Senior Information Security Analyst (Hybrid Opportunity)

About UMass Amherst

The flagship of the Commonwealth, the University of Massachusetts Amherst is a nationally ranked public land-grant research university that seeks to expand educational access, fuel innovation and creativity, and share and use its knowledge for the common good. Founded in 1863, UMass Amherst sits on nearly 1,450-acres in scenic Western Massachusetts and boasts state-of-the-art facilities for teaching, research, scholarship, and creative activity. The institution advances a diverse, equitable, and inclusive community where everyone feels connected and valued—and thrives, and offers a full range of undergraduate, graduate and professional degrees across 10 schools and colleges, and 100 undergraduate majors. We believe every member of our university community can contribute to our ongoing success by striving for the highest level of excellence as we seek breakthrough solutions to mounting environmental, social, economic, and technological challenges in our world.

Job Summary

The Senior Information Security Analyst is a strategic and senior-level analyst with a primary focus on risk assessment, security governance, and project-based security initiatives. This role is responsible for evaluating and mitigating security risks, leading compliance initiatives, and driving security-related projects that enhance the University's overall cybersecurity posture. The position collaborates closely with senior leadership on building and managing an effective, comprehensive security program that supports compliance with legal and business requirements in support of the University’s mission.

Essential Functions

• Collaborates with campus business units to manage information security risks and meet relevant compliance requirements, including conducting risk assessments, analyzing security threats, and advising on risk mitigation strategies aligned with institutional goals.
• Provides expert guidance and leadership on security-related projects. Evaluates, recommends, develops, and manages technologies and solutions that support the information security program. Ensures security controls are effectively integrated into new and existing technologies.
• Manages system and information security incidents and events, including performing digital forensics investigations, and assisting with incident containment and notification.
• Conducts audits, assessments, and reviews of information security and privacy related threats and vulnerabilities to manage risks, including identifying and responding to vulnerabilities, alerts, events, and anomalous activity.
• Monitors established and emerging trends in IT, and information security, privacy and compliance.
• Contributes to documentation, training, and metrics gathering in support of the information security program.
• Develops and recommends updates to policies, standards, procedures, solutions and governance frameworks to address information security, compliance and privacy risks.
• Works with internal and external partners on risk management, information security and privacy related topics.

Other Functions

Performs other duties as assigned.

Minimum Qualifications

• Bachelor’s Degree with 7 (seven) years’ relevant experience, or associate’s degree with 9 (nine) years’ relevant experience, or high school diploma with 11 (eleven) years' relevant experience.
• Strong understanding of and experience with information security frameworks, privacy laws, and regulatory requirements (e.g., NIST, FERPA, HIPAA, PCI-DSS, ISO 27001).
• Extensive experience conducting risk assessments, compliance evaluations, and policy development.
• Deep understanding of security governance, risk management frameworks, and regulatory compliance.
• Demonstrated ability to lead security initiatives and projects at an enterprise level.
• Strong analytical and critical thinking skills to assess security risks and develop mitigation strategies.
• Demonstrated technical understanding of system, network and cloud security, incident management, intrusion detection, vulnerability and patch management, and other related concepts and technologies.
• Experience with security tools such as SIEM, EDR/XDR, forensics tools, firewalls, IDS/IPS, vulnerability management platforms, etc.
• Experience with computer incident response, including data collection, investigations, containment, and remediation in a large, complex environment.
• Excellent written and verbal communication skills with ability to work with a diverse constituency in a service-based organization with both technical and non-technical team members.
• Ability to manage multiple competing priorities and deadlines in a fast-paced working environment.

Preferred Qualifications

• Computer Information Systems Security Professional (CISSP) or a related information security or computer forensics certification.
• Experience with cloud environments, such as Microsoft Azure, Amazon AWS, Google GCP, etc.

Physical Demands/Working Conditions

Typical office environment.

Work Schedule

• Monday to Friday 8:30am to 5:00pm.
• Required some nights and weekends.
• Team on-call participation required.
• This position has the opportunity for a hybrid work schedule, which is defined by the University as an arrangement where an employee’s work is regularly performed at a location other than the