Information Security Risk
2 months ago
The Computing Services central IT department provides services that have a strategic impact on university goals. We make service decisions based on interaction and valuable input from colleagues engaged in the education, research, and administration efforts of the university. We are a learning organization and approach successes and mistakes as a learning experience to continually cultivate a culture of intelligent risk taking. We want to hire versatile team members who are inspired and passionate about their work. Join us and be part of a team committed to excellence, innovation, diversity, team and individual growth.
CMU’s Computing Services department is searching for an Information Security Risk & Compliance Analyst. The Information Security Risk & Compliance Analyst will assess, document, and implement various controls for the University. This individual manages the control documentation and advises on best business practices for all stakeholders. The incumbent is responsible for managing processes for third party vendor assessment, systems audit assistance, coordination, and support (e.g., internal audit for information security). This includes familiarity with risk assessments, privacy regulations, and sets of controls. The incumbent will have a well-rounded technical background in Information Technology (IT). This includes and is not limited to software development, DevOps, systems, help desk, risk management, and information security.
Your core responsibilities will include:
Assist in enhancing existing risk metrics and report high impact items to key campus stakeholders.
Audit IT systems and ensure the established controls are being followed. Identify security findings and assist in driving risk items to closure with the correct stakeholders.
Familiarity with risk assessments and common control sets: Cyber Security Framework (CSF), Cybersecurity Maturity Model Certification (CMMC/ NIST 800-171), and Payment Card Industry – Data Security Standard (PCI-DSS).
Lead compliance projects involving multiple stakeholders within established deadlines.
Manage the documentation and development of policies, guidance and procedures related to information security for the University’s Information Security Office (ISO). This includes writing, evidence-gathering, and investigating existing processes and regulations and implementing best practices.
Managing requests for information related to privacy regulations and risk management: General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA).
Must be a quick learner with an interest in the intersection of information security, people, and the law. The incumbent needs a strong understanding of the bridge between security and business, and be attentive to details.
Partner with key internal campus stakeholders on processes and controls, including the Office of the Vice Provost for Research, University Libraries, University Health Services, Treasury, and Enterprise Risk Management (ERM).
Proficient with Microsoft Office Suite (e.g., Word, Excel, PowerPoint, etc.) and other document-sharing tools (e.g., Google Docs, Box, etc.).
Review 3rd party documentation to determine information security risk, and communicate those risks to stakeholders.
Strong communication skills, both written and oral. The incumbent will communicate with a variety of audiences, so it will be imperative to write and speak to both technical, end-user and executive audiences, depending on the context of the situation and matter at hand.
Other duties as assigned.
Flexibility, excellence, and passion are vital qualities within Computing Services. Inclusion, collaboration, and cultural sensitivity are valued competencies at CMU. Therefore, we are in search of a team member who is able to effectively interact with a varied population of internal and external partners at a high level of integrity. We are looking for someone who shares our values and who will support the mission of the university through their work.
Qualifications:
Bachelor’s Degree
3-5 years of relevant work experience
Certifications:
Certified Information Systems Auditor (CISA)
Certified Information Systems Security Practitioner (CISSP)
International Information Systems Security (ISC)2
Requirements:
Successful background check
Joining the CMU team opens the door to an array of exceptional benefits, available to all full-time Carnegie Mellon University employees. Experience the full spectrum of advantages, from comprehensive medical, prescription, dental, and vision insurance to enticing retirement savings programs. Unlock your potential with tuition benefits, and take well-deserved breaks with generous paid time off and holidays. Rest easy knowing you're covered by life and accidental death and disability insurance.
-
Information Security Risk
4 weeks ago
Pittsburgh, Pennsylvania, United States Carnegie Mellon University Full timeInformation Security Risk & Compliance Analyst - Computing ServiceslocationsPittsburgh, PAtime typeFull timejob requisition id2022006The Computing Services central IT department provides services that have a strategic impact on university goals. We make service decisions based on interaction and valuable input from colleagues engaged in the education,...
-
Pittsburgh, Pennsylvania, United States Carnegie Mellon University Full timeAbout the RoleCarnegie Mellon University's Computing Services department is seeking a highly skilled Information Security Risk Management Specialist to join our team. As a key member of our organization, you will play a critical role in assessing, documenting, and implementing various controls to ensure the security and integrity of our systems and data.Key...
-
Information Security Risk
4 weeks ago
Pittsburgh, United States Carnegie Mellon University Full timeInformation Security Risk & Compliance Analyst - Computing ServiceslocationsPittsburgh, PAtime typeFull timejob requisition id2022006The Computing Services central IT department provides services that have a strategic impact on university goals. We make service decisions based on interaction and valuable input from colleagues engaged in the education,...
-
Information Security Analyst
14 hours ago
Pittsburgh, Pennsylvania, United States PNC Financial Services Group Full timeJob DescriptionPosition OverviewAt PNC Financial Services Group, our workforce is our most significant differentiator and competitive edge in the markets we operate. We are united in providing the best experience for our clients. Each day, we collaborate to cultivate an inclusive workplace culture where all employees feel respected, valued, and empowered to...
-
Information Security Compliance Analyst
16 hours ago
Pittsburgh, Pennsylvania, United States Duquesne Light Company Full timePosition Overview:The Governance, Risk, and Compliance (GRC) team at Duquesne Light Company plays a crucial role in ensuring that the organization's information security goals are achieved. This team is dedicated to upholding compliance with the company's IT and Information Security policies and protocols.Key Responsibilities:Design, refine, and uphold...
