PG191025EPInternal Recruitment :
Research Security SpecialistAnticipated Hiring Range:
$100,000 - $105,000Work Schedule:
Monday-Friday, 8:00 am - 5:00 pm; with additional hours as needed; on-call rotation is requiredJob Location:
Raleigh, NCDepartment :
Security & ComplianceAbout the Department:
The Security & Compliance Unit (S&C) within the Office of Information Technology (OIT) oversees the security of the University’s systems and data in a manner that is consistent with industry best practices and the University’s compliance obligations. S&C develops (and ensures compliance with) information security policies/regulations/procedures, oversees implementation of strategic information security initiatives, provides routine security services, provides campus-wide software license management, coordinates IT resilience efforts, and provides portfolio/project management guidance for OIT.
The Information Security Risk and Assurance (ISRA) team within the Office of Information Technology (OIT) Security & Compliance unit is a central point for managing university IT security risk and compliance activities. The unit is primarily responsible for IT security strategic planning, solutions architecture, risk management and compliance program development, security service development, specific compliance program relating to HIPAA, FERPA, PCI DSS, NIST 800-series, CMMC, ISO 27001/2, security awareness, policy and standards development, etc.Essential Job Duties:
The IT Security Professional provides technical implementations and daily monitoring of the university’s complex IT environment in accordance with best practices and standards such as NIST 800-171, CMMC, NIST 800-53, PCI DSS (Payment Card Industry Data Security Standards), DMCA, FERPA, GLBA, HIPAA, , etc. Responsibilities include security reviews, risk assessments, risk management, policy standards and guidelines, security awareness and training, audit coordination and project management.
Specifically, this position reviews, coordinates and monitors information technology security controls that protect confidentiality, integrity and availability of the organization’s controlled secure research data in accordance with legal, regulatory and institutional requirements. The position is responsible for ensuring that users with access to secure research data receive appropriate training. The position consults with faculty, college/unit IT staff, applicable OIT staff, applicable Office of Research and Innovation (ORI) staff, and other subject matter experts to ensure technology solutions and compliance standards are in line with contract requirements. Moreover, the position will ensure appropriate auditing and documentation, providing guidance and recommendations to the research community in areas of data security, from award negotiation through project close-out. This position will work closely with the Office of Research and Innovation (ORI) Sponsored Programs & Regulatory Compliance to assist with monitoring the secure research environment setups, conducting follow-up reviews, and ensuring contract terms and conditions are in line with NCSU standards for data security.Other Responsibilities:
Participate in an on-call rotation and work on other duties as needed.Minimum Education and Experience:
Bachelor’s degree in Computer Science, Computer Engineering or an Information Security degree or closely related field from an appropriately accredited institution plus four years of experience in IT Security or closely related area; or Bachelor’s degree from an appropriately accredited institution and six years of experience in IT Security or closely related area; or an Associate’s degree in Information Systems Security from an appropriately accredited institution and eight years of experience in IT Security or closely related area; or an equivalent combination of education and experience.Other Required Qualifications:
Familiarity in the use of tools to improve security such as anti-malware, EDR, vulnerability assessments and remediation, intrusion detection and prevention systems (IDS/IPS), log monitoring/correlation, security incident tracking, internal and external penetration testing, forensics, advanced firewall and other network protection, endpoint workstation security protection, cloud technology or encryption.
Practical background in cloud (ex. AWS, Azure, Google, or similar), on-premise and hybrid architectures.
Extensive knowledge of research compliance and security controls.
Experience implementing administrative, physical and technical security solutions that require assistance from multiple team members across the organization.
Experience in developing strategies and/or solutions to address security issues and providing administrative, physical and technical security advice to various clients.
Effective communication skills with various types of audiences such as research administration, compliance, faculty; IT support; information security team members.
Experience working as an effective team member and team lead.
Experience in project management methodologies.Preferred Qualifications:
Six or more years of experience in the information security field.
Expertise in information security compliance within an academic research space. Detailed knowledge of NIST 800-171, NIST 800-53, and CMMC.
Skilled at performing security risk assessments.
Strong technical writing skills and experience with the development of technical and procedural documentation.
Working knowledge of state government rules and regulations.
Coordination of multiple vendor solutions in a university environment.
Ability to use SIEM technology such as Splunk
Experience using ServiceNow or a similar call tracking system.
Advanced troubleshooting skills.
GIAC or CISSP certificate.
Other SANS or vendor specific certifications in security topics.Required License(s) or Certification(s):
N/AValid NC Driver's License required:
NoCommercial Driver's License required:
NoJob Open Date:
06/21/2021Anticipated Close Date:
Open Until FilledPosition Number:
EHRA Non-FacultyFull Time Equivalent (FTE) (1.0 = 40 hours/week):
12 Month RecurringMandatory Designation - Adverse Weather:
Non Mandatory - Adverse WeatherMandatory Designation - Emergency Events:
Non Mandatory - Emergency EventIs this position partially or fully funded on ARRA stimulus monies?:
511001 - Security & ComplianceAA/EOE:
NC State University is an equal opportunity and affirmative action employer. All qualified applicants will receive consideration for employment without regard to race, color, national origin, religion, sex, gender identity, age, sexual orientation, genetic information, status as an individual with a disability, or status as a protected veteran.
If you have general questions about the application process, you may contact Human Resources at (919) 515-2135 or [email protected] Individuals with disabilities requiring disability-related accommodations in the application and interview process, please call 919-515-3148.
Final candidates are subject to criminal & sex offender background checks. Some vacancies also require credit or motor vehicle checks. If highest degree is from an institution outside of the U.S., final candidates are required to have their degree equivalency verified at www.wes.org or equivalent service. Degree(s) must be obtained prior to start date in order to meet qualifications and receive credit.
NC State University participates in E-Verify. Federal law requires all employers to verify the identity and employment eligibility of all persons hired to work in the United States.