Covering the Land of Lincoln

Data Breach & Incident Analyst, Senior, or Lead, University of Illinois at Urbana Champaign, Remote or Urbana, Illinois

The Data Breach and Incident Analyst –Privacy –will have a comprehensive understanding of privacy laws and regulations, privacy and data security controls and compliance obligations, especially areas of breach notification obligations, risk assessment, and incident response and handling. The role will primarily be responsible to assure the University applies consistent practices to notify individuals in scenarios where information has been breached in accordance with the law. The role will manage and update the policies and procedures related to breach reporting, notification, risk assessment of incidents and the definition of a breach as well as the circumstances under which notification is warranted in compliance with the law. The Data Breach and Incident Analyst, along with the Privacy Manager of Operations will advise University leadership and /or appropriate data and incident/breach governance teams of the recommendations and potential reporting obligations based on circumstances and scenarios.

Detailed Position Description:

The Technology Services Privacy and Security Office has an opening for a Privacy Data Breach and Incident Analyst. This position provides consultative and direct support regarding the privacy components of a data incident and/or breach in a privacy-principled manner. We are looking for candidates with high privacy awareness, experience and interest, technical competency, strong collaboration skills, and an interest in learning and a willingness to partner within and across the organization to support, grow, and create a culture of privacy at Illinois. If you have a passion for privacy, consider applying to this exciting role on a growing and maturing team.

Why Work at Technology Services?

Highlights of Employee Benefits

The University of Illinois is an Equal Opportunity, Affirmative Action employer that recruits and hires qualified candidates without regard to race, color, religion, sex, sexual orientation, gender identity, age, national origin, disability or veteran status. For more information, visit http://go.illinois.edu/EEO.

Position Function:

The Data Breach and Incident Analyst, Senior, or Lead will have a comprehensive understanding of privacy laws and regulations, privacy and data security controls and compliance obligations, especially areas of breach notification obligations, risk assessment, and incident response and handling. The role will primarily be responsible to assure the University applies consistent practices to notify individuals in scenarios where information has been breached in accordance with the law.

This position, along with the Privacy Manager of Operations will advise University leadership and /or appropriate data and incident/breach governance teams of the recommendations and potential reporting obligations based on circumstances and scenarios.  The role will manage and update the policies and procedures related to breach reporting, notification, risk assessment of incidents and the definition of a breach as well as the circumstances under which notification is warranted in compliance with the law.

The Senior and Lead Analysts will identify breach and incident patterns and lead other analysts through breach and incident responses. The Lead Analyst will be responsible for keeping the office as well as University community current and aware of changes to breach practices and obligations in partnership with other offices. The lead will mentor other analysts and provide training, awareness, and development opportunities as available on breach, incident, and privacy related matters.

Major Duties and Responsibilities – Data Breach & Incident Response Analyst

Operations:

  • Builds collaborative relationships with University stakeholders ahead of breach and data security/privacy incidents.
  • Builds and leads incident and breach governance, policy, procedures, and handling, and co-manages Incident Response playbook.
  • Supports the Manager, Privacy Operations, and University leadership in identifying likely breach notification obligations and executes operational practices and procedures to reduce them.
  • Supports and drafts breach notification letters, establishes call center(s), and assures the University creates meaningful notification to affected individuals in the event of a data incident/breach requiring notification.
  • Acts as liaison to the Privacy and Security Incident Response team and works closely to provide timely identification, notice and response in alignment with obligations to various notification practices and law.
  • Understands existing sources of data used by the university, data classifications, appropriate controls, and can evaluate incidents in partnership with the incident response team in alignment with those scenarios and regulatory obligations.
  • In partnership with University counsel, evaluates and coordinates all phases of a potential breach scenario and / or notification process.
  • Advises University leadership on potential obligations and best practices, along with the ethical, moral, privacy-principled approach to notification of possible or likely data breach scenarios.
  • With the Privacy Operations Manager and / or Director, identifies capabilities and improvements to the incident and breach reporting processes and advocates for the appropriate resources and capabilities to exist across the University to enable timely and accurate breach response on behalf of units.
  • Establishes and matures recommended process improvements or actions departments, units must take following a data security incident or breach and creates processes to recommend and apply consistent measures to continually improve data and system security and privacy.
  • Keeps relevant business leaders and units informed on evolving breach practices.
  • Participates with colleagues and other units to maintain a breadth of knowledge of privacy analysis, privacy design and engineering, data security and privacy capabilities, tools, processes, controls, and technologies to stay well informed of upstream and downstream privacy and identifiable data issues and needs.
  • Serves as a point of contact with Public Affairs, FOIA, and other offices related to incident and breach response, in coordination with PrivSec leadership.
  • In partnership with the Privacy Program team and Privacy, Security, Identity and Digital Risk leaders, recommends and contributes to incident and breach training, education, and awareness programs for students, faculty, and staff.
  • Contributes to data security and privacy best practices, new technologies, privacy complaints, and methods to reduce potential institution wide risks.
  • Recommends improvements to incident & especially breach response plans in the event of an unauthorized disclosure of personal information as well as compliance plans.
  • Manages and coordinates with Incident Response regarding formal administrative process for university privacy breaches or incidents. Leads data breach analyst(s) and translates findings into process and / or training programs to proactively reduce future events based on findings.