-
Information Security Compliance Analyst
5 days ago
Pittsburgh, Pennsylvania, United States Duquesne Light Company Full timeOverall Purpose:The Governance, Risk, and Compliance (GRC) team is tasked with ensuring that Duquesne Light's information security goals are achieved. This team emphasizes adherence to the organization's IT and Information Security policies and protocols.Key Responsibilities:Develop, refine, and uphold information systems, platforms, and IT operational...
-
Information Security Solutions Architect
6 days ago
Pittsburgh, Pennsylvania, United States Alcoa Full timeTransform Your Career At Alcoa, you will play a pivotal role in our mission: to convert raw potential into tangible advancements. We believe that every member of our team is a catalyst for change, whether through innovative ideas, collaborative efforts, or impactful actions. As part of Alcoa, you are integral to our mission: to convert raw potential into...
-
Cybersecurity Engineer
6 days ago
Pittsburgh, United States RAND Full timeJob Type: Regular Cybersecurity Engineer - Vulnerability Management Lead - Information Security Summary: Information Security is seeking a skilled Vulnerability Management Lead to manage the development, implementation, and operations of RAND'S vulnerability management program. This role involves identifying, analyzing, and mitigating vulnerabilities,...
-
Pittsburgh, Pennsylvania, United States Risk & Insurance Management Society Inc Full timePosition OverviewShape the future of risk management.Risk & Insurance Management Society Inc. is at the forefront of the financial services industry, managing substantial assets and providing exceptional governance in risk and control. With a legacy of innovation and excellence, we are dedicated to empowering our employees to thrive in a dynamic...
-
Information Security Analyst
2 months ago
Pittsburgh, United States ConsultUSA Full timeDescription:Our client has an immediate need for an Information Security Analyst, who will be responsible for assisting with handling the day-to-day operational responsibilities such as log monitoring, investigations, user support, vulnerability remediation, and other associated tasksRequirements:Bachelor’s degree in Information Security, Computer Science,...
-
Information Security Analyst
4 days ago
Pittsburgh, United States ConsultUSA Full timeDescription: Our client has an immediate need for an Information Security Analyst, who will be responsible for assisting with handling the day-to-day operational responsibilities such as log monitoring, investigations, user support, vulnerability remediation, and other associated tasks Requirements: Bachelor's degree in Information Security, Computer...
-
Information Security Analyst
2 months ago
Pittsburgh, United States ConsultUSA Full timeDescription:Our client has an immediate need for an Information Security Analyst, who will be responsible for assisting with handling the day-to-day operational responsibilities such as log monitoring, investigations, user support, vulnerability remediation, and other associated tasksRequirements:Bachelor’s degree in Information Security, Computer Science,...
-
Pittsburgh, Pennsylvania, United States Risk & Insurance Management Society Inc Full timePosition OverviewInnovate and Lead in Risk Management.At Risk & Insurance Management Society Inc, we are at the forefront of integrating business acumen with financial expertise and technological advancement. As a premier organization in the risk management sector, we handle extensive portfolios, ensuring compliance and operational excellence.With a legacy...
-
Pittsburgh, Pennsylvania, United States Risk & Insurance Management Society Inc Full timePosition OverviewShape the future of risk management.At Risk & Insurance Management Society Inc, we are at the forefront of integrating business acumen with financial oversight and technological innovation. As a leader in the industry, we manage substantial assets and provide critical services to our clients, including some of the most prominent institutions...
-
Risk Management Specialist
2 days ago
Pittsburgh, Pennsylvania, United States Ikea Full timeAbout the RoleThis is an exciting opportunity to join IKEA as a Risk Management Specialist, where you will play a crucial role in enhancing the everyday life of our customers and colleagues.Key ResponsibilitiesPromote Risk Awareness: Facilitate informed decision-making within the unit to align with business objectives and strategies.Analyze Safety & Security...
-
Cyber Risk Engineer
2 months ago
Pittsburgh, United States Carnegie Mellon University Full timetendersglobal.net Cybersecurity Risk Engineers at the SEI use advanced skills in statistics, mathematics, risk analysis, systems engineering, economics and other technical fields in an interdisciplinary manner to help our government and industry clients research and solve cyber security challenges. In this role, you will work with our customers to...
-
Cyber Risk Engineer
1 month ago
Pittsburgh, Pennsylvania, United States Carnegie Mellon University Full timeCybersecurity Risk Engineers at the SEI use advanced skills in statistics, mathematics, risk analysis, systems engineering, economics and other technical fields in an interdisciplinary manner to help our government and industry clients research and solve cyber security challenges. In this role, you will work with our customers to identify areas where...
-
Director, Insider Risk Manager
1 month ago
Pittsburgh, United States The Bank of New York Mellon Full timeDirector, Insider Risk Manager At BNY, our culture empowers you to grow and succeed. As a leading global financial services company at the center of the world's financial system we touch nearly 20% of the world's investible assets. Every day around the globe, our 50,000+ employees bring the power of their perspective to the table to create solutions with our...
-
Gov Risk
3 weeks ago
Pittsburgh, United States Duquesne Light Company Full timeOverall Purpose : The Information Security Governance, Risk, and Compliance ("GRC") team is responsible for ensuring that Duquesne Light's information security objectives are met. This group focuses on compliance with the company's IT and Information Security policies and procedures. Job Responsibilities: Develop, enhance and maintain information...
-
Risk Modeling Analyst
2 months ago
Pittsburgh, United States The Ladders Full timePosition Summary The Risk Modeling Analyst supports the market risk measurement and reporting function by maintaining responsibility for the technical underpinnings of the Market Risk department's analytical systems. This includes integration and testing of third-party prepayment and default models, deal structuring libraries (Intex), term structure models,...
