Cyber Information Assurance Analyst

Summary

Job Category:
Security
Job Title:
Cyber Information Assurance Analyst
Job Category Definition:
This specialty covers cyber security, information assurance, and compliance design, integration, implementation, modification, and coordination of the installation, testing, operation, and disposition of hardware and software systems. Functions may include conducting analyses, developing functional and technical requirements and specifications, documentation, monitoring the availability, serviceability, and recoverability of installed technology security systems, implementing cyber security procedures and tools, maintaining systems configuration, managing the installation and integration of system patches updates, and enhancements, and ensuring the rigorous application of information security/information assurance policies, principles, and practices.
Job Title Definition:
The Cyber Information Assurance Analyst proactively evaluates the system and network enterprise environments of University units and uses technical knowledge and analytical skill to determine the optimum mix of technology, policy, procedures and education to implement effective cyber security programs and strategies. The Cyber Information Assurance Analyst determines security controls, configurations, procedures, and policies based off industrial standards, best practices, University, federal, and state regulations, and contractual requirements. The Cyber Information Assurance Analyst establishes and manages program control processes, compliance assessments to determine deviations from acceptable configurations, policy, or standards, and provides expertise in compliance requirements for internal and external reviews of requirements. Cyber Information Assurance Analyst also develop policy, procedures, and standards associated with Cyber Incident Response Team (CIRT) activities and may participate in CIRT activities. The Cyber Information Analyst assists with the identification and mitigation of risk posed to the confidentially, integrity, and availability of information systems. The Cyber Information Assurance Analyst fully masters and explains to others the cyber security requirements for legal and regulatory compliance including FERPA (Family Educational Rights and Privacy Act), HIPAA (Health Insurance Portability and Accountability Act), GLB (Gramm-Leach-Bliley Act), PCI (Payment Card Industry), DMCA (Digital Millennium Copyright Act) and other federal regulations and statutes. Duties are performed at various levels within the defined title.
Working Conditions:
Specific physical requirements and effort are outlined in Job Responsibilities Worksheet (list of essential job duties and responsibilities specific to a particular job at the unit level) in accordance with the Americans with Disabilities Act of 1990 (ADA).
Other Requirements: Maintain a security clearance when specific job duties require interaction with classified systems.
 

Levels

Level 1 

Level Details
Job Code Salary Band FLSA Status
ITSC0201 I Non-Exempt

Level 1 positions typically demonstrate baseline working knowledge of routine work applications; follow standard principles and systems and use appropriate terminology associated with a particular field of specialization; participate as a team member in a collaborative environment within a diverse workforce; actively contribute to completion of team goals and assigned tasks; clearly communicate information, ideas, or instructions verbally and in writing; follow recommended approach to assigned work to facilitate achievement of desired results; ensure safe practices and environmental consciousness are exhibited in decisions; typically work under direct and frequent supervision while performing routine duties using established procedures with detailed instructions.

Typical Education & Experience

0+ years related experience

Associate’s Degree or higher

Or an equivalent combination of education and experience
Typical Work Duties
  • Participate in conducting risk assessments and providing recommendations for system, network, and application design, implementation, and operation
  • Assist in the vulnerability assessments of systems and networks to identify deviations from acceptable configurations or policies
  • Assist in the monitoring of corrective actions of system audits; may assist in the documentation of Plan of Action and Milestones (POAM)
  • Assist in the obtaining of certification and accreditation of systems through the creation of process documentation support
  • Support the establishment of program control processes to ensure risk mitigation
  • Participate in periodic audits of systems
  • Assist in the implementation of required policies, procedures, and configurations; may make recommendations for improvements 

This profile is intended to indicate the kinds of tasks and levels of work difficulty that will be required of positions in this job title and should not be construed as declaring what the specific duties and responsibilities of any particular position shall be.  It is not intended to limit or in any way modify the right of any supervisor to assign, direct, and control the work of employees under his/her supervision.  The use of a particular expression or illustration describing duties should not be held to exclude other duties not mentioned that are of a similar kind or level of difficulty.

Level 2 

Level Details
Job Code Salary Band FLSA Status
ITSC0202 K Exempt

Level 2 positions typically demonstrate intermediate knowledge of the concepts, practices and procedures of a particular field of specialization; perform intermediate tasks in defined skill areas/applications by continuously building on current job knowledge; maintain effective relationships with peers, vendors, and others in a diverse environment; support team decisions and follow through with team responsibilities; interpret information, ideas and instructions and communicate clearly and accurately both verbally and in writing including materials intended for distribution; determine causes of unusual occurrences and apply standard principles and practices to determine and implement solutions; ensure safe practices and environmental consciousness are exhibited in decisions; typically work under general supervision, while performing assignments that are varied and that may be somewhat difficult in character, but usually involve limited responsibility.

