Information Security Risk

1 month ago


Pittsburgh, United States Carnegie Mellon University Full time

The Computing Services central IT department provides services that have a strategic impact on university goals. We make service decisions based on interaction and valuable input from colleagues engaged in the education, research, and administration efforts of the university. We are a learning organization and approach successes and mistakes as a learning experience to continually cultivate a culture of intelligent risk taking. We want to hire versatile team members who are inspired and passionate about their work. Join us and be part of a team committed to excellence, innovation, diversity, team and individual growth.

CMU’s Computing Services department is searching for an Information Security Risk & Compliance Analyst. The Information Security Risk & Compliance Analyst will assess, document, and implement various controls for the University. This individual manages the control documentation and advises on best business practices for all stakeholders. The incumbent is responsible for managing processes for third party vendor assessment, systems audit assistance, coordination, and support (e.g., internal audit for information security). This includes familiarity with risk assessments, privacy regulations, and sets of controls. The incumbent will have a well-rounded technical background in Information Technology (IT). This includes and is not limited to software development, DevOps, systems, help desk, risk management, and information security.

Your core responsibilities will include:

Assist in enhancing existing risk metrics and report high impact items to key campus stakeholders.

Audit IT systems and ensure the established controls are being followed. Identify security findings and assist in driving risk items to closure with the correct stakeholders.

Familiarity with risk assessments and common control sets: Cyber Security Framework (CSF), Cybersecurity Maturity Model Certification (CMMC/ NIST 800-171), and Payment Card Industry – Data Security Standard (PCI-DSS).

Lead compliance projects involving multiple stakeholders within established deadlines.

Manage the documentation and development of policies, guidance and procedures related to information security for the University’s Information Security Office (ISO). This includes writing, evidence-gathering, and investigating existing processes and regulations and implementing best practices.

Managing requests for information related to privacy regulations and risk management: General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA).

Must be a quick learner with an interest in the intersection of information security, people, and the law. The incumbent needs a strong understanding of the bridge between security and business, and be attentive to details.

Partner with key internal campus stakeholders on processes and controls, including the Office of the Vice Provost for Research, University Libraries, University Health Services, Treasury, and Enterprise Risk Management (ERM).

Proficient with Microsoft Office Suite (e.g., Word, Excel, PowerPoint, etc.) and other document-sharing tools (e.g., Google Docs, Box, etc.).

Review 3rd party documentation to determine information security risk, and communicate those risks to stakeholders.

Strong communication skills, both written and oral. The incumbent will communicate with a variety of audiences, so it will be imperative to write and speak to both technical, end-user and executive audiences, depending on the context of the situation and matter at hand.

Other duties as assigned.

Flexibility, excellence, and passion are vital qualities within Computing Services. Inclusion, collaboration, and cultural sensitivity are valued competencies at CMU. Therefore, we are in search of a team member who is able to effectively interact with a varied population of internal and external partners at a high level of integrity. We are looking for someone who shares our values and who will support the mission of the university through their work.

Qualifications:

Bachelor’s Degree

3-5 years of relevant work experience

Certifications:

Certified Information Systems Auditor (CISA)

Certified Information Systems Security Practitioner (CISSP)

Requirements:

Successful background check

This position involves access to items or technical data controlled under the U.S. International Traffic in Arms Regulations (“ITAR”). Under U.S. export control laws, restrictions apply to the release or disclosure within the United States of ITAR-controlled technical data to individuals who are NOT “U.S. Persons.” U.S. Persons include U.S. citizens, U.S. nationals, persons lawfully admitted for U.S. permanent residence (“green card” holders), persons granted U.S. asylum status and persons granted U.S. refugee status. 

