Information Security Analyst Jobs

DEFINITION:

Under supervision of the Director, Information Technology Services, this position will design, develop, test, install, monitor, and maintain an enterprise information security program; manage the development, implementation, and evaluation of information technology security standards, best practices, architecture, and systems for the college; and ensure the integrity and security of the college’s technology infrastructure and the protection, confidentiality, integrity, and availability of information assets spanning the entire college.

CLASS CHARACTERISTICS:

The incumbent, under minimal supervision, will have regular and ongoing responsibility for providing advanced guidance in system security best practices as well as managing projects of considerable scope and complexity while ensuring established security requirements are met. Incumbents within this classification have strong project management skills, will perform complex analyses, follow industry best practices, and implement appropriate solutions.

ESSENTIAL FUNCTIONS:

• Utilizes industry-standard change management procedures to plan, test, and install security patches and upgrades to IT systems.
• Where possible, ensures data protection through implementation of encryption while data is in transit through computer networks and while residing at rest on storage media on-site and off-site.
• Collaborates with systems and network staff to develop, test, modify, and maintain disaster prevention and recovery plans. Audits backup processes to ensure ability to recover from data loss or corruption.
• Conducts periodic and scheduled IT security audits, vulnerability scans, and risk assessments to identify vulnerabilities and potential threats to security; documents results, develops mitigation strategy, and oversees implementation.
• Keeps current with latest emerging security issues and threats through listservs, blogs, newsletters, conferences, user groups, and networking with peers at other institutions.
• Develops, recommends, and implements information security policies, procedures, protocols, and standards pertaining to managing the security risk of college data and IT systems.
• Provides leadership as a technical liaison with college staff and committees in facilitating the development and maintenance of an information security program.
• Manages user identity and access control. Controls, tracks, and audits the use of privileged accounts. Works with key stakeholders on periodic reviews of user access in functional areas. Works with HR on processes for onboarding and offboarding of employees and contractors.
• Performs other related functions as assigned.
• Creates and maintains a security awareness training program to increase mindfulness and knowledge of employees, students, and vendors and help minimize information security risks.
• Develops and maintains Security Incident Response Plans in collaboration with technical committees, security teams, functional leads, and IT staff, and assures the plan is periodically tested and updated.
• Manages projects related to the procurement, development, enhancement, maintenance, and implementation of security systems.
• Conducts assessments to evaluate whether security compliance requirements are met for federal, state, and local legislation related to information security, including but not limited to FERPA, Gramm-Leach-Bliley Act (GLBA), HIPAA, General Data Protection Regulation (GDPR), and California Consumer Privacy Act (CCPA). Develops plans for any necessary remediation.
• Actively inventories, tracks, and remediates devices connected to internal network resources to ensure that only authorized devices gain access. Actively manages, inventories, and tracks all authorized software running on District-owned systems.
• Implements controls and monitoring of all authorized users’ remote access to college systems.
• Implements and maintains monitoring security systems to sends out alarms and alerts for IT security issues; uses those systems to identify, diagnose, resolve, and report IT security problems and incidents; coordinates and conducts investigations of breaches in IT Security; responds to emergency IT security situations.
• Maintains proper security mechanisms for protection of physical IT processing and storage facilities containing sensitive data.
• Vets and reviews security practices and controls of third-party service providers that handle confidential data, including personally identifiable information of students and employees. Reviews security controls and features of third-party software systems.
• Works with security vendors and service providers to support security needs; assists the purchasing department in the acquisition of information systems security software, hardware, and services.

• IT architecture including data centers, cloud deployment, containers, network design, and wireless technologies;
• Multiple operating systems including recent desktop and server versions of Microsoft Windows, Mac OS, and distributions of Linux;
• Pertinent federal, state, and local laws, codes, and regulations.
• Hardware and software monitoring tools to analyze security issues;
• Security protocols including WPA/WPA2, Kerberos/AD, IPSEC, SSL/TLS, and SSH;
• Programming or scripting in at least one language such as Python, PHP, or PowerShell;
• Security standards and frameworks including NIST, PCI-DSS, and CIS Critical Security controls;
• Security administration best practices;
• Networking concepts including routing and switching, wireless networking, and network protocols;
• Project management software tools, methodologies, and best practices.

• Understand and carry out written directions;
• Plan and organize work to meet changing priorities and deadlines;
• Analyze data and draw sound conclusions;
• Exercise initiative and independence of judgment and action;
• Explain technical concepts to a non-technical audience;
• Design complex security systems;
• Evaluate and recommend security solutions based on new and emerging technologies;
• Collaborate with others to carry out work;
• Prepare clear, concise, and comprehensive technical reports, directions, and instructions;
• Communicate clearly and concisely, both orally and in writing.
• Develop and maintain cooperative relationships with colleagues;

• The incumbent will experience interruptions while performing normal duties during the regular workday.
• This is a FLSA-exempt position.
• The incumbent will have contact, in person, via online meeting, by email, or on the telephone with executive, management, supervisory, academic, and classified staff.
• Duties primarily performed in an office environment at a desk with a personal computer and in a data center with several servers under air conditioning.

• Operates a computer.
• Communicates via online meeting, over the telephone, by email, and in person.
• Typically, may sit for extended periods of time.

Education and Experience:

Possession of or the equivalent to a bachelor's degree related to computer science, information systems, or related fields. Three years of full-time experience in information security, or, any equivalent combination of training and experience.

Licenses and Certificates Required:

Must possess a valid California driver's license and the ability to qualify for district vehicle insurance coverage. Certified Information Systems Security Professional (CISSP) or Certified Information Security Manager (CISM) desired.

Desired start date is May 2023. This is a full-time, 40 hours per week, 12-month classified exempt position.

Hours for this position are:

Monday - Friday, 8:00 a.m. - 5:00 p.m.

To be considered for this position, the candidate must submit the following application materials:

A cover letter

A current and complete resume/CV of education and professional experience.

Transcripts (unofficial copies are acceptable for the application process). Official transcripts are required at time of hire.

• Certified Information Systems Security Professional (CISSP) or Certified Information Security Manager (CISM) desired.

Allan Hancock College provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws. This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation, and training.

Hancock College will not sponsor any visa applications.