|Minimum number of years and type of relevant work experience:
* Minimum of 5 years of experience delivering IT services in a large organization with at least 2 years focused on cybersecurity or information security.
* Detailed understanding of network design, security protocols and cloud integration security, with excellent analytical and problem-solving skills.
* CompTIA Security+, (ISC)2 SSCP or comparable security-related certification such as PeopleSoft Security to be obtained within the probationary period.
* Must display working knowledge of NIST, HIPAA or PCI Data Security standards.
* Understanding of project management skills including design review, threat modeling and risk profiling while working across a large, distributed organization. Must apply the understanding to a diverse IT community to include policy, regulations, and compliance requirements.
* Successful experience with describing technical concepts to non-technical, management, and leadership levels via documentation, presentations, and discussions.
* Minimum of three years' experience in information security conducting risk assessments using recognized standards from ISC(2), ISACA, or another entity (e.g. FISMA, HIPAA, NIST, COBIT or ISO).
* Hold an Information Security management level certification, i.e., (ISC)2 CISSP, ISACA CISM or CISA; or obtain within the probationary period.
* Experience in developing, implementing, and testing security controls for enterprise applications (e.g. PeopleSoft, SAP, SalesForce).
* Experience conducting risk assessments using commonly accepted frameworks (e.g. NIST, COBIT, PCI-DSS, ISO 27005:2008).
This position provides risk analysis and compliance program support for the Common Systems Cybersecurity team of the UW-Madison Office of Cybersecurity. Responsibilities include evaluating information security risks and compliance strategies; offering direction, guidance and consultation; and making recommendations for the improvement in information security of IT systems primarily for University of Wisconsin System and University of Wisconsin-Madison enterprise business applications.
A successful individual will have in-depth information security expertise as well as project management, business analysis, solution implementation skills and the ability to work under broad policy guidance. This individual must exercise sound judgment in working collaboratively and communicate effectively within a challenging environment in a visible role.
This position reports to the Office of Cybersecurity with adjacent reporting responsibility to the System Owners of Common Systems Funded enterprise business applications. The incumbent serves as a technical expert for enterprise systems and Governance, Risk Management and Compliance (GRC) and is an authority on information security risk analysis and compliance matters. As a trusted advisor and partner with University of Wisconsin System Administration, technologists, program managers and system owners, the incumbent works with the entire community in a consultative manner. The incumbent should understand organizational missions, values and goals, analyze information risks which threaten those objectives, recommend and guide large cross-functional and campus-wide teams towards appropriate security control solutions, and assist in implementing and auditing those solutions to materially reduce operational and compliance-based exposures.