Carnegie Mellon’s Computing Services can rely on ITAR authorizations to provide access to ITAR-controlled items for certain eligible applicants who are not U.S. Persons. However, for Computing Services to ensure compliance with the ITAR, applicants who are NOT U.S. Persons are not eligible for this position if they are current or former permanent residents, nationals, or citizens of the following arms-embargoed or ITAR-restricted countries: Afghanistan, Belarus, Burma, Cambodia, Central African Republic, China, Cuba, Cyprus, Democratic Republic of Congo, Ethiopia, Eritrea, Haiti, Iran, Iraq, Lebanon, Libya, Nicaragua, North Korea, Russia, Somalia, South Sudan, Sudan, Syria, Venezuela, and Zimbabwe.

Joining the CMU team opens the door to an array of exceptional benefits, available to all full-time Carnegie Mellon University employees. Experience the full spectrum of advantages, from comprehensive medical, prescription, dental, and vision insurance to enticing retirement savings programs. Unlock your potential with tuition benefits, and take well-deserved breaks with generous paid time off and holidays. Rest easy knowing you're covered by life and accidental death and disability insurance.



  • Pittsburgh, Pennsylvania, United States BNY Full time

    Role OverviewWe are seeking an experienced Information Security Risk Manager II to join our Clearing Markets Treasury Engineering team in Pittsburgh, PA. This role will work a Hybrid schedule (3 days per week in-office required) and be responsible for identifying, analyzing, monitoring, reporting, and minimizing information technology risks within their...


  • pittsburgh, United States HCM Staffing and Consulting Group Full time

    Location: Pittsburgh, PA / Lake Mary, FLContract: 12 monthsJob Description:Consults on a senior level and provides professional support for major components of the company's information security infrastructure. Contributes to the development and implementation of security architecture, standards, procedures, and guidelines for multiple platforms in diverse...


  • Pittsburgh, United States HCM Staffing and Consulting Group Full time

    Location: Pittsburgh, PA / Lake Mary, FLContract: 12 monthsJob Description:Consults on a senior level and provides professional support for major components of the company's information security infrastructure. Contributes to the development and implementation of security architecture, standards, procedures, and guidelines for multiple platforms in diverse...


  • Pittsburgh, United States HCM Staffing and Consulting Group Full time

    Location: Pittsburgh, PA / Lake Mary, FLContract: 12 monthsJob Description:Consults on a senior level and provides professional support for major components of the company's information security infrastructure. Contributes to the development and implementation of security architecture, standards, procedures, and guidelines for multiple platforms in diverse...


  • pittsburgh, United States HCM Staffing and Consulting Group Full time

    Location: Pittsburgh, PA / Lake Mary, FLContract: 12 monthsJob Description:Consults on a senior level and provides professional support for major components of the company's information security infrastructure. Contributes to the development and implementation of security architecture, standards, procedures, and guidelines for multiple platforms in diverse...

  • Security Risk Analyst

    2 months ago


    Pittsburgh, United States Alcoa Full time

    Shape Your World At Alcoa, you will become an essential part of our purpose: to turn raw potential into real progress. The way we see it, every Alcoan is a work-shaper, team-shaper, idea-shaper, world-shaper. As a leader within Alcoa, you can help us fulfill our purpose and realize our vision to reinvent the aluminum industry. Be part of the team that is...


  • Pittsburgh, United States Duquesne Light Company Full time

    Duquesne Light Company, headquartered in downtown Pittsburgh, is a leader in providing electric energy and has been in the forefront of the electric energy market, with a history rooted in technological innovation and superior customer service. Today, the company continues its role as a leader in the transmission and distribution of...


  • Pittsburgh, United States Duquesne Light Full time

    Duquesne Light Company, headquartered in downtown Pittsburgh, is a leader in providing electric energy and has been in the forefront of the electric energy market, with a history rooted in technological innovation and superior customer service. Today, the company continues its role as a leader in the transmission and distribution of electric energy,...


  • Pittsburgh, United States Duquesne Light Full time

    Duquesne Light Company, headquartered in downtown Pittsburgh, is a leader in providing electric energy and has been in the forefront of the electric energy market, with a history rooted in technological innovation and superior customer service. Today, the company continues its role as a leader in the transmission and distribution of electric energy,...


