IT Security Professional II

Job Duties:

Information Security Specialist

Reporting to the Chief Information Security Officer (CISO), the Information Security Specialist reviews, develops, and maintains information security policies, standards, best practices, and employee awareness content in accordance with university business needs, stakeholder expectations, regulatory and legal requirements, contractual obligations, and applicable industry standards. The person in this position analyzes complex information security issues, conducts risk assessments, and advises clients and risk owners on practical solutions. The Information Security Specialist develops, manages, and implements project plans as needed to achieve information security strategies and goals, and is able to manage and juggle multiple responsibilities simultaneously and meet deadlines. This employee communicates effectively with clients at all organizational levels to provide the information needed for informed decision making. The person in this position advises on security incident management and reporting activities.

Security awareness and training

Regularly examine university information security awareness content and the methods by which the content is delivered to the ECU community and proactively address opportunities for improvement. Work with various university resource areas to develop new content, update existing content, and find new and improved ways of raising campus awareness of information security responsibilities and current best practices. Develop and provide online training, formally present security awareness content to committees and stakeholder groups, and report on training effectiveness to senior administrators and impacted stakeholders.

Policy and standards development

Develop and maintain information security policies, standards, and best practices in collaboration with relevant functional areas and stakeholders. Assess policies, standards, and best practices for alignment with university business needs, regulatory and legal requirements, contractual obligations, industry standards, and the university risk environment. Proactively identify and act on opportunities to develop and/or improve information security policies, standards, and best practices in order to meet the needs and obligations of the University. Establish and lead development teams and review groups to ensure University and stakeholder needs are addressed.

Information security and risk management

Collaboratively perform security assessments and risk assessments in accordance with ISO 27002, ISO 27005 and other relevant frameworks. Consult asset owners, risk owners, and functional area representatives to identify and assess risks to university information and related information assets. Advise functional area administrators and department directors on incorporating information risks into their risk management processes and on the treatment of risks within their respective areas of management responsibility.

Project planning and management

Develop and manage information security projects and strategic initiatives in accordance with defined information security strategies and goals. This includes, but is not limited to collaboratively developing strategic plans; formally defining and documenting project scopes, objectives, tasks, deliverables, success criteria and timelines; establishing and leading work groups; directing, coordinating and tracking plan and project activities; and reporting on progress, successes, and issues to relevant management areas and impacted stakeholders.

Client communication and support

Consult with stakeholders and decision-makers on an ongoing basis to develop security solution sets and strategies, and build client support for information security projects and initiatives. Promote information security as an essential business responsibility of every management area by way of formal management reports, committee presentations, and collaborative discussions with stakeholders and decision-makers.

Incident Response and management

Work closely with the Cyber Security Operations Center (CSOC) team who manages security incident investigations, to ensure all relevant stakeholders and compliance functions are appropriately involved and informed of events and progress. Advise CSOC and other involved parties on effective incident management and reporting. Where incident investigations are not covered by ITCS incident response processes or other defined areas of responsibility, provide expertise for incident response to ensure ECU information and compliance risks are appropriately addressed.

Other duties as assigned.

Special Instructions To Application:

East Carolina University requires applicants to submit a candidate profile online in order to be considered for the position. Candidates must also submit a cover letter, resume, and a list of three references, including contact information, online.

Applicants must be currently authorized to work in the United States on a full-time basis.

Minimum Education/Experience:

Master's degree and 1‐2 years' experience; or a bachelor's degree and 2‐4 years' experience: or an equivalent combination of education and experience. All degrees must be received from appropriately accredited institutions.

Full time or Part time: Full Time

Position Location (city): Greenville

Position Number: 500208

Organizational Unit Overview:

Information Technology and Computing Services (ITCS) is the central agency that supports enterprise-wide computing at East Carolina University. ITCS, through innovative information technology initiatives and service, provides opportunities for the ECU community to excel in teaching, research, and service using state-of-the-art technology and collaborative environments. ITCS is first and foremost committed to providing excellent information technology support for faculty, staff, and students.

The Information Security Office within ITCS provides leadership on information security vision, strategy, and policy, advising the CIO and other university colleagues on information security and IT risk management functions that support ECU in fulfilling our mission, business obligations, and compliance requirements. The Office manages the University Information Security Program, which is composed of policies, standards, processes, and guidance that collectively form an information security governance framework for the University. The Information Security unit includes the Cyber Security Operations Center (CSOC) team responsible for detecting, analyzing, and facilitating the university's response to cyber threats.