Analyst, ITS Security
#RPM
The IT Security Analyst is responsible for assessing information risk and facilitates remediation of identified vulnerabilities with the GTCC network, systems and applications. Reports on findings and recommendations for corrective action. Performs vulnerability assessments as assigned utilizing IT security tools and methodologies. Performs assessments of the IT security/risk posture within the IT network, systems and software applications, in addition to assessments within the Vendor Management Program. Identifies opportunities to reduce risk and documents remediation options regarding acceptance or mitigation of risk scenarios. Facilitates and monitors performance of risk remediation tasks, changes related to risk mitigation & reports on findings. Maintains oversight of IT and vendors regarding the security maintenance of their systems and applications. Provides weekly project status reports, including outstanding issues. The IT Security/Risk Analyst assists in all IT audits, IT risk assessments and regulatory compliance.
• Assist with management of IT security and IT risk (e.g., data systems, network and/or web) across the enterprise.
• Address questions from internal and external audits and examinations with management.
• Assist in developing policies, procedures and standards that meet existing and newly developed policy and regulatory requirements including SOX, PCI, and/or other regulatory guidance.
• Facilitate IT security/risk training curriculum.
• Serves on project teams related to IT security projects.
• Promote awareness of applicable regulatory standards, upstream risks and industry best practices across the organization.
• Assist in the development of departmental documents; architectural solutions, standard configuration documents, procedures, work processes, guidelines and reference material kept in the document library
• Assist in Project Management working to standardize technical solution and their implementation.
• Monitor security solutions; regularly verify systems performance, and direct staff on resolving security issues.
• Initiate and promote activities fostering information security awareness across the college.
• Determine and report the performance of deployed security solutions.
• Demonstrate and model the College employability skills: adaptability, communication, information processing, problem solving, responsibility and teamwork.
• Evaluating evolving security threats and developing responses to security challenges
• Evaluating new technologies and developing security practices to ensure data integrity
• Providing oversight of account management for employees and students
• Continuously train and support users on information security best practices
• Daily: PCI team members at other schools about payment card industry data security standards
• Daily: ITS Security Manager about updates and assignments
• Daily: ITS managers about major project requirements, change management approvals and related issues
• Monthly: Peers about Best Practices
• Monthly: Vendors about High-level technical solutions or designs
• Monthly: Faculty and Staff about Training on security awareness
• Annually: Peers about required annual security audits
• AAS degree in information technology or a related field from a regionally accredited post-secondary institution.
or
• Equivalent experience, 5 years of information technology with 3 years of information security
Certifications:
• Individual must be enrolled in or complete an industry-level certification (Security+, CISA, CISM, CISSP, CSSLP) within 6 months of hire date
• Bachelor’s degree in Information Systems from a regionally accredited post-secondary institution strongly preferred.
or
Equivalent experience, 10 years of information technology with 4 years of information security
Certifications:
• CISA/CISSP, CCNP, CompTIA; A+, Server+ preferred CompTIA Network+ strongly preferred
• PMP, PMBOK or similar project management training or certification preferred
• ITIL Fundamentals preferred
• Minimum of 3 years of Information Technology experience
• Minimum of 1 year of Information Security experience
• Intermediate use of security tools for forensics, penetration testing and monitoring
• 4 years of Information Technology Experience
• 2 years of Information Security experience
• Experience in a higher educational environment
• Experience with Ellucian Colleague ERP security class management
• Greater than one year experience in an IT environment with exposure to information security.
• Knowledgeable of Risk Management
• Knowledge of federal and NC state regulations relating to privacy and security of information
• Ability to conduct security training for staff and end users
• Knowledge of security related standards including PCI, NC-IIPS, NIST, ITIL, and COBIT
• Knowledgeable of current information technology security trends
• Knowledge of security related management of Word Press and Cascade CMS
• Strong organizational, communication and interpersonal skills
• Knowledge or experience conducting IT compliance assessments (Sarbanes-Oxley, PCI, etc.)
• Knowledge of security related tools including SNORT, Tripwire, Nessus, AD, Trend and SCCM
• Working knowledge of network typologies, servers, network architecture, desktop software, and phone and virtualization solutions.
• Knowledge of technical infrastructure, networks, databases and systems in relation to IT Security and IT Risk.
• Knowledge or experience with IPS/IDS and SIEM technologies.
• Prior experience working within an academic organization preferred.
• Ability to research information and document work processes, procedural guidelines as needed to support IT requirements
• Ability to assist and author policies and procedural for the department
• Proven ability to engage with Senior Management and regulators.
The following (compliance) training is required and must be completed within the first 30 days of hire with annual refresher training thereafter:
• Ethics
• Safety/Shooter on Campus
• Personal Information Protection Training (PIP)
• Anti-Discrimination/Harassment & Title IX
• Other training may be required as determined applicable.
Physical Activity:Primarily sitting
Environmental Hazard(s):<15%
Lifting:20<→50lbs.