  • Pittsburgh, United States Duquesne Light Full time

    Duquesne Light Company, headquartered in downtown Pittsburgh, is a leader in providing electric energy and has been in the forefront of the electric energy market, with a history rooted in technological innovation and superior customer service. Today, the company continues its role as a leader in the transmission and distribution of electric energy,...


  • Pittsburgh, United States Duquesne Light Full time

    Duquesne Light Company, headquartered in downtown Pittsburgh, is a leader in providing electric energy and has been in the forefront of the electric energy market, with a history rooted in technological innovation and superior customer service. Today, the company continues its role as a leader in the transmission and distribution of electric energy,...


  • Pittsburgh, United States Duquesne Light Full time

    Duquesne Light Company, headquartered in downtown Pittsburgh, is a leader in providing electric energy and has been in the forefront of the electric energy market, with a history rooted in technological innovation and superior customer service. Today, the company continues its role as a leader in the transmission and distribution of electric energy,...


  • Pittsburgh, United States Duquesne Light Full time

    Duquesne Light Company, headquartered in downtown Pittsburgh, is a leader in providing electric energy and has been in the forefront of the electric energy market, with a history rooted in technological innovation and superior customer service. Today, the company continues its role as a leader in the transmission and distribution of electric energy,...


  • Pittsburgh, United States Vitalant Full time

    Description Join Vitalant as a HIPAA Security Analyst and contribute to our mission of saving and improving lives. In this vital role at our Hemophilia Center, you'll take a risk-based approach to ensure the confidentiality, integrity, and availability of healthcare information systems and data. By safeguarding sensitive patient information, you'll help us...


  • Pittsburgh, United States Vitalant Full time

    Description Join Vitalant as a HIPAA Security Analyst and contribute to our mission of saving and improving lives. In this vital role at our Hemophilia Center, you’ll take a risk-based approach to ensure the confidentiality, integrity, and availability of healthcare information systems and data. By safeguarding sensitive patient information, you’ll help...

  • Engineer I

    2 months ago


    Pittsburgh, United States Merrick Bank Full time

    Job DescriptionJob DescriptionMerrick Bank employees share in our mission to delight our customers and empower underserved consumers to achieve their credit goals. In return, we delight our associates; ensuring they are noticed, heard, appreciated and understand the importance of their role(s). For over 20 years, our Guiding Principles of; doing the right...


  • Pittsburgh, Pennsylvania, United States TTI of USA, Inc. Full time

    We are looking for an experienced Information Security Professional to join our team at TTI of USA, Inc.The estimated annual salary for this role is $121,200, based on the hourly rate of $60 per hour and assuming a standard full-time schedule.Job Overview:As a key member of our security team, you will contribute to the effectiveness of security-related...


  • Pittsburgh, Pennsylvania, United States Evertz Microsystems Full time

    Information Security EngineerThis role involves designing and implementing secure infrastructure solutions to protect the company's digital assets. The ideal candidate will have a strong background in IT security, networking, and cloud computing.Key Responsibilities:Design and deploy secure network architecturesImplement security controls, such as firewalls...


  • Pittsburgh, United States Merrick Bank Full time

    Job DescriptionJob DescriptionMerrick Bank employees share in our mission to delight our customers and empower underserved consumers to achieve their credit goals. In return, we delight our associates; ensuring they are noticed, heard, appreciated and understand the importance of their role(s). For over 20 years, our Guiding Principles of; doing the right...


  • Pittsburgh, United States Merrick Bank Full time

    Job DescriptionJob DescriptionMerrick Bank employees share in our mission to delight our customers and empower underserved consumers to achieve their credit goals. In return, we delight our associates; ensuring they are noticed, heard, appreciated and understand the importance of their role(s). For over 20 years, our Guiding Principles of; doing the right...