General Information
| Payroll Title | PROGR ANL 3 | Title Code | 007275 | Grade/Step | 10 | Working Title | Information Security Analyst |
|---|---|---|---|---|---|---|---|
| Department Name | INACTIVE Student Aff Tech Svc | Supervisor | Enright, Deborah | Department Head | Smith, Robert Harold |
Special Requirements and Conditions
| Critical Position |
| Overtime |
Level of Supervision Received
| General Direction |
Items Used
Position Purpose
| Under the general supervision of the Director, Security, Infrastructure and Services of the Vice Chancellor Student Affairs Technology Services, the ISA of Infrastructure is responsible for day-to-day operations and planning related to Information Security: Infrastructure. This includes but is not limited to; developing and maintaining a secure information operations environment, supporting information security, policy/work-instruction and security plan development, implementation, and monitoring, HIPAA/FERPA/PCI compliance, evidence gathering, and reporting. The ISA is part of an IT team responsible for creating and maintaining a security compliant computing environment. The ISA monitors campus security policy and UCOP policy to ensure that the team and the VCSA division are compliant. This includes developing/maintaining VCSA security policies specific to the environment needed to support the security strategy. The ISA is a subject matter expert in information security. This domain is varied, but includes: awareness/training; log management; intrusion prevention and detection; audits; monitoring; anti-malware management; investigation and forensics; policy and work instruction development, review and maintenance; vendor management; incident response plus; reviews of a wide and varied nature. The ISA must be able to perform IT administration tasks hands-on and be conversant in a wide range of IT related tools in order to ensure that the organization is cost effective, implements best practices and plans/executes effectively. Examples include, but are not limited to: virtualization, backup, automation/scripting, Windows administration, storage management, networking, security, using command line tools and technical writing. The ISA is part of the Vice Chancellor Student Affairs Technology Services team, the second largest IT organization on campus, dedicated to creating a positive experience for our students and staff that serves our students. VCSATS provides, manages, and supports all information and computing services and technology for the division of Student Affairs. This includes support for the Student Affairs Divisional Office, the Office of Undergraduate Admissions, the Office of the Registrar, the Financial Aid Office, the Dean of Students Office, the Career Center, the Student Health Services center, the Counseling and Psychological Services center, the Book Store, the Dining/C-Store operation and Residential and Student Service Programs. In total VCSA supports more than 40 departments on campus. VCSATS supports 20,000+ undergraduate admissions applications and tracks the registration and enrollment for all resulting admitted students. It manages conduct cases and supports the administration of public service programs. It registers and supports over 800 student groups. It supports over 4,000 resident students and a day-to-day population of 24,000 customers. These offices oversee all areas of a students non-academic life. |
Essential Functions
| Essential Function | % Time |
|---|---|
| Information Security, Privacy Oversight and Compliance | 50 |
| The Division is responsible for systems that are subject to very specific security requirements covered by HIPAA, HITECH, PCI and FERPA. Meeting these requirements is one of the key responsibilities of this position. The ISA is part of a team responsible for creating and maintaining a compliant computing environment and keeping stakeholders well informed using a risk based approach to information security. The ISA applies advanced IT security concepts to execute complex solutions and campus-impacting security controls to prevent attackers from infiltrating campus information or jeopardizing computing assets operated by Student Affairs. The ISA drafts, implements, monitors and updates a security plan for the Student Affairs. The ISA represents VCSA division on campus committees, for security and privacy initiatives, planning, and policies; participate in developing policy and the planning of long-range goals for security and privacy on the campus. As part of this and other responsibilities, the ISA must have good interpersonal and communication skills that can generate results in a diverse environment. The ISA assist the Director in working with Campus Privacy Officers responsible for major institution-wide data types, to establish appropriate electronic information privacy and security policies and procedures in support of legal mandates. The ISA monitors campus security policy and UCOP policy to ensure that VCSA is compliant. They will establish VCSA security policy specific to the environment needed to support the security strategy. In cooperation with the software, services and infrastructure teams, the ISA: Installs, monitors and maintains the security management infrastructure for the division. This includes at least: 2-Factor Authentication, IPS and log management systems. Evaluates related events utilizing various technologies to create actionable reports on findings and presents reports to the team and management stakeholders. Established baselines and reporting on trends presenting opportunities for improvements. Supports and executes security audit activities. Respond to internal or external audits and assessments. Proactively address and perform risk analysis of the negative impact on the division caused by theft, destruction, alteration or denial of access of information. Defines and oversees the use of encryption methods. Responsible for the coordination, consultation and assessment effort to track and remediate security events and alerts. Leads security incident management and investigation. Develops KPIs for measuring successful incident management. Applies advanced IT security concepts to provide input, define or revise incident response processes and support timely and coordinated responses