Information Security Compliance Specialist

Job description

Posting Information

Position Information

Position TypePermanent Staff (EHRA NF)DepartmentITS - Information Security-602000Working TitleInformation Security Compliance SpecialistAppointment TypeEHRA Non-FacultyPosition Posting CategoryInformation TechnologySalary Range$74,500 to $108,000Full Time/Part Time?Full-Time PermanentHours per Week40Vacancy IDNF0004006Position ID00057936Posting Open Date09/17/2019Application Deadline10/01/2019Open Until FilledNoProposed Start Date10/28/2019Position Summary

The ITS – Information Security Office is broadly responsible for the security for the University of North Carolina at Chapel Hill (UNC-CH) network and attached computing devices. The Information Security Office (ISO) provides guidance and resources to prevent and respond to computer security incidents, to comply with various Federal and State privacy and security laws and regulations and to comply with contracts that include information security requirements. The ISO unit also leads information security initiatives to protect the University’s information, including intellectual property, as well as clinical, research and personal information.

The Information Security Specialist assists with the coordination of information security activities and collaborates among divisions within the University to ensure that information systems are implemented in accordance with a) the mission of UNC-Chapel Hill, b) information security best practices and c) University Policy and Federal and State laws and regulations.

Primary duties will include:

- Lead information compliance activities
- Lead risk assessment activities
- Gather requirements, draft, maintain and communicate regarding information security compliance-related policies, programs, protocols and procedures

Additional duties will include:

- Processing security-related help tickets via a ticketing application
- Change control
- Consuming, distributing and producing security research
- Performing vulnerability testing
- Conducting information security systems analysis
- Functioning as a member of the information security team on security projects

The position requires participation in the 24/7 on-call rotation and other team-shared duties such as business hours telephone coverage.

This position calls for a high level of integrity, good judgment, knowledge concerning issues of privacy and confidentiality, excellent oral and written communication skills, ability to work as an independent, productive, responsible, self-motivated member of a team in high pressure situations while maintaining a calm, customer-friendly perspective.

Educational Requirements

Master’s and 1-2 years’ experience or Bachelor’s and 2-4 years’ experience or will accept a combination of related education and experience in substitution.

Qualifications and Experience


- Experience in an information security role with significant compliance experience.


Demonstrated technical skills desired:

- Expertise regarding Federal and State regulatory requirements as applied in large multi-platform higher education environments.
- Operating systems knowledge and system administration skills for various flavors of UNIX, Windows and other operating systems.
- Familiarity with vulnerability management tools and processes.
- Experience with risk assessments and frameworks, including NIST 800-53 and NIST 800-171
- Experience with analyzing network attacks.
- Experience in the evaluation of new technology and security threats as they arise.
- Familiarity with information security best practices and related laws.
- Experience with cloud security

Interpersonal skills desired:

- Good judgment with an ability to form logical approaches consistent with information security best practices in response to information security events, while providing excellent customer service.
- Persuasion, negotiation, and the ability to understand and implement cultural change.
- A high level of integrity, excellent judgment and knowledge concerning issues of privacy.
- Ability to work as an independent, productive, responsible, self-motivated member of a team.
- Excellent oral and written communication skills including the ability to effectively communicate complex concepts, policies, and procedures to individuals with a wide range of expertise and backgrounds.
- Ability to work calmly and effectively. Must be able to make well-reasoned decisions in high pressure situations.
- Ability to maintain a well-reasoned, objective, and independent point of view.
- Ability to manage time-sensitive security challenges as they arise, effectively utilizing work and project plans to manage deadlines.
- Creativity to recognize and address new threats and security challenges as they arise.

Additional certification/education desired:

Also desired is the ability to achieve and maintain widely recognized complex IT Security certifications relevant to Compliance such as:
- Certified Information Systems Auditor (CISA)
- Certified in Risk and Information Systems Control (CRISC)
- International Information System Security Certification Consortium (ISC)2 – Certified Information Systems Security Professional (CISSP)

Equal Opportunity Employer

The University of North Carolina at Chapel Hill is an equal opportunity and affirmative action employer. All qualified applicants will receive consideration for employment without regard to age, color, disability, gender, gender expression, gender identity, genetic information, national origin, race, religion, sex, sexual orientation, or status as a protected veteran.

Special InstructionsQuick Link Department Contact Information

Department Contact Name and TitleDepartment Contact Telephone or EmailOffice of Human Resources Contact Information

If you experience any problems accessing the system or have questions about the application process, please contact the Office of Human Resources at (919) 843-2300 or send an email to [email protected]
Please note: The Office of Human Resources will not be able to provide specific updates regarding position or application status.

Applicant DocumentsRequired Documents
  1. Curriculum Vitae / Resume
  2. Cover Letter
Optional Documents
  1. Certification/licenses
  2. List of References
Supplemental Questions

Required fields are indicated with an asterisk (*).

  1. * Have you performed formal risk assessments using NIST standards?
    • Yes
    • No
  2. * Are you familiar with NIST 800-53 and NIST 800-171?
    • Yes
    • No
  3. * Are you familiar with HIPAA requirements?
    • Yes
    • No
  4. * Have you worked in IT Security in a higher education environment?
    • Yes
    • No




Diversity Profile: University



View more

Learn more on Inside Higher Ed's College Page for University

Arrow pointing right
Job No:
Posted: 9/18/2019
Application Due: 10/2/2019
Work Type: