Information Security Compliance Specialist
Posting InformationPosition Information Position TypePermanent Staff (EHRA NF)DepartmentITS - Information Security-602000Working TitleInformation Security Compliance SpecialistAppointment TypeEHRA Non-FacultyPosition Posting CategoryInformation TechnologySalary Range$74,500 to $108,000Full Time/Part Time?Full-Time PermanentHours per Week40Vacancy IDNF0004006Position ID00057936Posting Open Date09/17/2019Application Deadline10/01/2019Open Until FilledNoProposed Start Date10/28/2019Position Summary
The ITS – Information Security Office is broadly responsible for the security for the University of North Carolina at Chapel Hill (UNC-CH) network and attached computing devices. The Information Security Office (ISO) provides guidance and resources to prevent and respond to computer security incidents, to comply with various Federal and State privacy and security laws and regulations and to comply with contracts that include information security requirements. The ISO unit also leads information security initiatives to protect the University’s information, including intellectual property, as well as clinical, research and personal information.
The Information Security Specialist assists with the coordination of information security activities and collaborates among divisions within the University to ensure that information systems are implemented in accordance with a) the mission of UNC-Chapel Hill, b) information security best practices and c) University Policy and Federal and State laws and regulations.
Primary duties will include:
- Lead information compliance activities
- Lead risk assessment activities
- Gather requirements, draft, maintain and communicate regarding information security compliance-related policies, programs, protocols and procedures
Additional duties will include:
- Processing security-related help tickets via a ticketing application
- Change control
- Consuming, distributing and producing security research
- Performing vulnerability testing
- Conducting information security systems analysis
- Functioning as a member of the information security team on security projects
The position requires participation in the 24/7 on-call rotation and other team-shared duties such as business hours telephone coverage.
This position calls for a high level of integrity, good judgment, knowledge concerning issues of privacy and confidentiality, excellent oral and written communication skills, ability to work as an independent, productive, responsible, self-motivated member of a team in high pressure situations while maintaining a calm, customer-friendly perspective.Educational Requirements
Master’s and 1-2 years’ experience or Bachelor’s and 2-4 years’ experience or will accept a combination of related education and experience in substitution.Qualifications and Experience
- Experience in an information security role with significant compliance experience.
Demonstrated technical skills desired:
- Expertise regarding Federal and State regulatory requirements as applied in large multi-platform higher education environments.
- Operating systems knowledge and system administration skills for various flavors of UNIX, Windows and other operating systems.
- Familiarity with vulnerability management tools and processes.
- Experience with risk assessments and frameworks, including NIST 800-53 and NIST 800-171
- Experience with analyzing network attacks.
- Experience in the evaluation of new technology and security threats as they arise.
- Familiarity with information security best practices and related laws.
- Experience with cloud security
Interpersonal skills desired:
- Good judgment with an ability to form logical approaches consistent with information security best practices in response to information security events, while providing excellent customer service.
- Persuasion, negotiation, and the ability to understand and implement cultural change.
- A high level of integrity, excellent judgment and knowledge concerning issues of privacy.
- Ability to work as an independent, productive, responsible, self-motivated member of a team.
- Excellent oral and written communication skills including the ability to effectively communicate complex concepts, policies, and procedures to individuals with a wide range of expertise and backgrounds.
- Ability to work calmly and effectively. Must be able to make well-reasoned decisions in high pressure situations.
- Ability to maintain a well-reasoned, objective, and independent point of view.
- Ability to manage time-sensitive security challenges as they arise, effectively utilizing work and project plans to manage deadlines.
- Creativity to recognize and address new threats and security challenges as they arise.
Additional certification/education desired:
Also desired is the ability to achieve and maintain widely recognized complex IT Security certifications relevant to Compliance such as:
- Certified Information Systems Auditor (CISA)
- Certified in Risk and Information Systems Control (CRISC)
- International Information System Security Certification Consortium (ISC)2 – Certified Information Systems Security Professional (CISSP)
The University of North Carolina at Chapel Hill is an equal opportunity and affirmative action employer. All qualified applicants will receive consideration for employment without regard to age, color, disability, gender, gender expression, gender identity, genetic information, national origin, race, religion, sex, sexual orientation, or status as a protected veteran.Special InstructionsQuick Linkhttp://unc.peopleadmin.com/postings/169139 Department Contact Information Department Contact Name and TitleDepartment Contact Telephone or EmailOffice of Human Resources Contact Information
If you experience any problems accessing the system or have questions about the application process, please contact the Office of Human Resources at (919) 843-2300 or send an email to [email protected]
Please note: The Office of Human Resources will not be able to provide specific updates regarding position or application status.
- Curriculum Vitae / Resume
- Cover Letter
- List of References
Required fields are indicated with an asterisk (*).
- * Have you performed formal risk assessments using NIST standards?
- * Are you familiar with NIST 800-53 and NIST 800-171?
- * Are you familiar with HIPAA requirements?
- * Have you worked in IT Security in a higher education environment?