STARS Requisition: 84124BR
University Job Title: IT, Information Security Engineer 3
Department Job Title: Information Security Engineer
The Information Security Engineer is responsible for maintaining and executing a comprehensive strategy for identifying, assessing, testing, monitoring, and reporting on compliance risks. They will interact with the Yale School of Management (SOM) community to gauge and report on the effectiveness of compliance risk mitigation. Coordinate the communication and implementation of changes to the compliance policies, programs, and procedures, as needed, to improve compliance. Work with senior leadership to implement strategy to ensure compliance across the organization. The Information Security Engineer reports to the CIO of Yale SOM IT.
Helps define a security strategy for the institution to mitigate risk and provide a series of best practices for IT to implement and maintain. Works with common information security control and compliance standards and frameworks such as HIPAA, NIST CSF and NIST 800-171.
Completes tasks designed to improve security of the organization's systems and information assets. Works with end users to understand security concerns of individual departments, implements policies or procedures, and tracks compliance through the organization. Works with a variety of information security concepts, practices, and frameworks. Relies on extensive experience and judgment to plan and accomplish goals. May lead and direct the work of others. A wide degree of creativity and latitude is expected. Contributes to moderately complex aspects of a project.
- Conduct system, departmental, and enterprise information technology risk assessments. Analyze and report on SOM risk to executive, business, technical, research, and academic stakeholders.
- Develop blueprints and strategies to address SOM’s current and future compliance and regulatory requirements in administrative, academic and research. Streamline and right size SOM’s response to regulatory and data use agreement requirements.
- Monitor the regulatory landscape for changes that may impact SOM. Respond and manage eDiscovery requests.
- Monitor SOM's adherence to Yale’s published Minimum Security Standards for IT systems and other applicable information security control and compliance standards and frameworks. Analyze and report on SOM risk to executive, business, technical, research, and academic stakeholders.
- Act as SOM liaison with IT Information Security Office. Participate and collaborate with Information Security on advisory groups and security initiatives.
- Lead and manage SOM’s research data use agreements and implementation of security requirements related to data use.
- Manage third party assessments conducted on behalf of the university and SOM.
- Maintain current knowledge of the threat landscape including attacker tactics, techniques, and procedures.
- Train and mentor team members on operational practices, information security topics, and risk differentiation.
- Perform other duties as assigned.
Required Education & Experience:
Bachelor’s Degree and four years of experience or equivalent education and experience.
Required Skills & Abilities:
- Developed analytical, critical thinking, and problem-solving skills.
- Developed interpersonal, written, communication, presentation, and organizational skills.
- Familiarity with systems analysis methods and techniques.
- Project management skills.
Experience conducting network, system, and application vulnerability and risk assessments using manual and automated tools on systems including UNIX/Linux, Windows, cloud services, virtualization environments, network devices, databases, web applications, web servers, and operational technology devices. Experience with security policy and standard creation and compliance monitoring.
- Customer Service Focus – Listening carefully to and understanding customers’ needs and proactively responding to those needs in a consistent and timely manner.
- Teamwork/Communication – Working cooperatively to achieve common goals. Support cooperation, collaboration and the sharing of information.
- Product Excellence – Provide the best quality product available and continuously upgrade standards to maintain quality.
- Leadership – Provide direction and motivation to others through communication, modeling appropriate behavior, optimism and high achievement
- Innovative – Openness to new ideas and their implementation. Ability to react and adapt to changing situations appropriately.
- Strategic Thinking – Recognize opportunities, identify critical, high pay-off activities and prioritize them to attain goals.