Senior IT Cybersecurity Risk Analyst

Current staff, faculty/adjunct at Herzing University: log into UKG and navigate to Menu > Myself > My Company > View Opportunities to apply using the internal application process.

The Senior IT Cybersecurity Risk Analyst leads the identification, assessment, and management of cybersecurity and information risks across the University, ensuring risks are clearly articulated, prioritized, and actively addressed by appropriate owners. The role applies a practical, risk-based approach to security, using the CIS Critical Security Controls as the primary framework, with NIST 800-171 and the GLBA Safeguards Rule supporting regulatory and compliance alignment.

Serving as a senior individual contributor, this role provides expert risk judgment, drives remediation and incident response coordination, and serves as a primary point of contact for cybersecurity audits and assessments. Working in close partnership with the Director of Infrastructure and operational teams, the role is accountable for ensuring risks are mitigated, formally accepted, or escalated, with success measured by sustained reduction in material risk and continuous improvement of the University's security posture.

REQUIREMENTS:

• Bachelor's degree in information security, computer science, information systems, or a related field, or equivalent work experience.
• Eight or more years of experience in cybersecurity, IT risk management, IT audit, or related disciplines.
• Demonstrated experience assessing the effectiveness of security controls in operational environments.
• Strong working knowledge of the CIS Critical Security Controls, NIST 800-171, GLBA Safeguards, and related guidance such as NIST CSF or ISO 27001.
• Experience translating framework expectations into practical security recommendations that balance risk, usability, and available resources.
• Professional certifications such as CISSP, CISM, CISA, or CRISC is preferred.
• Experience in higher education or similarly complex, mission-driven organizations is preferred.
• Experience with risk or GRC tooling and security metrics is preferred.

Compensation is determined based on the qualifications, experience, and circumstances of each hire. It is uncommon for new employees to start near the top of the salary range. We offer a comprehensive benefits package, including a tuition waiver and reimbursement program, health insurance, paid time off, and a retirement savings plan with company match. The salary range for this position is $123,505 to $167,095.
Click Here or use the following link to learn more about careers at Herzing University: https://tinyurl.com/HerzingU

RESPONSIBILITIES:

• Perform cybersecurity and information risk assessments for systems, applications, vendors, and business processes, using the CIS Critical Security Controls as a practical foundation while aligning to NIST 800-171 and GLBA Safeguards requirements.
• Evaluate the design and operating effectiveness of administrative, technical, and physical security controls, focusing on whether controls meaningfully reduce risk rather than simply meeting documented requirements.
• Use CIS Critical Security Controls to assess control maturity and identify actionable improvements, applying NIST 800-171 and GLBA Safeguards as supporting frameworks where required.
• Translate technical findings into clear, business-focused risk statements that describe impact, likelihood, and practical mitigation options.
• Partner with system owners, data owners, and IT teams to define remediation strategies, compensating controls, or acceptable risk decisions, and to actively track, escalate, and report on progress until risks are reduced or formally accepted.
• Assess day-to-day security practices, including access management, incident response readiness, monitoring practices, vendor oversight, and data protection.
• Support institutional efforts to strengthen cybersecurity posture through incremental improvements that deliver measurable risk reduction.
• Provide consultative guidance to IT and business teams on secure design, implementation, and operation of systems and services.
• Support third-party and vendor risk assessments with emphasis on actual control effectiveness and operational risk.
• Track cybersecurity risks, remediation progress, and trends to support leadership and governance reporting.
• Contribute to the development and refinement of practical risk assessment methods, security standards, and guidance.
• Participate in audits, reviews, and regulatory inquiries by providing risk-based analysis, context, and evidence.
• Stay current on evolving cyber threats, control practices, and framework guidance relevant to higher education.
• Accountable for initiating, coordinating, and driving cybersecurity incident response activities to resolution, including risk-based decision-making, escalation, and post-incident remediation tracking, while leveraging operational teams for technical execution.
• Owns the lifecycle of cybersecurity risks from identification through remediation or formal acceptance, with responsibility for ensuring corrective actions are executed by the appropriate operational owners.
• Holds operational teams accountable for implementing agreed-upon cybersecurity controls and remediation activities through defined governance, escalation, and reporting mechanisms, escalating unresolved risks and execution gaps to IT and University leadership as necessary.
• Validates that agreed remediation actions are not only planned but are operating effectively in practice and delivering measurable risk reduction.
• Depending on initiatives, occasional travel to university locations may be required.
• Perform other duties as assigned.

PHYSICAL REQUIREMENTS:

• Must be able to remain in a stationary position most of the time.
• Must be able to occasionally move around the work location.
• Constantly operates office and/or teach equipment which may include computers, copiers, fax machines, audio/visuals.
• Frequently uses voice and hearing to communicate with students, staff or colleagues face-to-face or over the telephone.
• Visually or otherwise identify, observe and assess.
• Occasionally move, carry, or lift 10 pounds.

Herzing University is committed to providing a diverse environment and is dedicated to fostering a culture and atmosphere of mutual respect. It provides an inclusive and collegial community where individuals are valued, heard and empowered to contribute to the effectiveness of the institution.

Applicants must be authorized to work for any employer in the U.S. We do not sponsor or take over sponsorship of an employment Visa at this time.

It is the university's practice to recruit and hire without discrimination because of skin color, gender, religion, LGBTQi2+ status, disability status, age, national origin, veteran status, or any other status protected by law. https://www.herzing.edu/about/diversity

Herzing University prohibits sex-based discrimination in any education program or activity that it operates. Individuals may report concerns or questions to the Title IX Coordinator. The notice of nondiscrimination is located at https://www.herzing.edu/title-ix.