Cybersecurity Risk Analyst IV

Job no: 540260
Work type: Staff Full-Time
Location: Main Campus (Gainesville, FL)
Categories: Information Technology, Office/Administrative/Fiscal Support
Department:14700000 - IT-SECURITY

Classification Title:
IT Risk Analyst IV

Classification Minimum Requirements:
Bachelor's degree in an appropriate area and four years of relevant experience; or a high school diploma or equivalent and eight years of relevant experience. Appropriate college coursework may substitute at an equivalent rate for the required experience, but does not negate the minimum degree requirements(s).

Job Description:
UF Information Technology (UFIT) is currently seeking a professional level Cybersecurity Risk Analyst to join the Information Security Office a unit within UFIT.

The IT Risk Analyst IV serves as a professional level position in Information Security, a unit within UF Information Technology (UFIT), and will support the university's success through service and operational excellence. This senior role within the Information Assurance team of the Information Security Office is focused on conducting information security risk assessments, providing guidance and recommendations for secure implementation of technology and processes, and continuing improvement and development of the university's risk assessment methodologies to protect the confidentiality, integrity, and availability of UF data and information systems in compliance with law, regulations, policies, and standards at the University of Florida (UF).

Additionally, the incumbent will serve as a subject matter expert in matters of information security, and provide advice, documentation, training and mentoring to junior staff.

Some key responsibilities and characteristics of this position are:

Executes the UF information risk assessment process, which includes (but is not limited to):

• Conducting risk assessments for internal information systems using established procedures and control baselines
• Conducting risk assessments on third-party products and services
• Developing remediation plans and recommendations to IT staff on how to address risks identified through the risk assessment
• Preparing executive-level residual risk reports to prompt risk disposition decisions
• Guiding units in creating security plans for all systems
• Establishing and maintaining a non-technical monitoring program including measures of compliance and effectiveness for administrative processes as well as technical controls related to information security

Consults on security systems, tools, and procedures to meet defined security requirements and goals:

• Assisting units in selecting technology that best fit to UF's information technology environment and supports UF information security goals
• Providing expert security guidance to help units improve security posture and reduce risk
• Guiding units in developing processes and procedures to implement UF information security policies and standards
• Producing and publishing documentation and guidance to provide direction to units on complying with information security policies and standards

Contributes to development of the UF Information security risk management program, which includes (but is not limited to):

• Evaluating and providing recommendations regarding legal, regulatory, and contractual information security compliance requirements
• Serving as subject matter expert on security control frameworks, establishing, and updating control baselines to be used at UF
• Optimizing procedures used to conduct information security risk assessments
• Contributes to the creation and modification of university information security policies and standards
• Collaborating and advising on changes and improvements to the university's Governance, Risk, and Compliance (GRC) platform used to conduct risk assessments
• Trains and mentors junior risk analysts, interns, and distributed university IT staff on the risk assessment process.
• Contributes content and collateral material to information security training and awareness programs.

Expected Salary:
$121,294 - $127,234; commensurate based on education and experience

Required Qualifications:
Bachelor's degree in an appropriate area and four years of relevant experience; or a high school diploma or equivalent and eight years of relevant experience. Appropriate college coursework may substitute at an equivalent rate for the required experience, but does not negate the minimum degree requirements(s).

Preferred:
The ideal candidate will possess the following education, experience, and skills:

EDUCATION & TRAINING:

Bachelors or Masters degree in Computer Science, Cybersecurity, or related field.

Global Information Assurance Certification (GIAC) Security Essentials (GSEC) or equivalent (preferred), Certified Information Systems Auditor (CISA) or equivalent (preferred), Certified Information Systems Security Profession (CISSP or equivalent) (preferred)

EXPERIENCE:

Minimum of 10 years of combined IT and security experience with a broad range of exposure to data, networks, systems, and web applications. Experience conducting cybersecurity risk assessments in large organizations.

SKILLS:

Excellent written and verbal communication skills, outstanding communicator; interpersonal skills; and the ability to work collegially and interact effectively with all constituencies

Excellent organizational skills and an ability to prioritize and complete simultaneous projects with minimal supervision

Accuracy, attention to detail and a customer service-oriented approach and mindset

Advanced level skills in analytical thought, problem-solving, leadership, teambuilding, conflict resolution, strategic planning, management, and IT project management

KNOWLEDGE:

Security standards, applicable laws, and regulations (National Institute of Standards and Technology (NIST), Health Insurance Portability and Accountability Act (HIPAA), Health Information Technology for Economic and Clinical Health Act (HITECH), Payment Card Industry (PCI), Federal Educational Rights and Privacy Act (FERPA), Florida Statutes)

Security issues, techniques, and implications across all existing computer platforms

Client/server, network topology, network/infrastructure security, network operating systems, web technologies, and e-commerce operations preferred

IT auditing and risk management preferred

Broad knowledge of principles of a particular field of specialization

Awareness of current standards and trends in IT and emerging technology

ABILITIES:

Work collaboratively and build strategic relationships with both internal and external clients.

Ability to think critically and creatively, have a high standard of integrity and be motivated to incorporate best practices into the organizational structure

Special Instructions to Applicants:
Work visa sponsorship is not available for this position

This is not a remote work position and is located in Gainesville, FL.

A Level 2 Criminal Background Screening is required.

• Cover Letter
• Resume
• List of professional references with contact information (Minimum of 3 with one from a previous or current supervisor)

Application must be submitted by 11:55 p.m. (ET) of the posting end date.

Health Assessment Required:No

Advertised: 15 Jun 2026 Eastern Daylight Time
Applications close: 29 Jun 2026 Eastern Daylight Time

Whatsapp Facebook LinkedIn Email App