Typical Education & Experience

2+ years related experience

Bachelor’s Degree or higher

Or an equivalent combination of education and experience
Typical Work Duties
  • Conduct risk assessments and provide recommendations for system, network, and application design, implementation, and operation of departmental systems
  • Conduct vulnerability assessments of departmental systems and networks to identify deviations from acceptable configurations or policies
  • Monitor the corrective actions of departmental system audits; draft documentation of Plan of Action and Milestones (POAM) for review
  • Meet with stakeholders regularly to assess needs and requirements at a departmental level
  • Obtain certification and accreditation for departmental systems through the creation of process documentation support; may assist with unit or University wide process documentation
  • Participate in the establishment of program control processes to ensure risk mitigation
  • Perform periodic audits of departmental systems under general supervision
  • Participate in the implementation of required policies, procedures, and configurations; make recommendations for improvements 
  • Participate in the preparation of requirements and procedures for forensic preservation 
  • Research and stay current on industry best practices

This profile is intended to indicate the kinds of tasks and levels of work difficulty that will be required of positions in this job title and should not be construed as declaring what the specific duties and responsibilities of any particular position shall be.  It is not intended to limit or in any way modify the right of any supervisor to assign, direct, and control the work of employees under his/her supervision.  The use of a particular expression or illustration describing duties should not be held to exclude other duties not mentioned that are of a similar kind or level of difficulty.

Level 3 

Level Details
Job Code Salary Band FLSA Status
ITSC0203 L Exempt

Level 3 positions typically demonstrate proficient and comprehensive knowledge of defined skill areas/applications to integrate fundamental elements from other specialties into work assignments; apply knowledge of principles, practices, and procedures of a particular field of specialization to complete difficult assignments; promote a culture that is conducive to effective relationships among diverse team members; ensure safe practices and environmental consciousness are exhibited in decisions; may lead a project team involved in completion of difficult assignments, requiring proficient knowledge of field of specialization; interpret and communicate information, ideas and instructions clearly, accurately and persuasively both verbally and in writing including materials intended for distribution; incorporate new facts and ideas into group processes and apply creative thinking to develop new solutions; typically work with minimal supervision on difficult assignments, conferring with manager on unusual matters.

Typical Education & Experience

5+ years related experience

Bachelor’s Degree or higher

Or an equivalent combination of education and experience
Typical Work Duties
  • Lead risk assessments and provide recommendations for system, network, and application design, implementation, and operation of unit-wide systems
  • Lead vulnerability assessments of unit-wide systems and networks to identify deviations from acceptable configurations or policies; conduct assessments of non-standard systems
  • Monitor the corrective actions of unit-wide system audits; develop and manage Plan of Action and Milestones (POAM)
  • Meet with stakeholders regularly to assess needs and requirements at a unit-wide level
  • Obtain certification and accreditation through the creation of process documentation; develop unit or University-wide process documentation
  • Establish program control processes to ensure risk mitigation
  • Perform periodic audits of systems
  • Implement required policies, procedures, and configurations; make recommendations for improvements 
  • Develop requirements and procedures for forensic preservation 
  • Assist in the development of policy, process, and standards of Cyber Incident Response Team (CIRT) program and participate in CIRT activities as needed
  • Assist in the development and delivery of information security training material
  • May interface with external entities including law enforcement and intelligence/government agencies
  • May provide guidance to lower level Analysts
  • Research and stay current on industry best practices

This profile is intended to indicate the kinds of tasks and levels of work difficulty that will be required of positions in this job title and should not be construed as declaring what the specific duties and responsibilities of any particular position shall be.  It is not intended to limit or in any way modify the right of any supervisor to assign, direct, and control the work of employees under his/her supervision.  The use of a particular expression or illustration describing duties should not be held to exclude other duties not mentioned that are of a similar kind or level of difficulty.

