5181 Cybersecurity Analyst

POSITION IDENTIFICATION

TITLE Cybersecurity Analyst

CLASSIFICATION NUMBER 5181

GRADE 35

CLASSIFICATION Exempt

IMMEDIATE SUPERVISOR Senior Cybersecurity Analyst

GENERAL FUNCTION

The Cybersecurity Analyst reviews and evaluates information security compliance issues and concerns within the Missouri State University system. Under the direction of the Senior Cybersecurity Analyst, the Cybersecurity Analyst uses technical knowledge, professional judgement, and security software to ensure the confidentiality, integrity, and availability of university information. The Cybersecurity Analyst administers access control for the University’s Enterprise Resource Planning (ERP) information system and adjusts access control rights when personnel changes occur.

MINIMUM ACCEPTABLE QUALIFICATIONS

Education: An Associate’s degree is required. An equivalent combination of years of experience and education may be considered for substitution of educational requirements.

Experience: Two years of information technology experience with demonstrated expertise in personal computers and operating systems, server operating systems, network protocols, and enterprise architecture is required.

Skills: Excellent technical aptitude including a basic understanding of server administration, enterprise application software, and diagnostic techniques is required. The ability to perform in a problem-solving capacity including the evaluation of crisis and emergency situations is required. Effective interpersonal, organizational, and communication skills when working with a variety of constituencies possessing a wide range of technical knowledge is required.

Other: The nature of this position requires the incumbent to be available evenings, nights, and weekends to respond to concerns regarding security of the University’s information resources.

DUTIES AND RESPONSIBILITIES

1. Assures regulatory compliance related to information in areas such as Health Insurance Portability and Accountability Act (HIPAA), Family Educational Rights and Privacy Act (FERPA), and Gramm-Leach-Bliley (GLB) and works with the HIPAA Unit Security Officers to ensure full compliance in securing electronic Protected Health Information (ePHI).

2. Ensures that the University’s information security policies and procedures are followed and participates in the development and implementation of an effective information security training program.

3. Manages access to university information systems using professional judgement and effective communication skills to collaborate with institutional stakeholders.

4. Acts as an independent reviewer and evaluator to ensure that cybersecurity issues and concerns within the institution are being appropriately evaluated, investigated, and resolved using various tools and processes as directed.

5. Remains competent and current on industry issues and events through self-directed professional reading, developing relationships with colleagues, attending training, conferences, and courses.

6. Executes responsibilities outlined in the Information Security Incident Response Plan to appropriately contain, investigate, remediate, and report information security incidents.

7. Contributes to the overall success of the university by performing all other duties and responsibilities as assigned.

SUPERVISION

The Cybersecurity Analyst is supervised by the Senior Cybersecurity Analyst and may supervise graduate assistants and student workers.

OFFICE OF HUMAN RESOURCES

REVISED JANUARY 2025

JOB FAMILY 3

Factor 1: Educational/Experience Requirements of the Job

Level 8.0 - 1576 Points: A combination of education and experience equivalent to a Level 8 as indicated by the Equivalencies Chart, when permitted by the Minimum Acceptable Qualifications.

Factor 2: Supervisory Responsibility

Level 2.0 - 598 Points: Irregular but occasional responsibility to direct the work of student workers and/or temporary or part-time workers. At this level are jobs in which the incumbent may be asked to supervise small numbers of student workers, graduate assistants, or part-time employees, but the supervisory work is irregular or infrequent. The nature of supervision is largely confined to assigning tasks to others and does not include a full range of supervisory responsibilities.

Factor 3: Skill, Complexity, and Technical Mastery

Level 7.0 - 2200 Points: Professional knowledge of the principles, concepts, and specialized complicated techniques of a profession. Knowledge of a wide range of information technology methods and procedures and specialized knowledge in one or more specific functions. Knowledge permits the incumbent to provide authoritative advice on difficult assignments such as planning advanced systems. Skill in applying knowledge through analyzing, designing, organizing, and developing major programs, systems, and networks.

Factor 4: Budgetary Control

Level 2.0 - 386 Points: Individuals in jobs at this level actively document, monitor, and control expenditures. At this level incumbents may recommend minor expenditures but have no real authority over budgets.

Factor 5: Work Environment and Physical Demands

Level 1.0 - 25 Points: The work environment has only everyday discomforts associated with an office or commercial vehicle. The work area is adequately lighted, heated or cooled, and ventilated. Work is largely sedentary involving mostly sitting with occasional walking, standing, bending, or carrying of small items. No special physical demands are required of the work.

Factor 6: Work Impact and Effect

Level 5.0 - 3780 Points: Work products or services directly impact the entire university system and the well-being of large numbers of individuals. Typically the work is complex and may involve addressing conventional problems or situations with established methods or resolving critical problems or developing new processes or models to address specific problems. Improperly performed work and/or equipment or software failures produce errors and delays that affect the operations and/or reputations of the entire University. Improperly performed work and/or equipment or software failures may be remedied in the short to medium term, but at very substantial cost of time and resources. The scope of improperly performed work and/or equipment or software failure is system-wide and the nature of the activity requires that emergency repairs be performed.