Information Security Analyst

Ellucian is the world’s leading provider of software, services and insight to higher education. Ellucian helps the higher education community—students, faculty, and staff—achieve their goals more efficiently, effectively, and with reduced risk. Ellucian’s comprehensive suite of software solutions includes student information systems (SIS), finance and HR systems, recruiting and retention systems, among other offerings.

The Information Security Analyst is a member of Ellucian’s Global Information Security organization. The individual will be a self-driven security risk and compliance analyst who works closely with customers, management, and information technology teams to support the global information security governance, risk and compliance program. The candidate must be a well-rounded individual with deep technical expertise along with strong communication and project management skills.

* Support development and maintenance of information security policies, standards, procedures and guidelines. * Perform information security risk assessments and compliance audits to monitor, surface and treat security risks related to major business and technology initiatives that cut across customer-managed, cloud-hosting, and corporate computing environments; work with business and technology risk owners to document risk treatment plans as well as track and report progress on, or achievement of risk reduction activities. * Coordinate activities and support tasks associated with internal, external and customer-driven security audits to support security risk reporting as well as business development and sales activities. * Support a program to identify and manage security risks associated with critical third party service providers and vendors; conduct due diligence security/risk assessments of third party service providers and vendors; work with business and technology risk owners to document risk treatment plans as well as track and report progress on or achievement of risk reduction activities. * Develop content and support program delivery activities associated with information security awareness and training. * Deliver guidance and awareness of security policies, standards and requirements in cross-functional project settings. * Support development of information security risk and compliance processes, procedures and performance metrics; compile and deliver regular and ad-hoc reports and briefings to management, business and technology risk owners, and other audiences, as needed. * Develop and maintain documentation related tosecurity processes, systems, procedures and events.

* Bachelor’s Degree in Computer Science or Engineering, Management Information Systems, or a related technical field. * 5-7 years of combined experience in security risk and compliance management, assessment, auditing, research and/or consulting. * Active Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), or equivalent industry certifications. * Proficiency and experience in performing security risk and compliance assessments in fast-paced, global business and technology environments. * Experience in researching, authoring or supporting development of information security policies and standards. * Experience with vulnerability management. * Experience using or implementing an eGRC platform (LockPath Keylight) is highly desirable. * Experience developing security and risk performance metrics and reporting dashboards for executive, business and technical audiences. * Good understanding of ISO 27000 and SANS 20 security standards as well as other information security management or compliance frameworks. * Basic understanding of U.S. and global regulatory compliance drivers and requirements relevant to information security and data protection, such as U.S. State statutes, FERPA, and the EU Data Protection Directive. * Basic understanding of network, system, application and data protection standards, benchmarks, processes, applications, tools, and techniques. * Basic understanding of enterprise, network, system/endpoint, application and data protection issues and security risks. * 1+ years of experience performing security risk assessments of cloud-based applications and services. * Basic understanding of cryptographic controls and the application and use of encryption to safeguard network traffic, system and application data. * Solid verbal, presentation and written communication skills. * Team player; demonstrated ability to develop positive relationships and effectively communicate with management, product managers and architects, software and systems engineers, quality assurance and IT operations staff.