Level 4 

Level Details
Job Code Salary Band FLSA Status
ITSC0204 M Exempt

Level 4 positions typically demonstrate advanced knowledge of principles, practices, and procedures of a particular field of specialization and complete complex assignments; integrate complex elements from other specialties into work assignments; demonstrate a strong commitment to inclusionary practices which support diversity throughout the University; establish a shared vision and take responsibility for the achievement of team goals, and provide direction for appropriate implementation of plans; present ideas, concepts and instructions in a clear manner, and use persuasion and negotiation to build consensus and cooperation; ensure safe practices and environmental consciousness are exhibited in decisions; develop new techniques, concepts, theories, programs or solutions and apply them to complex strategic operating issues; typically work independently on complex work assignments, review progress and evaluate results and update management as appropriate; may direct and delegate work to lower-level staff.

Typical Education & Experience

8+ years related experience

Bachelor’s Degree or higher

Or an equivalent combination of education and experience
Typical Work Duties
  • Lead risk assessments and provide recommendations for system, network, and application design, implementation, and operation of enterprise-wide systems
  • Lead vulnerability assessments of enterprise-wide or complex systems and networks to identify deviations from acceptable configurations or policies
  • Monitor the corrective actions of enterprise-wide system audits
  • Lead in the development and manage Plan of Action and Milestones (POAM)
  • Meet with stakeholders regularly to assess needs and requirements at a University-wide level
  • Obtain certification and accreditation through the development of University-wide process documentation
  • Oversee the establishment of program control processes to ensure risk mitigation
  • Oversee periodic audits of systems
  • Lead implementation of required policies, procedures, and configurations
  • Develop requirements and procedures for forensic preservation 
  • Lead the development of policy, process, and standards of Cyber Incident Response Team (CIRT) program and participate in CIRT activities, as needed
  • Develop and deliver cyber security training material
  • Present security awareness sessions to diverse audiences University-wide
  • Interface with external entities including law enforcement and intelligence/government agencies
  • Apply project management principles and methods to the leadership of security tasks or projects
  • Direct the development of communications regarding policies, procedures, and best practices for vulnerability and risk assessments
  • Provide guidance to and may supervise lower level Analysts
  • Research and stay current on industry best practices

This profile is intended to indicate the kinds of tasks and levels of work difficulty that will be required of positions in this job title and should not be construed as declaring what the specific duties and responsibilities of any particular position shall be. It is not intended to limit or in any way modify the right of any supervisor to assign, direct, and control the work of employees under his/her supervision. The use of a particular expression or illustration describing duties should not be held to exclude other duties not mentioned that are of a similar kind or level of difficulty.

Level 5 

Level Details
Job Code Salary Band FLSA Status
ITSC0205 N Exempt

Level 5 positions typically extend mastery of job knowledge to the principles, theories and practices of related specialties; expand knowledge of best practices and incorporate into all work assignments and procedures; evaluate and enhance current practices and efforts to ensure optimal support of diversity; oversee leadership of teams and projects that involve extensive cooperation and coordination between multiple departments across the University or with external customers; prepare written and/or verbal presentations or proposals on highly complex issues and deliver to a broad variety of audiences; identify and implement innovative solutions to important, highly complex strategic and/or operational issues which may involve unusual circumstances and incomplete or conflicting data; ensure safe practices and environmental consciousness are exhibited in decisions; work independently on highly complex or strategic assignments; may direct and supervise lower-level staff.

Typical Education & Experience

12+ years related experience

Bachelor’s Degree required; Master’s Degree preferred

Or an equivalent combination of education and experience
Typical Work Duties
  • Provide subject matter expertise in the strategic planning process and provide input into enterprise strategic security initiatives     
  • Oversee the development and research of leading edge policies, procedures, and best practices for vulnerability and risk assessments for information assurance
  • Lead the design of procedures for risk and vulnerability assessments and corrective action
  • Engage in University, customer, and industry collaboration efforts
  • Develop information assurance programmatic training content; present at various outreach and/or educational forums
  • Provide strategic guidance and subject matter expertise to the Cyber Incident Response Team (CIRT)
  • Provide operational and project team leadership for multiple, simultaneous enterprise-wide information assurance initiatives
  • Participate as required in the budget process
  • Provide guidance to all levels of Analysts

This profile is intended to indicate the kinds of tasks and levels of work difficulty that will be required of positions in this job title and should not be construed as declaring what the specific duties and responsibilities of any particular position shall be.  It is not intended to limit or in any way modify the right of any supervisor to assign, direct, and control the work of employees under his/her supervision.  The use of a particular expression or illustration describing duties should not be held to exclude other duties not mentioned that are of a similar kind or level of difficulty.