file an online report using the procedures under Executive Order 1096 Revised. Inquiries can be directed to the campus Title IX Coordinator and Discrimination, Harassment, and Retaliation Administrator by calling (415) 338-2032 or emailing vpsaem@sfsu.edu.

San Francisco State is a 100% Smoke/Vapor-Free Campus.  Smoking or Vaping of any tobacco/plant-based substance is not permitted on any University properties.

The person holding this position may be considered a "mandated reporter" under the California Child Abuse and Neglect  Reporting Act and is required to comply with the requirements set forth in CSU Executive Order 1083 as a condition of employment.

This position may be a "designated position" in the California State University's Conflict of Interest Code.  The successful candidate accepting this position may be required to file Conflict of Interest forms subject to the regulations of the Fair Political Practices Commission.

Department

Information Security, Information Technology Services

Appointment Type

This is a one-year probationary position.

Time Base

Full-Time (1.0)

Work Schedule

Monday - Friday; 8:00am - 5:00pm

Anticipated Hiring Range

$9,167.00 - $10,000.00 Per Month ($110,004.00 - $120,000.00 Annually)

Salary is commensurate with experience.

Position Summary

The Information Security Analyst is an expert who understands the business processes and functional needs of Information Security. The incumbent reports to the SF State Information Security Officer, the Information Security Analyst is responsible for hands-on support of campus information security program initiatives from information security policy development and maintenance; awareness activities; developing and assessing IT architecture; assessing security products, documenting or conducting investigations, creating change requests, and coordinating with other campuses and the CO. Position requires expert knowledge of CSU and campus policy as well as reporting requirements.

Position Information

Risk assessment and management

• Conduct risk assessments 

• Review network, system, endpoint, and application security architecture for potential vulnerabilities 

• Review, test, and implement technology solutions for assessing and addressing vulnerabilities such as Multi factor authentication, password vaults, endpoint management, log analysis, and network intrusion appliances 

• Support campus-wide data classification assessments and security audits, track issues and manage remediation plans 

• Assist with the development and dissemination of campus-wide security policies and procedures 

• Provide support for vulnerability scanning application scanners to campus IT service providers 

• Provide support for network vulnerability scans 

Security incident preparation and response

• Assist with the development and dissemination of campus-wide information security incident response procedures 

• Conduct information security incident investigations including initial response, documentation and analysis 

• Log and track information security incidents 

• Support breach notification activities 

• Respond to spam, phishing, and copyright violation complaints 

• Analyze incidents to identify trends 

Security awareness, training, and compliance

• Review IT procurement agreements for information security compliance 

• Consult with campus departments to help them comply with applicable laws, regulations, CSU, and SF State policies 

• Recommend and develop awareness programs to enhance understanding of IT Security and its business risk 

• Oversee deployment and compliance of Skillsoft Security Awareness Training course 

• Maintain expert knowledge of SF State, and CSU, State and Federal Information Technology Security policies 

•  Prepare quarterly and annual SoD reports and coordinate justification for exceptions and approvals

Minimum Qualifications

To enter this classification, a basic foundation of knowledge and skills in applications programming and systems analysis and related programming support functions is a prerequisite. This foundation would normally be obtained through a bachelor’s degree, preferably in computer science or business, or equivalent training and applied experience. Foundation knowledge and skills for the Analyst/Programmer, depending on the position assignment, may include working knowledge of a specific industry standard applications programming language and knowledge of standard systems analysis techniques.
 
Incumbents at the expert level work almost completely independently on the most complex problems and work assignments. They possess an advanced and comprehensive knowledge of the technical specialty and a working knowledge of related specialties and are able to apply this extensive expertise as a generalist or specialist. Experts are proactive and understand problems from broad, interactive perspective and are able to develop solutions that combine information and ideas in new, unprecedented ways. Incumbents at this level are capable of leading teams and implementation efforts for assigned projects using advanced communication and listening skills.

Preferred Qualifications

•          Bachelor's Degree in an Information Technology related field
•          Minimum 5 years progressive experience in computing and information security, including experience with Internet technology and security issues.
•          Knowledge of information security standards (e.g., ISO, NIST, etc.), rules and regulations/compliance related to information security and data confidentiality (e.g., FERPA, HIPAA, PCI, etc.)
•          Extensive knowledge of desktop, server, application, database, network security principles for risk identification and analysis
•          Solid understanding of TCP/IP networking and security
•          Strong knowledge of threat and abuse detection, investigation, and analysis methods
•          Extensive knowledge of risk assessment and mitigation
•          Extensive experience in programming and systems architecture
•          Experience mapping business processes and translating needs into solutions
•          Excellent analytical and problem-solving skills
•          Work independently to solve complex computing problems while balancing multiple priorities with varying scope and timing
•          Work in a fast-paced environment with deadlines
•          Excellent interpersonal communication skills: Ability to work through conflict to reach viable and feasible business decision.
•          Strong ability to reason logically and creatively to identify and resolve problems
•          Ability to read, write and speak fluently in English, and to be patient, tactful, and professional under all circumstances
•          Ability to relay technical information effectively to non-technical users.
•          Function effectively as a member of a team and participate in activities and assignments that will benefit other members of the team or will contribute to the accomplishment of the team objectives.

Master's Degree in an Information Technology related field
•          Experience providing IT support in higher education
•          Understanding of Section 508 ADA compliance
•          Experience providing support to "highly visible" offices
•          Experience with developing security policy, security awareness, network penetration testing, application vulnerability assessments, risk analysis and compliance testing
•          Information security certifications (CISSP, GCIA, GCIH, CEH)

Pre-Employment Requirements

This position requires the successful completion of a background check.

Eligibility to Work

Applicants must be able to provide proof of US Citizenship or authorization to work in the United States, within three business days from their date of hire.

Benefits

Threaded through our Total Compensation package is a commitment to Bridging Life's Transitions.  SF State is committed to providing our employees with a comprehensive program that rewards efforts that are appreciated by your colleagues, students and the customers we serve.

We offer a competitive compensation package that includes Medical, Dental, Vision, Pension, 401k, Healthcare Savings Account, Life Insurance, Disability Insurance, Vacation and Sick Leave as well as State Holidays and a dynamic Fee Waiver program, all geared towards the University's commitment to attract, motivate and retain our employee.

CSUEU Position (For CSUEU Positions Only)

Eligible and qualified on-campus applicants, currently in bargaining units 2, 5, 7, and 9 are given hiring preference.

Additional Information

SF STATE IS NOT A SPONSORING AGENCY FOR STAFF OR MANAGEMENT POSITIONS. (i.e. H1-B VISAS).

Thank you for your interest in employment with California State University (CSU).  CSU is a state entity whose business operations reside within the State of California.  Because of this, CSU prohibits hiring employees to perform CSU-related work outside of California with very limited exception.  While this position may be eligible for occasional telework, all work is expected to be performed in the state of California, and this position is assigned to on-campus operations.

CSU strongly encourages faculty, staff, and students who are accessing campus facilities to be immunized against COVID-19 or declare a medical or religious exemption from doing so.  Any candidates advanced in a currently open search process are encouraged to comply with this requirement. The systemwide policy can be found at https://calstate.policystat.com/policy/9779821/latest/ and questions may be sent to hrwww@sfsu.edu.

The Human Resources office is open Mondays through Fridays from 8 a.m. to 5 p.m., and can be reached at (415) 338-1872.

Please note that this position, position requirements, application deadline and/or any other component of this position is subject to change or cancellation at any time.