IT Security Specialist
Position Number: 00040230
Primary Function of Organization Unit: The Security & Compliance Unit (S&C) within the Office of Information Technology oversees the security of the University's systems and data in a manner that is consistent with industry best practices and the University's compliance obligations. S&C develops (and ensures compliance with) information security policies/regulations/procedures, oversees implementation of strategic information security initiatives, provides routine security services, provides campus-wide software license management, coordinates IT resilience efforts and provides portfolio/project management guidance for OIT. The Information Security Risk and Assurance (ISRA) team within S&C is a central point for managing university IT security risk and compliance activities. The unit is primarily responsible for IT security strategic planning, solutions architecture, service development, incident response program development, compliance relating to HIPAA, FERPA, PCI DSS, NIST 800-series, GLBA, ISO 27001/2 etc., security awareness, policy and standards development, etc.
Essential Job Duties: The IT Security Specialist is responsible for establishing security rules and procedures based on university policies, state and federal requirements, and contractual obligations. The Security Specialist plays a key role in helping to implement the university cybersecurity strategic plan. He/she has responsibilities for management of the university data sensitivity framework (classification, controls development, training, etc.). This position designs and manages security solutions to meet university-wide requirements to protect information systems and sensitive data in accordance with applicable requirements and best practices such as NIST 800-53, NIST 800-171, PCI DSS, DMCA, HIPAA, ISO 27001/2, GLBA, FERPA. The Security Specialist plays a pivotal role in the university IT governance, risk and compliance (ITGRC) program, including development and management of the ITGRC system. The Security Specialist will also provide significant leadership in developing university cybersecurity metrics to measure the effectiveness of security projects and programs to ensure alignment with the current threat landscape. The Security Specialist serves as a subject matter expert (SME) and adviser to key university units and stakeholders on major IT security systems and processes. This includes serving as security SME for complex university networks, major applications systems and databases, emerging technologies, to facilitate security throughout the life cycle of these systems to eliminate known vulnerabilities and defend against emerging threats. The Security Specialist provides consultation relating to business process to help university units identify and harden critical processes against cyber fraud and other security threats. The Security Specialist manages the university security liaison program which seeks to extend the reach of the security department to other units across the university. Finally, the Security Specialist also manages internal and external IT audit engagements by providing expert interpretations of audit requests and OIT management responses, and helping to streamline engagements to reduce impact of audits on OIT personnel.
Department Required Skills: Ability to quickly learn about changing business requirements and react appropriately to provide sound advice or develop effective solutions. Strong customer service skills. Ability to work effectively as part of a team. Professional/technical knowledge in one or more major operating systems (Windows, Linux, etc.) and network infrastructure components (routers, firewalls, NIDPSes, proxy servers, etc.)
Preferred Experience, Skills, Training/Education: The following certifications are highly desirable: * CISSP * CISM * CISA * SANS Global Information Assurance Certifications based on field of work : Certified Incident Handler, Certified Intrusion Analyst, Penetration Tester/Web Application Penetration Tester, and Certified Forensic Analyst/Examiner).
Necessary Licenses and Certifications: The following certifications are not required but may be required at a future date as a condition of employment: * CISSP * CISM * CISA * SANS Global Information Assurance Certifications based on field of work (Certified Incident Handler, Certified Intrusion Analyst, Penetration Tester/Web Application Penetration Tester, and Certified Forensic Analyst/Examiner)
AA/EOE: NC State University is an equal opportunity and affirmative action employer. All qualified applicants will receive consideration for employment without regard to race, color, national origin, religion, sex, gender identity, age, sexual orientation, genetic information, status as an individual with a disability, or status as a protected veteran.
Individuals with disabilities requiring disability-related accommodations in the application and interview process, please call 919-515-3148. Final candidates are subject to criminal & sex offender background checks. Some vacancies also require credit or motor vehicle checks. If highest degree is from an institution outside of the U.S., final candidates are required to have their degree verified at "www.wes.org":http//wes.org. Degree must be obtained prior to start date.
NC State University participates in E-Verify. Federal law requires all employers to verify the identity and employment eligibility of all persons hired to work in the United States.