×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity Information Security Data Security

Information Security Analyst, Senior

Job in Tucson, Pima County, Arizona, 85718, USA
Listing for: Phase2 Technology
Full Time position
Listed on 2026-05-26
Job specializations:
  • IT/Tech
    Cybersecurity, Information Security, Data Security
Salary/Wage Range or Industry Benchmark: 100000 - 130000 USD Yearly USD 100000.00 130000.00 YEAR
Job Description & How to Apply Below

Overview

This position is responsible for ensuring the University's cybersecurity program meets regulatory, sponsor, and contractual requirements through strong framework alignment, research assurance, compliance governance, and third‑party risk management. The role serves as a key bridge between information security, research, procurement, and executive leadership, translating complex cybersecurity expectations into practical, defensible programs. By shaping strategy, maintaining critical documentation, and advising stakeholders, this position helps protect sensitive data while enabling the University's teaching and research mission.

Responsibilities
  • Cybersecurity Framework Alignment and Program Documentation
    • Ensure the university’s enterprise security program maintains documented, defensible alignment with recognized cybersecurity frameworks.
    • Lead ongoing alignment with NIST SP 800‑53 Revision 5, monitor framework updates, and assess their applicability to university systems and processes.
    • Maintain and manage crosswalks and mappings to additional regulatory and sponsor‑driven frameworks, including CMMC, GLBA, HIPAA, NSF RIG, FDA Part 11, SCF, and emerging cybersecurity requirements.
  • Research Cybersecurity Assurance
    • Develop, maintain, and continuously improve cybersecurity assurance programs that demonstrate the maturity and adequacy of security controls supporting university research activities.
    • Collaborate directly with Principal Investigators (PIs), research staff, and system administrators to ensure research workflows, systems, and data environments meet university baseline security standards and specific sponsor or regulatory cybersecurity requirements.
    • Serve as a subject‑matter expert supporting inquiries related to research cybersecurity.
  • GLBA Compliance Program Management
    • In partnership with the university’s Qualified Individual (QI) and senior leadership through the GLBA Compliance Governance Committee, design, implement, and maintain the university’s comprehensive Written Information Security Program (WISP).
    • Ensure the program includes appropriate administrative, technical, and physical safeguards to protect customer information.
    • Support governance, risk management, documentation, and reporting activities to demonstrate ongoing GLBA compliance.
  • Vendor and Contract Security Oversight
    • Develop, implement, and sustain a university‑wide vendor and contract security strategy to manage third‑party cybersecurity risk.
    • Work closely with Supply Chain Services and the Office of Research Contracts & Agreements to ensure downstream vendor security controls meet institutional requirements and upstream sponsor obligations are met.
    • Provide strategic guidance on security‑related contract language, review third‑party security documentation (e.g., SOC reports), and offer advisory services during contract negotiations and vendor management.
Knowledge, Skills, and Abilities
  • Knowledge of cybersecurity risk management frameworks, including NIST SP 800‑53, and their application in large, complex organizations.
  • Knowledge of regulatory and compliance requirements such as GLBA, HIPAA, CMMC, and research sponsor cybersecurity expectations (e.g., NSF, FDA).
  • Knowledge of third‑party risk management concepts and vendor security assessment practices.
  • Knowledge of research computing environments and the unique cybersecurity risks associated with academic research.
  • Skill in developing and maintaining cybersecurity policies, standards, and formal program documentation.
  • Skill in analyzing and mapping security controls across multiple regulatory and industry frameworks.
  • Skill in reviewing contracts and third‑party security reports (e.g., SOC
    2) and providing risk‑based recommendations.
  • Skill in facilitating cross‑functional collaboration among technical staff, researchers, legal, procurement, and executive stakeholders.
  • Ability to communicate complex cybersecurity and compliance concepts clearly to both technical and non‑technical audiences.
  • Ability to handle confidential and sensitive information with discretion and professionalism.
  • Ability to balance regulatory compliance, security risk, and operational needs in a research‑intensive academic…
Position Requirements
10+ Years work experience
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)
0
200
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search