to security incidents. Conducts reviews to identify causes of information security incidents, develop corrective actions and reassess risk. Manages and accesses approaches to patching, zero-day threat mitigation and stays abreast of important vulnerabilities. Identifies, reports, and assists in resolving privacy, compliance or security violations and control gaps. Actively participates in the change management process and guides the maintenance of systems to protect data from security compromise. Conducts security architectural reviews on projects, applications and initiatives that ensure that security policy, standards and guidelines are followed. Reviews and analyzes business risks. Creates and documents security requirements and controls related to the assessments. Performs security gap analysis and creates as-is and to-be mapping or migration plans. Participates in the writing, coordination, maintenance and implementation of a departmental business resumption plan. |
|
| Infrastructure Management | 20 |
| The ISA has a role in and will act as a back-up system and network administrator for a division wide multi-data center operation. The Division has approximately 200+ servers spread over 3 locations and more than 100 applications. The ISA oversees hardware planning, timely provisioning, reliability, security and timely resolution to infrastructure problems. With support of the infrastructure team and in conjunction with the Director, the ISA will act as a backup system and network administrator to: Maintain the performance of infrastructure including server, network, OS, DB, virtualization, private cloud, firewall, VPN, access control, data center, back-up/restore, archiving and other areas of IT infrastructure management. Ensures and manages the reliable day-to-day operation of the departments infrastructure. This includes the use of tools to automate IT operations. Possess and demonstrates hands-on knowledge to guide the operations of the department. This includes the ability to troubleshoot technology issues in these and other technologies; virtualization, Windows administration, patch management, vulnerability management, DBA, firewalls, networking, storage management, capacity planning, data center management, backup-restore, system provisioning, hardening, configuration management and green initiatives. Work cross functionally with software development, services, business analysts and project managers to successfully deliver projects. |
|
| Training, Awareness, Planning and Project Management | 20 |
| The ISA has a role in and will act as a back-up system and network administrator for a division wide multi-data center operation. The Division has approximately 200+ servers spread over 3 locations and more than 100 applications. The ISA oversees hardware planning, timely provisioning, reliability, security and timely resolution to infrastructure problems. With support of the infrastructure team and in conjunction with the Director, the ISA will act as a backup system and network administrator to: Maintain the performance of infrastructure including server, network, OS, DB, virtualization, private cloud, firewall, VPN, access control, data center, back-up/restore, archiving and other areas of IT infrastructure management. Ensures and manages the reliable day-to-day operation of the department's infrastructure. This includes the use of tools to automate IT operations. Possess and demonstrates hands-on knowledge to guide the operations of the department. This includes the ability to troubleshoot technology issues in these and other technologies; virtualization, Windows administration, patch management, vulnerability management, DBA, firewalls, networking, storage management, capacity planning, data center management, backup-restore, system provisioning, hardening, configuration management and green initiatives. Work cross functionally with software development, services, business analysts and project managers to successfully deliver projects. |
|
| Other duties as assigned | 10 |
| Contribute to making VCSATS a great team and a great place to work. Lead training sessions and best practices meeting to share learning with other team members. Consult on Information Technology - Provide high-level software and/or hardware consulting and guidance to the campus community; assess needs; recommend solutions; forecast and plan for budgetary requirements. Serve as top-level technical contributor with technical proficiency of security, operating systems software, and hardware interrelationships. This may include handling off-hour incidents and service management. Provide advanced technical direction for systems with multiple tasks or interfaces, including responsibility for system integrity, recoverability, and controls. Perform other duties as assigned. |
|
Minimum Requirements
| Minimum Requirement | Display Ranking |
|---|---|
| 1 | |
| 5+ years hands on experience with aspects of IT operation (sys admin, developer, security analyst, project manager, business analyst, etc.) and with information security, preferably HIPAA, PCI or other regulated environment. | |
| 2 | |
| Demonstrate fluency and expertise in information security the application of best practices in: defense-in-depth, IPS, anti-malware management, encryption, access control, roles based authentication, zero-day threat management, risk assessments, auditing, incident response, investigations and awareness programs. | |
| 3 | |
| The enthusiasm, willingness and ability to respond to major incidents 7x24x365. | |
| 4 | |
| Experience leading to fluency with systems, network systems and protocols, hardware, third party applications, development tools, virtualization, Databases and security. | |
| 5 | |
| Experience ensuring complex IT security requirements are met and ensuring the division complies with applicable laws, regulations, polices and work-instructions. This includes coordinating and leading various assessments in support of compliance, privacy or operational requirements for the University. | |
| 6 | |
| Skill in evaluating and analyzing complex concepts or knowledge of past discrepancies, trends, and relationships, and applying the concepts appropriately. This will include skill in evaluating the likely success of an idea in relation to the demands of the situation. | |
