Title: Cyber-Security Analyst - IS-Security Location: Galveston United States Job Description: Minimum Qualifications: Bachelor's degree and one (1) year of IT or security experience. An equivalent combination of education and experience relevant to the role may be considered for this position. Preferred Qualifications: - 3 years of cybersecurity experience. - Python, Rust, C, C+, Java, and/or PowerShell. - Academic and/or working experience with TCP/IP networking, and networking services such as DNS, SMTP, DHCP, etc. - Windows, MacOS, Linux-variant operating systems, such as the file system structure, system services, and typical behavior of endpoints and servers - Cloud-based services such as Microsoft Office 365 and Azure productivity tools. Job Summary: The Security Analyst on the Governance, Risk, and Compliance (GRC) team plays a critical role in safeguarding sensitive information resources and data, ensuring organizational compliance with industry regulations. This position supports the development, implementation, and monitoring of security policies, risk management processes, and compliance frameworks such as HIPAA, TAC 202, UTS 165, and NIST cybersecurity standards. Job Duties: Under direct supervision, the Security Analyst supports the organization's information resources, security environments, and applications to ensure they remain adequately protected and aligned with the NIST Cybersecurity Framework (CSF). The role assists in activities across the CSF functions: Identify, Protect, Detect, Respond, and Recover, including supporting asset classification, implementing security controls, monitoring for anomalous activity, and participating in 24/7 incident response processes. - Complete CompTIA CySA+ certification training and successfully pass the exam within 90 days of hire. - Work assigned shifts supporting 24x7x365 Tier 1 SOC operations. - Perform alert triage across on-premises and cloud security technologies, including SIEM, IDS, antivirus, cloud services, Windows servers, network infrastructure, DLP, UBA, and user-submitted security reports. - Apply basic security controls to contain malicious activity and prevent unauthorized disclosure of sensitive information. - Escalate alerts to Tier 2 based on severity and priority, supporting follow-on incident response activities. - Contribute to SOC workflow improvements by identifying false positives and recommending process enhancements. - Assist with incident response through resolution and help develop after-action reports. - Participate in ongoing skill development to strengthen investigation and response capabilities. - Adhere to internal controls, reporting structures, and all applicable standards, processes, and procedures. - Perform other related duties as assigned by management. Working Environment: Any qualifications to be considered as equivalents in lieu of stated minimums require the prior approval of the Chief Human Resources Officer or designee. The University of Texas Medical Branch at Galveston is an Equal Opportunity / Affirmative Action University. Specific job requirements or physical location of some positions allocated to this classification may render this position security sensitive, and thereby subject to the provisions of Section 51.215, Texas Education Code. To the extent this position qualifies as a position that researches, works on, or has access to critical infrastructure as defined in Section 117.001(2) of the Texas Business and Commerce Code, there is a requirement for any applicant, employee, or contractor to have the ability to maintain the security or integrity of the infrastructure. Therefore, if applicable, anyone hired in this position or continued to be employed in this position must be routinely reviewed to determine whether they are able to maintain the security or integrity of the infrastructure. Salary Range: Actual salary commensurate with experience. Work Schedule: Remote local position, rotating shifts, including nights and weekends. Equal Employment Opportunity UTMB Health strives to provide equal opportunity employment without regard to race, color, religion, age, national origin, sex, gender, sexual orientation, gender identity/expression, genetic information, disability, veteran status, or any other basis protected by institutional policy or by federal, state or local laws unless such distinction is required by law.

Role Description The Junior Security Analyst, working closely with other analysts, will be a key contributor in providing cyber security advisory services. These services include: - Evaluating the effectiveness of security programs - Assessing risks and vulnerabilities - Identifying control gaps - Reviewing vendor reports for consistency and accuracy - Managing remediation efforts - Conducting independent security and privacy assessments - Contributing to security independent verification and validation (IV&V) activities - Reporting/presenting findings to senior state staff Job Responsibilities Include: - Analysis and comprehension of client’s overall security program and posture - Assessing technical compliance of systems against specified frameworks/requirements - Contributing to the discovery, assessment, analysis, and management of network and application vulnerabilities and remediation efforts - Identifying and documenting detailed remediation recommendations - Understanding relevant laws and regulations for security and privacy requirements - Providing consultation and framework gap analysis of vendor deliverables to the client - Drafting or recommending updates to policies, standards, procedures, and related security and privacy deliverables Qualifications - Minimum five years’ combined experience working with: - IT Audits and Assessments - Vulnerability management and/or assessing firewalls and networks, including VPN, DLP, IDS/IPS - HIPAA, CMS MARS-E, NIST, ARC-AMPE Security and Privacy control frameworks - IT governance, risk, compliance (GRC), auditing, drafting security plans and conducting risk assessments - Hold one or more privacy or security certifications such as IAPP, CHPC, CIPP, CISA, CISM, CISSP - Undergraduate degree or 4 years’ additional relevant experience Requirements - Master’s degree in computer science, management information systems, or related fields - Experience working with State DHS Privacy and/or Security - Comprehensive understanding of security and privacy controls - Exceptional analytical, communication, and collaboration skills - Thorough understanding of NIST, MARS-E, CMS Certification Frameworks - Ability to understand and translate technical jargon - Advanced client and vendor relationship management Benefits - Medical, dental, and vision insurance with an employer contribution - Flexible spending or health savings account - Life and AD&D insurance - Short and long term disability coverage - Paid time off - Employee assistance - Participation in a 401k program with company match - Additional voluntary or legally-required benefits

