The Specialist works within the Academic Technology & Innovation team to coordinate the execution and documentation of research technology systems, including information security processes of a Controlled Unclassified Information environment adhering to the NIST SP 800-53, specially NIST SP 800-171 guidelines. The Specialist will:
Assess and specify security and compliance requirements for research computing systems and services.
Evaluate technologies with proof-of-concept systems in collaboration with DIT’s engineering and operations teams and the community.
Help to develop specifications, business processes, and run-books collaboratively with DIT’s operations teams and the community.
Design and provide security and compliance training materials for the community.
Partner as needed on the development of internal and extra-mural information technology proposals.
As a member of a dynamic and highly skilled team, the Specialist must be self-motivated to explore the state of the art in research technology through self-directed learning and close collaboration with the university’s researchers.
Bachelor’s degree in Information Technology or a related field or equivalent experience.
At least 3 years of experience implementing and supporting security and compliance in an IT environment.
At least 2 years conducting compliance assessment in a NIST SP 800-53, specially NIST SP 800-171 environment.
Familiarity with common compliance framework (e.g., ISO, HIPAA, NIST, COBIT, etc.).
Demonstrated knowledge of cybersecurity risk management concepts, cybersecurity frameworks, control standards, secure coding principles, and security technologies.
Knowledge of information security fundamentals, best practices, and industry standards with responsibility for protecting information assets.
Ability to maintain confidentiality, demonstrate sound judgment, and handle sensitive material is essential.
Extensive familiarity with IT and legal industry terminology and the ability to effectively communicate technical information to a variety of technical and non-technical users.
Working knowledge of security protections typical in enterprise environments.
Understanding of server, workstation, network, database, and web technologies.
Skill in organizing resources and establishing priorities. Must be flexible and able to handle multiple priorities with the ability to adjust to rapidly changing business conditions.
U.S. Citizenship required.
Experience in a higher education environment is preferred, but not required.
Appropriate certifications (CISA, CISSP, GSEC).
Proven communication skills, an ability to work in a changing technology environment, and demonstrated implementation of continuous improvement of information security processes and procedures.
Ability to implement information security controls in a highly-regulated industry.
Candidate must be able to work both independently and as a team member.
Additional information: due to federal government funding, U.S. citizenship is required. This position does not provide sponsorship for Visas.
Physical demands: sedentary work. Employee will need to be able to sit for long periods of time to work on a computer, as well as travel occasionally to meet with clients and customers on and off campus.
Best consideration date: 10/28/2019 or open until filled