Cyber Risk Analyst
- Title: Cyber Risk Analyst
- Class: Classified
- Exempt Status: Non-exempt
- Grade: 24
Job Summary
Under the direction of management, the Cyber Risk Analyst coordinates and performs PCC’s information security assessment functions and control testing reporting and activities in accordance with PCC’s Internal Controls compliance, regulatory and departmental policy and procedures. The Cyber Risk Analyst updates and maintains GRC (Governance, Risk and Compliance) records and documentation through tools, control matrices, and spreadsheets. This position supports the GRC program in order to ensure compliance with PCC’s internal controls, regulatory and information security policies and procedures. The incumbent assists GRC employees with internal audit, external audit firms, and regulatory agencies to provide supportive documentation as applicable. Additionally, the incumbent takes a support role in ensuring the security of all protected information collected, used, maintained, or released by PCC.
Typical Duties and Responsibilities
- Triages Information Security risk inquiries from PCC stakeholders to be processed and handled by the information security GRC team.
- Maintains, monitors, documents, and modifies GRC tools & systems in accordance with processes, standards, department policies, and department procedures.
- Supports reporting and analysis of risks through the use of assessments, aggregation, and monitoring key risk indicators.
- Assists with College risk and compliance management and strategy through application of PCC policies utilizing cyber security frameworks.
- Performs and investigates internal and external information security risk and policy exception assessments.
- Assists in communicating and identifying security controls, risk assessment frameworks, and processes that align to policy and regulatory requirements as well as advance College business objectives.
- Supports other staff in management and oversight of GRC program functions.
- Participates in the creation of Information Security awareness blog posts, outreach, and training materials for the PCC community.
- Remains current on best practices and technological advancements and acts as a College technical resource for security assessment and regulatory compliance.
- Reviews external threat intelligence feeds from cybersecurity agencies; sends alerts and coordinates with responsible parties to remediate risks.
- Attends and participates in meetings and committees to discuss GRC-related issues.
- Performs other duties as assigned.
Work Environment and Physical Requirements
Work environment includes frequent disruptions and changes in priorities. Work is performed in an office environment or using standard information technology equipment combined with specialized cybersecurity products. There is occasional travel between campuses or to off-site meetings. Position requires routine periods of standing and walking, and may require physical agility and the lifting of equipment (30-50 pounds). Physical skills are required for keyboarding and operating complex network and computing equipment. This position may require occasional work on weekends, evenings, and holidays to provide incident response operations, business continuity plans, or disaster recovery operations.
Minimum Qualifications
High school diploma or equivalent. Associate’s degree in computer, paralegal, or cybersecurity related discipline or two years of related training. Relevant experience may substitute for the degree requirement on a year-for-year basis. One year of work experience in cyber security programs, audits, assessments, risk, remediation, or cyber security compliance management. Certifications may substitute for education and/or work experience.
Knowledge Skills and Abilities
Knowledge of:
- Using computer technology to address information system needs with security in mind.
- Common cybersecurity frameworks and risk evaluation
- Function of security controls and how Information Security uses them.
- Working knowledge of MS Office Suite such as PowerPoint and other collaborative tools and workspace;
- Cybersecurity best practices and preventative measures.
Skills in:
- Troubleshooting, operating, and documenting computer systems and various software packages;
- Writing technical documentation and training material for a diverse audience of many skill levels;
- Executing specific cybersecurity risk frameworks;
- Interfacing with internal or external parties regarding security policy standards violations, security controls failures, and incident response situations;
- Administrating technical computer systems such as operating systems, networks, or web servers.
- Time management and team work;
- Organization and attention to detail.
Ability to:
- Effectively communicate technical issues to diverse audiences, both in writing and verbally;
- Working with diverse academic, cultural and ethnic backgrounds of community college students and staff;
- Execute under tight deadlines
- Maintaining confidentiality;
- Learn quickly and apply knowledge to new situations;
- Handle sensitive and confidential matters, situations, and data;
- Understand and follow broad and complex instructions;
- Write in an objective, lucid manner;
- Work independently and prioritize multiple tasks and adapt to needed changes;
- Remain calm under high pressure/difficult situations.
NEW: 3/2024
Portland Community College is committed to hiring and retaining a diverse workforce. We are an Equal Opportunity Employer, making decisions without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or any other protected class.