Develop and maintain security policies, procedures, and standards to establish best practices and ensure compliance with industry standards and regulations, such as HIPAA, FERPA, PCI DSS, and GDPR. Create and maintain a complex variety of security and risk documentation (e.g., Policies, process diagrams, risk registers, etc.) that may be shared with various audiences.Research and analyze cybersecurity emerging threat indicators, vulnerabilities, latest cybersecurity technologies, and trends in the industry to recommend threat mitigation strategies for enhancements or countermeasures to mitigate risks and technologies to improve security posture.Stay abreast of external regulations, data security/privacy standards, and relevant data/breach notification and laws applicable to healthcare and higher education assess potential risks; translate appropriate information security and data privacy requirements into coherent policy and data management processes.Install, upgrade, maintain and monitor information security-related systems. Participate in business continuity and disaster recovery planning.Monitor, queries, and analyze security events and incidents using security information and event management (SIEM) tools to identify potential security threats and vulnerabilities.Monitor, investigate, analyze, assess cybersecurity incidents, cybersecurity breaches, and alerts from vendors cybersecurity advisories, cybersecurity tools, audit logs, network devices, and information systems to detect and respond to suspicious/malicious activities. Prepares cybersecurity breaches, incidents, and alerts reports. Ability to anticipate cyber-attacks.Conduct cybersecurity audits, assessments, and support ongoing audit requirements for all systems to identify and remediate security vulnerabilities in information systems, applications, and infrastructure.Collaborate with cross-functional teams, including IT, operations, and compliance. Work with security team(s) to perform tests and uncover network vulnerabilities to maintain a high-security standard. Identify ongoing threats to remote computers and protect against new exploits. Protect expanded attack surfaces due to increased telework.Participate in review of third-party vendor services/contracts (applications, hosting, systems, etc.) that involve the collection, processing, transmission, or storage of all data types defined by the Universitys Data Classification standards; develop and implement an ongoing supporting documentation.Participate in security awareness training to promote a culture of security awareness and compliance among employees. Assist in cultivating a risk aware culture through outreach and education.Other related duties as assigned.