Senior Information Security Analyst

Compensation:
$78,708 - $100,402
Compensation Type:
Salary
Employment Type:
Regular
Grade:
E10
Position Summary
The Senior Information Security Analyst is tasked with designing, implementing, and maintaining cybersecurity solutions to safeguard our organization's systems, networks, and data from cyber threats, thereby enhancing our security posture. This position provides expert-level technical security risk monitoring, analysis, and incident investigations to protect Central New Mexico Community College's (CNM) sensitive information and infrastructure from cyber threats and attacks. The Cybersecurity Engineer collaborates closely with cross-functional teams and leadership to formalize processes and methodologies, conduct risk assessments, and ensure compliance with regulatory requirements. The Senior Information Security Analyst raises security awareness across the CNM community through ongoing training and education initiatives, engaging staff, faculty, vendors, contractors, students, and the public via various communication channels and leads team efforts as assigned.
Duties & Responsibilities

• Leads operational tasks, incident response, and troubleshooting within the Office of Information Security.
• Provides expert-level guidance, training, and leadership to Information Security Office team members.
• Utilizes security tools and technologies including firewalls, IDS/IPS, SIEM, antivirus solutions, and encryption.
• Monitors security systems and promptly responds to security incidents, including incident triage, containment, eradication, and recovery efforts.
• Designs, implements, and maintains cybersecurity solutions such as firewalls, IDS/IPS, SIEM, endpoint protection, access management, and encryption technologies.
• Analyzes security logs, event data, and network traffic to identify and investigate potential security incidents and role discovery.
• Conducts security risk assessments and audits to identify vulnerabilities and recommend remediation measures.
• Performs security assessments of third-party vendors and service providers to ensure compliance with security requirements.
• Participates in incident response exercises, tabletop simulations, and security awareness campaigns.
• Develops and enforces security policies, procedures, and standards to ensure compliance with regulations and best practices.
• Collaborates with IT teams to integrate security controls into software and infrastructure projects.
• Engages with business users to understand application data needs and prioritize requirements.
• Stays updated with cybersecurity threats, vulnerabilities, and industry trends to mitigate risks proactively.
• Provides security awareness training to the CNM user community on data protection best practices.
• Participates in the Emergency on-Call rotation for the department and the team.
• Provides audit responses, oversees information security administrative and technical controls, and performs forensic analysis of security incidents.
• Monitors critical infrastructure and information security threats, providing first response services and delegating remediation tasks.
• Maintains technical currency in the evolving threat landscape and contributes to information security incident response teams.
• Enforces policies and procedures as appropriate.
• Performs other related duties as assigned.

• Bachelor's degree in computer science, information technology, cybersecurity, or related field
• AND
• Five (5) years of current work experience in cybersecurity engineering or related field
• Relevant certifications such as Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), Certified Information Security Manager (CISM), or GIAC Security Expert (GSE) preferred
• Advanced knowledge of network security principles, firewalls, and intrusion detection/prevention systems (IDS/IPS)
• Extensive experience with common vulnerability assessment tools (e.g., Nessus, Nmap)
• Strong quantitative and qualitative analytical abilities
• Excellent communication, collaboration, and teamwork abilities
• A combination of education and experience may be substituted for requirements of the position

• 5+ years cybersecurity experience
• CISSP/CISM/GIAC preferred
• SIEM, incident response, vulnerability management
• Experience with NIST/CIS frameworks
• Higher ed/public sector preferred
• Best consideration date: 4/2/2026