Information Technology Security Analyst (One or More Position) | #itjobs | #infosec | #jobs


Job Category: Classified Staff

Job Open Date: 06/29/2020

Initial Screening Date: 07/22/2020

Position ID: P0018000

Job Open ID: REQ8764

Location: 30-District

Department: Information Technology – Administration (Dist-015-000)

Term: 12 Months/Year

Salary Schedule Link: Click here for current Salary Schedules

Pay Basis: Monthly

Pay Range: 146

% of Range: 100%

Hours per week: 40

Work Schedule: Mon-Fri (8am-5pm)

Receives Benefits: Yes

Classification Benefits

The District offers a comprehensive package of insurance benefits to eligible employees, which includes medical and dental insurance, a vision-care plan, life insurance and dependent life coverage, accidental death and dismemberment coverage, and a long-term disability income-protection plan. All premiums are fully paid by the District. Mandatory retirement incentive is with California Public Employees Retirement System (CalPERS).

Summary Description

Under the direction of District IT management staff, incumbents assigned to this classification ensure the secure operation of computer systems, servers, and network connections. Information Security Analyst will assist in detecting, investigating, and defending against information security incidents targeting the District-wide systems and data. This includes checking server and firewall logs, scrutinizing network traffic, establishing and updating virus scans, and troubleshooting. The incumbent will also keep apprised of existing and emerging regulations applicable to the district and will ensure board policies, administrative regulations, and departmental procedures are appropriate for continual compliance.

Distinguishing Characteristics

Incumbents assigned to this class serve as the primary administrator and technical resource of the District-wide information security program.

Representative Duties

The duties are typical for this classification. Incumbents may not perform all of the listed duties and/or may be required to perform additional or different duties from those set forth below to address business needs and changing business practices. Please see Job Duties for details.

Knowledge of

  • Data encryption techniques including but not limited to PKI.
  • Experience in incident response procedures and computer forensics.
  • Experience with SSAE 16 audits, GLBA, PCI-DSS, FERPA, HIPPA compliance.
  • Role-base access applied to various services and technologies.
  • Security best practices of Servers, LAN and WAN networks, virtualization and Cloud.
  • Software development security best practices including but not limited to OWASP.

Ability to

  • Communicate clearly both orally and in writing about information security concepts to users with varying degrees of technical ability.
  • Establish and maintain cooperative and effective working relationships with those contacted in the course of work.
  • Evaluate and recommend industry security standards and emerging security technologies.
  • Maintain confidentiality in sensitive information security matters.
  • Manage the technical aspects of and information security incident response.
  • Report to work on a regular and consistent basis, as scheduled, to assigned job.
  • Research and evaluate information security laws and regulations including but not
  • limited to GLBA, PCI-DSS, HIPAA, FERPA and how they impact the District.
  • Work independently with minimum of direct supervision.
  • Work with and exhibit sensitivity to and understanding of the varied racial, ethnic,
  • cultural, sexual orientation, academic, socio-economic, and disabled populations of community college students.
  • Work with Campus technology staff on district-wide security issues.

Education and Experience Guidelines

Any combination of education and experience that would likely provide the required knowledge and abilities is qualifying.

Education/Training

Equivalent to a Bachelor’s degree from an accredited college or university with major course work in a technical field such as computer science. CISSP highly desirable and preferred, but not required.

Experience

Three years of increasingly responsible technical work experience in technology service operations with demonstrated information security responsibilities.

Conditions of Employment

The conditions herein are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential job functions.

Work Environment

Work is performed primarily in a standard office setting. Duties are typically performed at a desk or computer terminal; subject to noise from office equipment operation; frequent interruptions and contact in person and on the telephone with academic and classified staff and others. At least minimal environmental controls are in place to assure health and comfort.

Physical Demands

Primary functions require sufficient physical ability and mobility to work in an office setting; to stand or sit for prolonged periods of time; to occasionally stoop, bend, kneel, crouch, reach, and twist; to lift, carry, push, and/or pull light to moderate amounts of weight; to operate office equipment requiring repetitive hand movement and fine coordination including use of a computer keyboard; and to verbally communicate to exchange information; see in the normal visual range with or without correction; hear in the normal audio range (with or without correction).

Duties and Responsibilities

Serve as a core member of District IT security performing varying security duties including threat awareness, proactive network traffic analysis, incident response, forensic analysis, and resolution of security incidents.

Duties and Responsibilities

Acts as Team Leader on information security project.

Duties and Responsibilities

Act as a liaison to the District-wide user community; perform regular workshops and in-services on topics of information security.

Duties and Responsibilities

Maintain, refine, and expand existing data security program.

Duties and Responsibilities

Evaluate existing and emerging regulations and laws to ensure continual SOCCCD compliance.

Duties and Responsibilities

Integrate knowledge of network protocols, services, threats, vulnerabilities, mitigation strategies, hardware capabilities, and other information to build a security environment that reduces and mitigates risk.

Duties and Responsibilities

Evaluate a wide range of data to detect security incidents. Take timely action as appropriate: block problem traffic, send alerts and/or investigate when suspicious activity is detected.

Duties and Responsibilities

Develop new methods to detect and mitigate security attacks.

Duties and Responsibilities

Communicate with internal and external security personnel and technical staff about incidents.

Duties and Responsibilities

Develop and implement enforcement policies, procedures and associated plans for system security administration and user system access based on industry-standard best practices.

Duties and Responsibilities

Promote a strong security culture throughout SOCCCD, consulting with management and staff.

Duties and Responsibilities

Conduct assessments of information systems security requirements, evaluate current security posture and recommend priorities for remediation.

Duties and Responsibilities

Perform other duties as assigned.

© Copyright 2020 Internet Employment Linkage, Inc.



Source link

Leave a Reply