Skip to main content

Job Standard for IT Information Security Analyst 2

Employee Name:

Employee ID:

Employee PCN:

How to use this Job Standard:

  1. Click “View in Google Docs/Download” and download to Word.
  2. The Job Overview, Level Scope, Minimum Qualifications and Essential Job Functions are specific to this job’s competencies and cannot be edited.
  3. For the Job Posting you may;
    1. update/change the purpose to add in department specific information, 
    2. add key responsibilities to the 35% of the time, specific to your department needs, 
    3. add a preferred qualifications section
    4. post the position using the business title

The statements on this job standard are intended to describe the general nature of the role and level of work being performed. They are not intended to represent an exhaustive list of all responsibilities, duties and skills required of the employee.

Information Security Analyst 2 Overview

  • Work Type: Professional
  • Job Code: 75551
  • Pay Grade: P9
  • FLSA Status: Exempt
  • Career Level: Senior
  • Family: Information Technology
  • Function: IT Security


Oversee access management for a variety of enterprise applications. Additionally, this position will work with other Information Security Analysts to review, design and test information systems security plans and procedures, to perform security reviews and access audits, to recommend security solutions, to advise on systems and application-level security configurations and to investigate and mitigate security risks as required.

Level Scope

Recognized subject matter expert who knows how to apply theory and put it into practice with in-depth understanding of the professional field with limited oversight from managers. Independently performs the full range of responsibilities within the function; requires deep job knowledge of area typically obtained through higher education combined with experience. Manages large projects or processes and problems faced are difficult and often complex; analyzes problems/issues of diverse scope and determines solutions. May manage programs that include formulating strategies and administering policies, processes and resources; functions with a high degree of autonomy. Influences others regarding policies, practices and procedures.

Minimum Qualifications

Bachelor’s degree and 5 years of experience or equivalent professional experience. Prefer degree concentration in: Computer Information Systems, Management Information Systems, Computer Science, Technical Writing or Business.

Knowledge, Skills and Abilities

  • Knowledge and understanding of application security.
  • Knowledge and understanding of relational database systems and tools such as SQL and SQL query tool(s), such as Oracle SQL Plus.
  • Knowledge and understanding of ERP concepts and functions.
  • Knowledge and experience in the software development process.
  • Knowledge and/or experience in evaluation of security setup to meet business needs.
  • Excellent communication (oral and written), interpersonal, organizational and time management skills.
  • Ability to present and explain complex technical topics, problems, alternative solutions to others.
  • Knowledge of or experience in a higher education or government organization working with ERP systems.
  • Knowledge of or experienced in analytical and troubleshooting skills with complex technical subjects and tasks.
  • Knowledge of or experience as a security administrator in a software development environment working with an ERP system.
  • Knowledge of or experience working with both functional and technical users to define needs and changes.
  • Knowledge of or experience in security design and setup.
  • Knowledge of or experience with state and federal regulations around identity management.
  • Ability to determine what security alternatives are feasible and which alternative best solves the problem at hand.
  • Ability to determine when to file a case and/or to escalate an existing case with the vendor’s technical support center.
  • Ability to determine when to escalate or implement certain levels of risk mitigation.

Essential Functions

Key Responsibilities

60% of Time the Information Security Analyst 2 must:

  • Manage account provisioning and deprovisioning
  • Coordinate with service providers and data stewards regarding approval and implementation of access.
  • Review each new security change received by OIT to ensure that it is both complete and clear and resolve any ambiguity.
  • Work with campus departments to define new security and access where aid is needed.
  • Ensure changes are prioritized, categorized and calendared to insure all items are successfully accomplished.
  • Work with OIT/Enterprise Application Systems (EAS) Management to resolve issues that arise in the security process.
  • Maintain Appropriate Documentation.  All security Roles and data restrictions must be documented on an ongoing basis and available to data stewards.
  • Research and recommend policies and procedures to protect information assets from unauthorized or accidental modification, destruction or disclosure. Identify, collect, analyze, interpret and assist in the reporting of security metrics.
  • Audit PeopleSoft and non-PeopleSoft Applications.
  • Evaluate Changes to PeopleSoft Application Security as required by Campus, State and Federal Regulations. Actively review changes to legislation and regulations such as FERPA, HIPAA, PCI, etc.  Make recommendations to management related to required changes.
  • Pro-actively participate in security and technology groups and associations, both internal and external to the University.
  • Train and mentor ISS employees and student employees.
  • Train Functional Users in appropriate security concepts on a regular basis.  Conduct security training and assist with awareness programs, including content development for the Information Security Services website.
  • Maintain working relationships within OIT, campus community, and outside vendors

35% of Time the Information Security Analyst 2

  • Determined by department needs

5% of Time the Information Security Analyst 2

  • Perform other duties as assigned

Work Environment and Physical Demands

Exerting up to 10 pounds of force occasionally (Occasionally: activity or condition exists up to 1/3 of the time) and/or a negligible amount of force frequently (Frequently: activity or condition exists from 1/3 to 2/3 of the time) to lift, carry, push, pull, or otherwise move objects, including the human body. General office work involves sitting most of the time, but may involve walking or standing for brief periods of time.

Travel Requirement

May be required to travel with overnight stays for training.

Career Path

Additional training/education or equivalent experience, as well as business need, are required for movement into higher level jobs.


Incumbent must perform the essential duties and responsibilities with or without reasonable accommodation. The above statements are intended to describe the general nature and level of work. Final employment offers are contingent upon a Final Candidate’s successful completion of a Background Verification and a determination by the University that the information derived from the Background Verification does not disqualify the individual. In addition, a Financial History Check and Motor Vehicle Record (MVR) Check may be required.