This job has Expired

Information Security Analyst

Allan Hancock College

Job Description

 

DEFINITION:

Under supervision of the Director, Information Technology Services, this position will design, develop, test, install, monitor, and maintain an enterprise information security program; manage the development, implementation, and evaluation of information technology security standards, best practices, architecture, and systems for the college; and ensure the integrity and security of the college’s technology infrastructure and the protection, confidentiality, integrity, and availability of information assets spanning the entire college. 

CLASS CHARACTERISTICS:

The incumbent, under minimal supervision, will have regular and ongoing responsibility for providing advanced guidance in system security best practices as well as managing projects of considerable scope and complexity while ensuring established security requirements are met. Incumbents within this classification have strong project management skills, will perform complex analyses, follow industry best practices, and implement appropriate solutions. 


*This job description is pending ratification with board approval. 

 

Essential Functions and Qualifications

 

ESSENTIAL FUNCTIONS:

  1. Provides leadership as a technical liaison with college staff and committees in facilitating the development and maintenance of an information security program.
  2. Develops, recommends, and implements information security policies, procedures, protocols, and standards pertaining to managing the security risk of college data and IT systems.
  3. Conducts periodic and scheduled IT security audits, vulnerability scans, and risk assessments to identify vulnerabilities and potential threats to security; documents results, develops mitigation strategy, and oversees implementation.
  4. Creates and maintains a security awareness training program to increase mindfulness and knowledge of employees, students, and vendors and help minimize information security risks.
  5. Conducts assessments to evaluate whether security compliance requirements are met for federal, state, and local legislation related to information security, including but not limited to FERPA, Gramm-Leach-Bliley Act (GLBA), HIPAA, General Data Protection Regulation (GDPR), and California Consumer Privacy Act (CCPA). Develops plans for any necessary remediation.
  6. Manages projects related to the procurement, development, enhancement, maintenance, and implementation of security systems.
  7. Where possible, ensures data protection through implementation of encryption while data is in transit through computer networks and while residing at rest on storage media on-site and off-site.
  8. Implements and maintains monitoring security systems to sends out alarms and alerts for IT security issues; uses those systems to identify, diagnose, resolve, and report IT security problems and incidents; coordinates and conducts investigations of breaches in IT Security; responds to emergency IT security situations.
  9. Actively inventories, tracks, and remediates devices connected to internal network resources to ensure that only authorized devices gain access. Actively manages, inventories, and tracks all authorized software running on District-owned systems.
  10. Develops and maintains Security Incident Response Plans in collaboration with technical committees, security teams, functional leads, and IT staff, and assures the plan is periodically tested and updated.
  11. Collaborates with systems and network staff to develop, test, modify, and maintain disaster prevention and recovery plans. Audits backup processes to ensure ability to recover from data loss or corruption.
  12. Works with security vendors and service providers to support security needs; assists the purchasing department in the acquisition of information systems security software, hardware, and services.
  13. Implements controls and monitoring of all authorized users’ remote access to college systems.
  14. Maintains proper security mechanisms for protection of physical IT processing and storage facilities containing sensitive data.
  15. Vets and reviews security practices and controls of third-party service providers that handle confidential data, including personally identifiable information of students and employees. Reviews security controls and features of third-party software systems.
  16. Manages user identity and access control. Controls, tracks, and audits the use of privileged accounts. Works with key stakeholders on periodic reviews of user access in functional areas. Works with HR on processes for onboarding and offboarding of employees and contractors.
  17. Utilizes industry-standard change management procedures to plan, test, and install security patches and upgrades to IT systems.
  18. Keeps current with latest emerging security issues and threats through listservs, blogs, newsletters, conferences, user groups, and networking with peers at other institutions.
  19. Performs other related functions as assigned.

 

Minimum Qualifications

 

Education and Experience:

Possession of or the equivalent to a bachelor's degree related to computer science, information systems, or related fields. Three years of full-time experience in information security, or, any equivalent combination of training and experience.

Licenses and Certificates Required:

Must possess a valid California driver's license and the ability to qualify for district vehicle insurance coverage. Certified Information Systems Security Professional (CISSP) or Certified Information Security Manager (CISM) desired.

MINIMUM QUALIFICATIONS:

Knowledge of:

  • Project management software tools, methodologies, and best practices.
  • Security standards and frameworks including NIST, PCI-DSS, and CIS Critical Security controls;
  • Multiple operating systems including recent desktop and server versions of Microsoft Windows, Mac OS, and distributions of Linux;
  • Networking concepts including routing and switching, wireless networking, and network protocols;
  • IT architecture including data centers, cloud deployment, s, network design, and wireless technologies;
  • Hardware and software monitoring tools to analyze security issues;
  • Security administration best practices;
  • Programming or scripting in at least one language such as Python, PHP, or PowerShell;
  • Security protocols including WPA/WPA2, Kerberos/AD, IPSEC, SSL/TLS, and SSH;
  • Pertinent federal, state, and local laws, codes, and regulations.

Demonstrated ability to:

  • Analyze data and draw sound conclusions;
  • Evaluate and recommend security solutions based on new and emerging technologies;
  • Design complex security systems;
  • Prepare clear, concise, and comprehensive technical reports, directions, and instructions;
  • Understand and carry out written directions;
  • Develop and maintain cooperative relationships with colleagues;
  • Plan and organize work to meet changing priorities and deadlines;
  • Collaborate with others to carry out work;
  • Exercise initiative and independence of judgment and action;
  • Explain technical concepts to a non-technical audience; 
  • Communicate clearly and concisely, both orally and in writing.

Working Conditions:

  • This is a FLSA exempt position.
  • Duties primarily performed in an office environment at a desk with a personal computer and in a data center with several servers under air conditioning.
  • The incumbent will experience interruptions while performing normal duties during the regular workday.
  • The incumbent will have contact, in person, via online meeting, by email, or on the telephone with executive, management, supervisory, academic, and classified staff.

Physical Demands:

  • Typically, may sit for extended periods of time.
  • Operates a computer.
  • Communicates via online meeting, over the telephone, by email, and in person.

Special Qualification:

A sensitivity to and an understanding of the diverse academic, socioeconomic, cultural, and ethnic backgrounds of staff and students and to staff and students with disabilities.

 

Additional Information

 

Desired start date is January 2023. This is a full-time, 40 hours per week, 12-month classified exempt position.    

Hours for this position are:

Monday - Friday, 8:00 a.m. - 5:00 p.m.

To be considered for this position, the candidate must submit the following application materials by through our websitehttps://www.hancockcollege.edu/hr/:

A cover letter

A current and complete resume/CV of education and professional experience.

Transcripts (unofficial copies are acceptable for the application process).  Official transcripts are required at time of hire. 

*Certified Information Systems Security Professional (CISSP) or Certified Information Security Manager (CISM) desired. 

Allan Hancock College provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws. This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation, and training.

Hancock College will not sponsor any visa applications.

 

*Please mention you saw this ad on AcademicJobs.*

Apply Now

Be Seen By Recruiters at the
Best Institutions

Create Your FREE Profile Now!