Role Description The Security Analyst, working closely with other analysts, will be a key contributor in providing cyber security advisory services. These services include: - Evaluating the effectiveness of security programs - Assessing risks and vulnerabilities - Identifying control gaps - Reviewing vendor reports for consistency and accuracy - Managing remediation efforts - Conducting independent security and privacy assessments - Contributing to security independent verification and validation (IV&V) activities - Reporting/presenting findings to senior state staff Job Responsibilities Include: - Analysis and comprehension of client’s overall security program and posture - Assessing technical compliance of systems against specified frameworks/requirements - Contributing to the discovery, assessment, analysis, and management of network and application vulnerabilities and remediation efforts - Identifying and documenting detailed remediation recommendations - Understanding relevant laws and regulations for security and privacy requirements - Providing consultation and framework gap analysis of vendor deliverables to the client - Drafting or recommending updates to policies, standards, procedures, and related security and privacy deliverables Qualifications - Minimum 6 years combined experience working with: - IT Audits and Assessments - Vulnerability management and/or assessing firewalls and networks, including VPN, DLP, IDS/IPS - HIPAA, CMS MARS-E, NIST, ARC-AMPE Security and Privacy control frameworks - IT governance, risk, compliance (GRC), auditing, drafting security plans and conducting risk assessments - Hold one or more privacy or security certifications such as IAPP, CHPC, CIPP, CISA, CISM, CISSP - Undergraduate degree or 4 years’ additional relevant experience Preferred Skills - Masters Degree in Computer Science Management Information Systems, or related fields - Experience working with State DHS Privacy and/or Security - Comprehensive understanding of security and privacy controls - Exceptional analytical, communication, and collaboration skills - Thorough understanding of NIST, MARS-E, CMS Certification Frameworks - Ability to understand and translate technical jargon - Advanced client and vendor relationship management Requirements Where required by law, NTT DATA provides a reasonable range of compensation for specific roles. The starting pay range for this remote role is $80,000 - $130,000. This range reflects the minimum and maximum target compensation for the position across all US locations. Actual compensation will depend on a number of factors, including the candidate’s actual work location, relevant experience, technical skills, and other qualifications. Benefits - Medical, dental, and vision insurance with an employer contribution - Flexible spending or health savings account - Life and AD&D insurance - Short and long term disability coverage - Paid time off - Employee assistance - Participation in a 401k program with company match - Additional voluntary or legally-required benefits

Role Description The Governance, Risk, and Compliance Analyst will play a key role in facilitating the development and maintenance of the organization's global governance, risk management, and compliance programs. This position will support a broad range of activities across the organization. - Facilitates the development, implementation, and maintenance of an information security framework aligned with industry best practices. - Facilitates the design and documentation of technical, administrative, and physical controls to ensure the business demonstrates compliance with its regulatory and compliance obligations. - Provides advice & counsel as directed within IT and information security initiatives to ensure the delivery of compliant and risk-appropriate solutions following existing department policies, standards, and procedures. - Facilitates examinations by security assessors and auditors for compliance obligations, such as HIPAA and ISO 27001. - Facilitates security risk assessments and recommends controls to mitigate identified security risks. - Communicates risk findings and recommendations to business stakeholders. - Facilitates the development and deployment of workforce security training and awareness. - Facilitates the development and implementation of global cybersecurity policies, standards, and procedures aligned with industry best practices, including NIST CSF and 800-series publications. - Facilitates the lifecycle management of information security policies. - Additional responsibilities may include focus on one or more departments or locations. Qualifications - Bachelor's Degree or an equivalent combination of education and experience. - 2+ years' related experience in cybersecurity governance, risk, compliance, information security, and/or other related roles. - Advanced knowledge of internal control structure, data, and technology. - Advanced knowledge of NIST CSF, NIST SP 800-series, HIPAA, FIPS, and ISO 27001:2022, and other industry best standards and requirements. - Excellent verbal and written communication skills. - Excellent organizational skills. - CISSP, CRISC, CISA, CISM, or other related certifications are preferred. - Demonstrated experience with ServiceNow IRM or a similar tool is preferred. Requirements - The rate of pay for this position will depend on the successful candidate’s work location and qualifications, including relevant education, work experience, skills, and competencies. - Annual Rate: $72,000.00 - $121,000.00 Benefits - This position offers a comprehensive benefits package including medical, dental, and vision insurance. - A 401(k) with company match. - Paid time off. - Parental leave.