The University of Wisconsin Madison Office of Cybersecurity is looking for an experienced Risk Analyst with additional knowledge of the PCI-DSS environment to collaborate and protect data for the entire campus. The Office of Cybersecurity supports the Chief Information Security Officer (CISO) and CIO/Vice Provost for Information Technology by leading and managing campus efforts to reduce risk. Protecting data is our #1 responsibility. The Office of Cybersecurity includes specialists in Cyber Defense and Incident Response, Operations Management, Policy Development, Security Awareness and Risk Management. We work across campus at all levels to remediate and mitigate risk, discuss risk tolerance, and understand the challenges faced by researchers, faculty, and staff in supporting the efforts of Teaching & Learning.
The University of Wisconsin-Madison’s Security Risk Analyst will report to the Associate Director of Risk Management and Compliance (RMC) and work closely with the Chief Information Security Officer (CISO) within the Office of Cybersecurity. This position provides risk analysis and compliance programs that support the Risk Management and Compliance (RMC) domain of the UW-Madison Office of Cybersecurity. Responsibilities include evaluating security risks and compliance strategies; offering direction, guidance, and consultation to campus IT partners; and making recommendations for the improvement in integration of cloud-based services primarily for University of Wisconsin-Madison. This position coordinates implementing university-wide, proactive, and distributed information security management programs to ensure the continuous availability, integrity, and confidentiality information assets that are provided by cloud vendors.
The Security Risk Analyst will engage campus credit card merchants to identify security controls to ensure and maintain compliance and implement best business practices. Working closely with the University of Wisconsin PCI Compliance Assistance Team, the Security Risk Analyst will recommend and identify security controls that reduce risk to an acceptable level for units that process credit data in accordance with the policies, procedures, and governance guidelines for the institution.
-Applicable professional services and/or information security experience and expertise using recognized standards (e.g., PCI Compliance, HIPAA, NIST, ISO, Cloud Security Alliance, etc.) typically obtained with a minimum of five years of experience.
-Advanced knowledge of IT security and data privacy best practices and familiarity with PCI Compliance.
-Experience executing organizational and problem-solving skills in a complex environment, specific to Cybersecurity.
-Ability to work cross departmentally with the Division of Information Technology Public Cloud Team and the UW-Madison campus partners.
-Must hold, or be able to obtain within one-year the PCI-ISA Certification.
-Bachelor’s degree in Information Technology Security or related discipline
-Experience understanding PCI Compliance reporting requirements to the credit card brands and financial institutions.
-Experience determining security controls and PCI Compliance reporting requirements for merchants that process credit cards.
-Detailed understanding of the shared responsibility model for cybersecurity.
-Experience working independently with diverse constituents to assess risk, review access to data and offer guidance to implement proper security controls.
-Working knowledge of HIPAA, PCI and NIST standards along with virtual environment and cloud computing services.
-Detailed understanding of network design, security protocols and cloud integration security, with excellent analytical and problem-solving skills.
-Experience presenting risk results to non-technical executive leadership and technical IT support teams.