Projects, Program & Governance:

  • In partnership with Privacy and Security leadership, works with incident and breach teams and counsel to improve playbooks, processes and capabilities for incident and breach management.
  • Coordinates and facilitates University’s Data, Privacy, Security, and Identity Governance activities

Administration:

  • Manages intake improvement projects.
  • Oversees the advocacy for and improvement of processes and capabilities related to incident reporting and management.
  • Participates with Privacy and Security analysts, TechServices colleagues on unit, university, or external committees.
  • Networks with university and industry partners.

Additional Responsibilities – Senior Data Breach & Incident Analyst

  • Leads and provides supervisory and secondary review for incident and breach governance, policy, procedures, and handling, and co-manages Incident Response playbook.
  • Provides direct support to the Lead, Breach Analyst and Manager, Privacy Operations, and University leadership in identifying likely breach notification obligations and recommends updates to operational practices and procedures to reduce them.
  • Reviews draft breach notification letters, establishes call center(s), and assures the University creates meaningful notification to affected individuals in the event of a data incident/breach requiring notification.
  • Liaise and guide Breach analysts and Privacy and Security Incident Response team and works closely to provide timely identification, notice and response in alignment with obligations to various notification practices and law.
  • With data breach analyst(s), translates findings into recommended process improvements and / or training programs to proactively reduce future events based on findings.
  • Identifies possible new tools, services, and capabilities to support improved playbooks, processes and capabilities for incident and breach management.
  • Advocates for appropriate resources, staff, and funds to support obligations around breach response services, call center services, and plans and prepares appropriate capabilities to rapidly and readily scale support for large incident/breach response needs.
  • Selects and recommends “retainer” services necessary for University to rapidly meet capacity for large scale incident/breach response. Partners with breach teams, public affairs, counsel, to select and identify resources.
  • Leads and participates in disaster and continuity plans and tabletop tests aligned with possible continuity loss or breach of data.

Additional Responsibilities – Lead Data Breach & Incident Analyst

  • Provides direct support to the Manager, Privacy Operations, and University leadership in identifying likely breach notification obligations and approves updates to operational practices and procedures to reduce them.
  • With the manager, leads incident and breach governance, policy, procedures, and handling, and co-manages Incident Response playbook.
  • Develops policy and practices related to data handling practices to reduce likelihood and impact of breach related matters.
  • Identifies clear patterns where breaches commonly occur in the environment and develops training and awareness efforts to educate and reduce the risk profile related to data incidents and breaches.
  • Develops and implements incident intake improvement projects, in coordination with multiple units.
  • Leads breach prevention, remediation, and education efforts and committees, under the direction of the manger, with Privacy and Security analysts, TechServices colleagues on unit, university, or external committees.

Required Qualifications:

Analyst:

  • Bachelor’s Degree.
  • One year* of experience in supporting an incident or breach response team, analysis of data privacy, project management, policy administration, compliance, auditing/assessment, data governance, information technology or a closely related field. (*A Master’s Degree in a related field may be substituted for one year of work experience.).

Senior:

  • Bachelor’s Degree.
  • Two years* of experience in leading an incident or breach response teams, analysis of data privacy, project management, policy administration, compliance, auditing/assessment, data governance, information technology or a closely related field. (*A Master’s Degree in a related field may be substituted for one year of work experience.).

Lead:

  • Bachelor’s Degree.
  • Two years* of experience in leading an incident or breach response team, analysis of data privacy, project management, policy administration, compliance, auditing/assessment, data governance, information technology or a closely related field. (*A Master’s Degree in a related field may be substituted for one year of work experience.).
  • Demonstrated experience in employee training, supervision, project leadership, or peer coaching.

Preferred Qualifications:

  • Experience working two or more years in incident response and / or breach reporting discipline or field.
  • Certified Information Privacy Professional (CIPP) or Certified Information Privacy Professional/Information Technology (CIPP/IT).

Knowledge, Skills and Abilities:

  • Knowledge and understanding of privacy and security regulations and best practices, including federal, state, international laws, policies, and standards.
  • Proven record of identifying the need for, developing, and enforcing realistic compliance methods from a risk/benefit analysis standpoint.
  • Demonstrated ability to carry out extremely complex initiatives requiring expert knowledge of key business principles and practices.
  • Extensive background and participation in collaborative leadership activities in a higher education (or similar) environment with demonstrated results of appropriate and effective business strategies and goals being reached.
  • Demonstrated leadership and management skills.
  • Demonstrated knowledge and skills in program and project management and analysis, negotiation, and conflict resolution.
  • Demonstrated strong effective communication ability in presentation and advanced writing skills including reflecting sensitivity to tone, audience, and organizational politics.
  • Ability to communicate highly-technical matters effectively to non-technical audiences in public or private forums, across a spectrum of groups, from senior leadership to middle management and staff, demonstrating the ability to clearly define a problem/issue, succinctly describe current status, analyze data and draft reports, presentations, and other materials.
  • Demonstrates the ability to use active listening skills, oral communication skills to speak effectively and demonstrates outstanding writing skills via email, letters and in person to teams and customers.
  • Demonstrated understanding of policies and procedures, best practices, and management of incident response.

To Apply:

For further information about the Privacy Breach and Incident Analyst position, view the full job posting at http://jobs.illinois.edu. Applications must be submitted by July 19th at http://jobs.illinois.edu.

For questions about the position, contact Samantha Willits-Rosten, Technology Services HR at [email protected] or 217-300-9188. For questions about the application process, please contact 217-333-2137.

Application Submission Information:

https://jobs.illinois.edu/academic-job-board/job-details?jobID=167946

Comments are closed.

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More