Information Security Compliance Analyst III - 526462

Pay Grade/Pay Range: Minimum: $74,200 - Midpoint: $100,200 (Salaried E12)

Department/Organization: 200721 - Enterprise Technology

Normal Work Schedule: Monday - Friday 8:00am to 4:45pm

Note to Applicants: Position is eligible for hybrid work subject to University policy.

Job Summary: The Information Security Compliance Analyst III develops, implements, and maintains information security policies, procedures, and controls of research systems, especially those supporting Classified Information and Controlled Unclassified Information (CUI). Ensures compliance with federal, state, and organizational regulations. Conducts regular security assessments, risk assessments, and vulnerability scans. Identifies and assesses risks associated with research systems. Collaborates with stakeholders to develop risk mitigation strategies and action plans. Monitors and reports on security incidents and vulnerabilities. Develops and maintains security awareness training for researchers. Maintains records of policies, procedures, and incidents. Conducts regular audits to assess compliance and identified areas for improvement. Prepares reports for management and regulatory bodies.

Required Minimum Qualifications: Master's degree and two (2) years of IT security compliance or analysis experience; OR bachelor's degree and four (4) years of IT security compliance or analysis experience; OR associate's degree and six (6) years of IT experience to include four (4) years of IT security compliance or analysis; OR High school diploma or GED and eight (8) years of IT experience to include four (4) years of IT security compliance or analysis. Must be able to obtain and maintain security clearance. Must be a U.S. Citizen or U.S. Permanent Resident.

Additional Required Department Minimum Qualifications: Advanced training and certification.

Skills and Knowledge: Knowledge of risk assessment methodologies and security frameworks. Ability to assess or work directly with network and system security. Ability to work with SIEM tools, vulnerability scanners, and other information security tools. Understanding of security best practices. Excellent communication skills. Ability to work closely with internal teams and customers.

Preferred Qualifications: Experience with cloud platforms, particularly with Azure government clouds (GCC, GCC High, DoD). Experience in higher education or defense research environments. Current DoD 8570 IAM Level III or IAT Level III certifications are a plus. (DoD Approved 8570 Baseline Certifications - DoD Cyber Exchange). Understanding of NIST SP 800-171, DFARS 252.204-7012, and CMMC.

Background Investigation Statement: Prior to hiring, the final candidate(s) must successfully pass a pre-employment background investigation and information obtained from social media and other internet sources. A prior conviction reported as a result of the background investigation DOES NOT automatically disqualify a candidate from consideration for this position. A candidate with a prior conviction or negative behavioral red flags will receive an individualized review of the prior conviction or negative behavioral red flags before a hiring decision is made.

Equal Employment Opportunity: The University of Alabama is an Equal Employment/Equal Educational Opportunity Institution. All qualified applicants will receive consideration for employment or volunteer status without regard to race, color, religion, national origin, sex, sexual orientation, gender identity, gender expression, pregnancy, age, genetic or family medical history information, disability, protected veteran status, or any other legally protected basis, and will not be discriminated against because of their protected status. Applicants and employees of this institution are protected under Federal law from discrimination on several bases. Follow the link below to find out more. "EEO is the Law" Poster