General Information
| Job Description | IT SECURITY ANL 4 | Working Title | Information Security Officer |
|---|---|---|---|
| Job Code | 000661 | Grade | 25 |
| Department Name | SOM Compliance - D02010 | Department Head | |
| Supervisor | Effective Date | 03/02/2020 |
Position(s) Directly Supervised
| Job Code | Title | FTE |
|---|---|---|
| 007337 | IT SCRTY ANL 2 | 1 |
Generic Scope
| Technical leader with a high degree of knowledge in the overall field and recognized expertise in specific areas; problem-solving frequently requires analysis of unique issues/problems without precedent and/or structure. May manage programs that include formulating strategies and administering policies, processes, and resources; functions with a high degree of autonomy. |
Custom Scope
| Applies advanced IT security concepts and campus, medical center or Office of the President objectives to resolve broad and/or highly complex issues where analysis of situations or data requires an in-depth evaluation of variable factors. Selects methods, techniques and evaluation criteria to obtain results. |
Department Custom Scope
| The Information Security Officer (ISO) responsibilities include: monitoring, detecting, protecting and maintaining the security of data, systems and networks. Plans, configures, designs, develops, implements and maintains tools, systems and procedures to insure the integrity, reliability and security of data, systems and networks. Additionally, the ISO is responsible for the design, oversight, implementation and ongoing management of the information security program, including policies, procedures, and technical systems expertise. The ISO is a key technical resource for other senior staff, providing advice, training and technical support for various security projects related to the UCR Health clinical enterprise. In addition, the ISO works closely with professional technical staff in the Office of Information Technology to address information systems architecture and functionality as it affects safeguarding of protected health information (PHI) and business information assets. Serves as a member of School of Medicine's Compliance Committee. |
Education & Experience Requirements
Education Requirements
| Degree | Requirement |
|---|---|
| Bachelor's degree in related area and/or equivalent experience/training. | Required |
| Advanced degree in a related area. | Preferred |
Experience Requirements
| Experience | Requirement |
|---|
License Requirements
Certification Requirements
| Certification | Requirement |
|---|---|
| Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP) or similar certifications. | Required |
Educational Condition Requirements
| Condition | Requirement |
|---|---|
| An additional 4 years of directly related experience can substitute for the degree requirement. | Required |
Key Responsibilities
| Description | % Time |
|---|---|
Implements highly complex and broad-scale security controls to prevent unauthorized access or changes to campus, medical center or Office of the President information, hardware, software and network infrastructure. Responsible for providing research, analysis and solutions to address attempted efforts to compromise security protocols. Proactively addresses the negative impact on the campus, medical center or Office of the President and the Internet community caused by theft, destruction, alteration or denial of access of information. Advises IT staff on security prevention, best practices and secure software.
|
25 |
| Designs and maintains highly complex security systems. Responsible for administering highly complex security policies and configurations to control access to hardware, software and networks. Applies and recommends highly advanced encryption methods. | 20 |
Directs forensic activity and produces reports in response to highly complex or broad-scale security incidents in accordance with campus, medical center or Office of the President policy. May lead a team of IT security professionals. Applies advanced IT security concepts, governmental regulations, departmental and campus, medical center or Office of the President policies and procedures to provide input to, define or revise incident response processes.
|
15 |
| In conjunction with the Compliance/Privacy Officer, develop awareness and training initiatives to educate work force about policies, procedures and information risks. Other duties as assigned. | 10 |
| Reporting, Metrics and Audits Provide leadership, technical analysis and evidence capture. Perform root cause analysis by correlating data from multiple sources. Coordinate responses to possible information security breaches. Review audit trails for unauthorized access attempts or other information security violations. Analyze audit findings, provide solutions and audit remediation. Establish business and technical metrics by which Information Security will be measured. Provide regular reporting on security key performance indicators. | 15 |
| Monitor and analyze security event data. Perform threat and vulnerability assessment, prevention, monitoring, detection and remediation. | 5 |
| Proactively identify opportunities and implement solutions to automate and otherwise improve information security operational processes. | 5 |
| Applies advanced IT security concepts, governmental regulations, campus, UCR Health, or Office of the President policies and procedures to provide input to, define or revise incident response processes. | 5 |
Knowledge, Skills & Abilities
| Knowledge/Skill/Ability | Requirement |
|---|---|
| Advanced interpersonal skills sufficient to work effectively with both technical and non-technical personnel at various levels in the organization. | Required |
| Advanced experience using IT security systems and tools. | Required |
| Knowledge of department processes and procedures. | Required |
| Demonstrated skills applying security controls to computer software and hardware. | Required |
| Demonstrated skill at administering complex security controls and configurations to computer hardware, software and networks. | Required |
| Advanced knowledge of data encryption technologies and experience selecting and applying appropriate data encryption technologies. | Required |
| Advanced knowledge of IT security. | Required |
| Broad knowledge of other areas of IT. | Required |
| Demonstrated knowledge of secure hardware, software and network design techniques. | Required |
| Demonstrated skill at analyzing and preventing security incidents of high complexity. | Required |
| In-depth knowledge of computer hardware, software and network security issues and approaches. | Required |
| Advanced experience in incident response and digital forensics including reporting. | Required |
| Advanced Knowledge of HIPAA, the HITECH Act, state and federal guidelines on privacy, transactions and security. | Required |
| Ability to manage multiple projects of varying complexity; ability to define problems, collect data, establish facts and to analyze and interpret data in order to draw valid conclusions for complex business issues. | Required |
| Excellent written and verbal communication skills in English. Ability to translate complex information to a novice level and able to understand the needs of the university and translate that into solutions. | Required |
Special Requirements & Conditions
| Special Condition | Requirement |
|---|---|
| Must pass a background check. | Required |
Other Special Requirements & Conditions
|
Level of Supervision Received
| Direction |
Environment
Working Environment
| UC Intellicenter |
Other Requirements
Items Used
|
Physical Requirements
|
Mental Requirements
|
Environmental Requirements
|
Critical Position
| Is Critical Position: No |