IT Security Professional II
- Employer
- East Carolina University
- Location
- North Carolina, United States
- Salary
- Salary Commensurate with experience
- Date posted
- Feb 15, 2021
View more
- Position Type
- Administrative, Business & Administrative Affairs, Computer Services & Information Technology, Technology Administration/Other
- Employment Level
- Administrative
- Employment Type
- Full Time
East Carolina University
IT Security Professional
II
Vacancy #:
500208
Recruitment
Range:
$74,031-$85,000
Closing
Date: Open Until Filled
Organizational Unit
Overview
Information Technology and
Computing Services (ITCS) is the central agency that supports
enterprise-wide computing at East Carolina University. ITCS,
through innovative information technology initiatives and service,
provides opportunities for the ECU community to excel in teaching,
research, and service using state-of-the-art technology and
collaborative environments. ITCS is first and foremost committed to
providing excellent information technology support for faculty,
staff, and students.
The Information Security Office within ITCS provides leadership on information security vision, strategy, and policy, advising the CIO and other university colleagues on information security and IT risk management functions that support ECU in fulfilling our mission, business obligations, and compliance requirements. The Office manages the University Information Security Program, which is composed of policies, standards, processes, and guidance that collectively form an information security governance framework for the University. The Information Security unit includes the Cyber Security Operations Center (CSOC) team responsible for detecting, analyzing, and facilitating the university’s response to cyber threats.
Job Duties
Information
Security Specialist
Reporting to the Chief Information Security Officer (CISO), the
Information Security Specialist reviews, develops, and maintains
information security policies, standards, best practices, and
employee awareness content in accordance with university business
needs, stakeholder expectations, regulatory and legal requirements,
contractual obligations, and applicable industry standards. The
person in this position analyzes complex information security
issues, conducts risk assessments, and advises clients and risk
owners on practical solutions. The Information Security Specialist
develops, manages, and implements project plans as needed to
achieve information security strategies and goals, and is able to
manage and juggle multiple responsibilities simultaneously and meet
deadlines. This employee communicates effectively with clients at
all organizational levels to provide the information needed for
informed decision making. The person in this position advises on
security incident management and reporting activities.
Security awareness and training
Regularly examine university information security awareness content
and the methods by which the content is delivered to the ECU
community and proactively address opportunities for improvement.
Work with various university resource areas to develop new content,
update existing content, and find new and improved ways of raising
campus awareness of information security responsibilities and
current best practices. Develop and provide online training,
formally present security awareness content to committees and
stakeholder groups, and report on training effectiveness to senior
administrators and impacted stakeholders.
Policy and standards development
Develop and maintain information security policies, standards, and
best practices in collaboration with relevant functional areas and
stakeholders. Assess policies, standards, and best practices for
alignment with university business needs, regulatory and legal
requirements, contractual obligations, industry standards, and the
university risk environment. Proactively identify and act on
opportunities to develop and/or improve information security
policies, standards, and best practices in order to meet the needs
and obligations of the University. Establish and lead development
teams and review groups to ensure University and stakeholder needs
are addressed.
Information security and risk management
Collaboratively perform security assessments and risk assessments
in accordance with ISO 27002, ISO 27005 and other relevant
frameworks. Consult asset owners, risk owners, and functional area
representatives to identify and assess risks to university
information and related information assets. Advise functional area
administrators and department directors on incorporating
information risks into their risk management processes and on the
treatment of risks within their respective areas of management
responsibility.
Project planning and management
Develop and manage information security projects and strategic
initiatives in accordance with defined information security
strategies and goals. This includes, but is not limited to
collaboratively developing strategic plans; formally defining and
documenting project scopes, objectives, tasks, deliverables,
success criteria and timelines; establishing and leading work
groups; directing, coordinating and tracking plan and project
activities; and reporting on progress, successes, and issues to
relevant management areas and impacted stakeholders.
Client communication and support
Consult with stakeholders and decision-makers on an ongoing basis
to develop security solution sets and strategies, and build client
support for information security projects and initiatives. Promote
information security as an essential business responsibility of
every management area by way of formal management reports,
committee presentations, and collaborative discussions with
stakeholders and decision-makers.
Incident Response and management
Work closely with the Cyber Security Operations Center (CSOC) team
who manages security incident investigations, to ensure all
relevant stakeholders and compliance functions are appropriately
involved and informed of events and progress. Advise CSOC and other
involved parties on effective incident management and reporting.
Where incident investigations are not covered by ITCS incident
response processes or other defined areas of responsibility,
provide expertise for incident response to ensure ECU information
and compliance risks are appropriately addressed.
Other duties as assigned.
Minimum
Education/Experience
Master’s degree
and 1‐2 years’ experience; or a bachelor’s degree and 2‐4 years’
experience: or an equivalent combination of education and
experience. All degrees must be received from appropriately
accredited institutions.
Preferred Experience, Skills, Training/Education
- Bachelor’s degree or higher in Computer Science, Information and Computer Technology, Information Security, or closely related area, and three or more years of experience with information security, privacy, standards compliance, and information risk management services. Experience with industry best practice security frameworks including ISO 27002, NIST, or CIS 20 is preferred.
- Experience with managing and leading complex information security related projects according to established deadlines and project plans, and with delivering security awareness training, and providing expertise for incident response planning and processes is desired. Experience contributing to an organization’s continuous improvement in information security posture is also desired.
- Having an earned security related credential/certification (CISSP, CISM, CEH, CISA, Security+, Cisco credential, or similar) is a plus, as is experience working in higher education.
Special Instructions to
Applicant
East Carolina University
requires applicants to submit a candidate profile online in order
to be considered for the position. Candidates must also submit a
cover letter, resume, and a list of three references, including
contact information, online.
Applicants must be currently authorized to work in the United States on a full-time basis.
Additional Instructions to
Applicant
In order to be considered
for this position, applicants must complete a candidate profile
online via the PeopleAdmin system and submit any requested
documents. Additionally, applicants that possess the preferred
education and experience must also possess the minimum
education/experience, if applicable.
Application Types
Accepted
Applications will be
considered until position is filled. Please submit an online ECU
application for vacancy # 500208 to ECU Human Resources at http://www.jobs.ecu.edu.
East Carolina University is an Equal Opportunity/Affirmative Action Employer.
Visit this job posting at http://ecu.peopleadmin.com/postings/39756
Get job alerts
Create a job alert and receive personalized job recommendations straight to your inbox.
Create alert