Information Security Analyst, Senior

Posting Number: req25990 Department: Information Security Services Location: To Be Determined Address: USA Position Highlights University Information Technology Services (UITS) is the University of Arizona's central technology organization. UITS delivers enterprise and specialized technology services that support students, faculty, researchers, staff, and campus partners. Through innovation, strategic partnerships, and a commitment to accessibility and continuous improvement, UITS supports the evolving needs of a leading research university and the communities it serves. The Information Security Office Governance, Risk, and Compliance team is seeking a highly skilled and experienced Information Security Analyst, Senior (Information Security Analyst IV). This position is responsible for ensuring the University's cybersecurity program meets regulatory, sponsor, and contractual requirements through strong framework alignment, research assurance, compliance governance, and third-party risk management. The role serves as a key bridge between information security, research, procurement, and executive leadership, translating complex cybersecurity expectations into practical, defensible programs. By shaping strategy, maintaining critical documentation, and advising stakeholders, this position helps protect sensitive data while enabling the University's teaching and research mission. Candidates working anywhere in the U.S. may be considered for a remote assignment. If you are selected for this position and are employed to work remotely from outside of Arizona, your overtime exemption status will depend on the laws of the state where you perform your work. For employees working outside of Arizona, you may be hired as an hourly employee in accordance with state laws. A comparable hourly rate range would be $48.03 - $62.44. These changes would not affect the position duties as outlined. Outstanding UA benefits include health, dental, and vision insurance plans; life insurance and disability programs; paid vacation, sick leave, and holidays; UA/ASU/NAU tuition reduction for the employee and qualified family members; retirement plans; access to UA recreation and cultural activities; and more! The University of Arizona has been recognized for our innovative work-life programs. For more information about working at the University of Arizona and relocation services, please click here . Duties & Responsibilities Cybersecurity Framework Alignment and Program Documentation Ensure the University's enterprise security program maintains documented, defensible alignment with recognized cybersecurity frameworks. Lead ongoing alignment with NIST SP 800-53 Revision 5, monitor framework updates, and assess their applicability to University systems and processes. Maintain and manage crosswalks and mappings to additional regulatory and sponsor-driven frameworks, including CMMC, GLBA, HIPAA, NSF RIG, FDA Part 11, SCF, and emerging cybersecurity requirements. Research Cybersecurity Assurance Develop, maintain, and continuously improve cybersecurity assurance programs that demonstrate the maturity and adequacy of security controls supporting University research activities. Collaborate directly with Principal Investigators (PIs), research staff, and system administrators to ensure research workflows, systems, and data environments meet University baseline security standards and specific sponsor or regulatory cybersecurity requirements. Serve as a subject matter expert supporting inquiries related to research cybersecurity. GLBA Compliance Program Management In partnership with the University's Qualified Individual (QI) and senior leadership through the GLBA Compliance Governance Committee, design, implement, and maintain the University's comprehensive Written Information Security Program (WISP). Ensure the program includes appropriate administrative, technical, and physical safeguards to protect customer information. Support governance, risk management, documentation, and reporting activities to demonstrate ongoing GLBA compliance. Vendor and Contract Security Oversight Develop, implement, and sustain a University-wide vendor and contract security strategy to manage third-party cybersecurity risk. Work closely with Supply Chain Services and the Office of Research Contracts & Agreements to ensure downstream vendor security controls meet institutional requirements and upstream sponsor obligations are met. Provide strategic guidance on security-related contract language, review third-party security documentation (e.g., SOC reports), and offer advisory services during contract negotiations and vendor management. Knowledge, Skills and Abilities: Knowledge of cybersecurity risk management frameworks, including NIST SP 800-53, and their application in large, complex organizations. Knowledge of regulatory and compliance requirements such as GLBA, HIPAA, CMMC, and research sponsor cybersecurity expectations (e.g., NSF, FDA). Knowledge of third-party risk management concepts and vendor security assessment practices. Knowledge of research computing environments and the unique cybersecurity risks associated with academic research. Skill in developing and maintaining cybersecurity policies, standards, and formal program documentation. Skill in analyzing and mapping security controls across multiple regulatory and industry frameworks. Skill in reviewing contracts and third-party security reports (e.g., SOC 2) and providing risk-based recommendations. Skill in facilitating cross-functional collaboration among technical staff, researchers, legal, procurement, and executive stakeholders. Ability to communicate complex cybersecurity and compliance concepts clearly to both technical and non-technical audiences. Ability to handle confidential and sensitive information with discretion and professionalism. Ability to balance regulatory compliance, security risk, and operational needs in a research-intensive academic environment. Ability to work independently, exercise sound judgment, and influence outcomes without direct authority. This job posting reflects the general nature and level of work expected of the selected candidate(s). It is not intended to be an exhaustive list of all duties and responsibilities. The institution reserves the right to amend or update this description as organizational priorities and institutional needs evolve. Minimum Qualifications Bachelor's degree or equivalent advanced learning attained through professional level experience required. Minimum of eight (8) years of relevant work experience, or equivalent combination of education and work experience. Preferred Qualifications Experience with cybersecurity governance, risk, and compliance programs. Experience working with cybersecurity frameworks such as NIST, CMMC, GLBA, HIPAA, or similar standards. Experience with cybersecurity compliance, assurance, or risk management in a regulated environment. Experience with vendor security reviews, third-party risk assessments, contract reviews, or SOC reports. Experience developing cybersecurity policies, standards, procedures, or program documentation. FLSA: Exempt Full Time/Part Time: Full Time Number of Hours Worked per Week: 40 Job FTE: 1.0 Work Calendar: Fiscal Job Category: Information Technology Benefits Eligible: Yes - Full Benefits Rate of Pay: $99,901 - $129,871 Compensation Type: salary at 1.0 full-time equivalency (FTE) Grade 12 Compensation Guidance The Rate of Pay Field represents the University of Arizona's good faith and reasonable estimate of the range of possible compensation at the time of posting. The University considers several factors when extending an offer, including but not limited to, the role and associated responsibilities, a candidate's work experience, education/training, key skills, and internal equity. The Grade Range represent a full range of career compensation growth over time. The university offers compensation growth opportunities within its career architecture. To learn more about compensation, please review our Applicant Compensation Guide and our Total Rewards Calculator . The Grade Range for this position is [$99,901 - $159,847 annual]. Each unit typically sets starting pay between the minimum and midpoint upon hire as reflected in the Rate of Pay field above. Career Stream and Level PC4 Job Family Information Security Job Function Information Technology Type of criminal background check required: Fingerprint criminal background check (security sensitive due to title or department) Number of Vacancies: 1 Contact Information for Candidates ... Open Until Filled: Yes Documents Needed to Apply: Resume and Cover Letter Special Instructions to Applicant The application window is anticipated to close on June 1, 2026. Notice of Availability of the Annual Security and Fire Safety Report In compliance with the Jeanne Clery Campus Safety Act (Clery Act), each year the University of Arizona releases an Annual Security Report (ASR) for each of the University's campuses. These reports disclose information including Clery crime statistics for the previous three calendar years and policies, procedures, and programs the University uses to keep students and employees safe, including how to report crimes or other emergencies and resources for crime victims. As a campus with residential housing facilities, the Main Campus ASR also includes a combined Annual Fire Safety report with information on fire statistics and fire safety systems, policies, and procedures. Paper copies of the Reports can be obtained by contacting the University Compliance Office at ... .