| 7 | |
| Skill in observing and evaluating the outcomes of a problem to identify the key issues or redirect efforts. This extends to a skill in determining needs and requirements to create a conceptual design. This specifically includes forming general rules or conclusions by combining separate pieces of information to infer a logical explanation for why a series of seemingly unrelated events occur together. | |
| 8 | |
| Skill in communicating verbally, through presentations and in writing. | |
| 9 | |
| Experience being an influencer of people who can motivate, coach and implement a values driven approach to connect with people. | |
| 10 | |
| The ability to work under pressure, changing priorities and limited or scarce resources. | |
Preferred Qualifications
| Preferred Qualification | Display Ranking |
|---|---|
| 1 | |
| CISSP, GIAC or other security certification preferred | |
| 2 | |
| Understanding of data privacy issues related to FERPA, HIPAA, CMIA and/or PCI. | |
| 3 | |
| Knowledge of compliance frameworks, such as COBIT, NIST or ISO 27001/ ISO 27002. | |
| 4 | |
| Knowledge of Risk Management related to Information Technology | |
| 5 | |
| Experience with developing departmental metrics | |
| 6 | |
| Education and/or experience equivalent to a bachelor's degree in a computer science related field. | |
| 7 | |
| Superior skills to effectively and professionally communicate using tact and diplomacy with internal and external campus community including international visitors. This includes the ability to clearly and accurately express substance and nuance | |
| 8 | |
| Ability to invite information, constructive criticism, and cooperation from others. | |
| 9 | |
| Coding skills in C#/.Net, Java, SQL, a scripting language or Power Shell. | |
| 10 | |
| Skill in reading and understanding scientific and technical documents such as scientific publications, legislative and regulatory documents, and complex instructional procedures. | |
| Posted Position Purpose |
|---|
| Are you a subject matter expert in information security? Do you have experience validating and assessing risk against specific HIPAA/FERPA/PCI requirements? We have a challenging and very interesting position focused on creating and maintaining a security compliant computing environment. The UC Riverside Student Affairs division is seeking an ISA to lead and support the divisions information security program. The ISA is an integral part of a rapidly growing Technical Services department that supports all information and computing services for the division of Student Affairs. We are looking for hard working, smart, and adaptable people who enjoy technical challenges and project successes. If you are looking for a dynamic, diverse, and rewarding environment, UCR is a great place for you. To learn more about the benefits of working within the Student Affairs division, visit http://vcsa.ucr.edu.
Come make a difference! UCR is a great place to work and make a difference. We have great benefits, stability and deliver on work/life balance. Don't pass this up!
**Final applicants will take a skills assessment as part of the selection process.
|
| Posted Minimum Requirements |
| 5+ years hands on experience with aspects of IT operation (sys admin, developer, security analyst, project manager, business analyst, etc.) and with information security, preferably HIPAA, PCI or other regulated environment. Demonstrate fluency and expertise in information security the application of best practices in: defense-in-depth, IPS, anti-malware management, encryption, access control, roles based authentication, zero-day threat management, risk assessments, auditing, incident response, investigations and awareness programs. The enthusiasm, willingness and ability to respond to major incidents 7x24x365. Experience leading to fluency with systems, network systems and protocols, hardware, third party applications, development tools, virtualization, Databases and security. Experience ensuring complex IT security requirements are met and ensuring the division complies with applicable laws, regulations, polices and work-instructions. This includes coordinating and leading various assessments in support of compliance, privacy or operational requirements for the University. Skill in evaluating and analyzing complex concepts or knowledge of past discrepancies, trends, and relationships, and applying the concepts appropriately. This will include skill in evaluating the likely success of an idea in relation to the demands of the situation. Skill in observing and evaluating the outcomes of a problem to identify the key issues or redirect efforts. This extends to a skill in determining needs and requirements to create a conceptual design. This specifically includes forming general rules or conclusions by combining separate pieces of information to infer a logical explanation for why a series of seemingly unrelated events occur together. Skill in communicating verbally, through presentations and in writing. Experience being an influencer of people who can motivate, coach and implement a values driven approach to connect with people. The ability to work under pressure, changing priorities and limited or scarce resources. |
| Posted Preferred Qualifications |
| Current CISSP or GIAC certification. Understanding of data privacy issues related to FERPA, HIPAA, CMIA and/or PCI. Knowledge of compliance frameworks, such as COBIT, NIST or ISO 27001/ ISO 27002. Knowledge of Risk Management related to Information Technology Experience with developing departmental metrics Education and/or experience equivalent to a bachelor's degree in a computer science related field. Superior skills to effectively and professionally communicate using tact and diplomacy with internal and external campus community including international visitors. This includes the ability to clearly and accurately express substance and nuance Ability to invite information, constructive criticism, and cooperation from others. Coding skills in C#/.Net, Java, SQL, a scripting language or Power Shell. Skill in reading and understanding scientific and technical documents such as scientific publications, legislative and regulatory documents, and complex instructional procedures. |