Device and Account Compliance Specialist

Stony Brook University•Stony Brook, NY

8d•Hybrid

About The Position

The Device & Account Compliance Specialist is responsible for monitoring and maintaining the security and compliance of DoIT-managed devices and user IT accounts. Utilizing tools including Mobile Device Management (MDM), endpoint management tools like JAMF and Intune, IDM tools like SailPoint, ERP tools like Peoplesoft, MFA tools like DUO, and Admin Consoles like SUNY Admin portals, the team proactively identifies devices and accounts that fall out of compliance with organizational standards, including outdated operating systems, missing security patches, compromised accounts or improper access permissions. The team communicates directly with end users to notify them of compliance issues and provides guidance and hands-on support to remediate identified risks. In addition, they manage the lifecycle of IT accounts across multiple systems, ensuring appropriate access based on roles and adherence to audit requirements. The team also coordinates the procurement, configuration, and deployment of mobile devices, maintaining them within departmental MDM platforms to ensure ongoing compliance and security. The Device and Accounts Compliance Specialist is expected to provide excellent customer service utilizing clear verbal and written communication.

Requirements

Bachelor’s Degree (foreign equivalent or higher). In lieu of a degree, a combination of education and relevant experience totaling six (6) full-time years may be considered.
Two years of full-time experience in IT support (such as supporting computer and device hardware and software).
Experience with Multi-Factor Authentication.

Nice To Haves

Advanced degree.
Experience with device compliance standards.
Experience working with an endpoint device manager.
Experience in a Higher Education environment or a government entity.
Experience working with a ticketing system such as TeamDynamix or Service Now.
Experience with cell phone setup and management.
Experience with Mobile Device Management.

Responsibilities

Ensure compliance with all DoIT-managed mobile devices and Windows and Mac computers to meet the Information Security team's security requirements.
Monitor device compliance using device management tools such as Sassafras, Jamf, Quest KACE, and Intune.
Inform end users regarding identified compliance issues. Remediation of out-of-compliance devices through email campaigns and escalation to appropriate teams.
Provision, configure, and maintain compliance tracking of university-owned mobile devices. This includes coordination with vendors for device orders, deliveries, and procurement status updates.
In the event of a lost or stolen device, execute remote wipe actions using our MDM to safeguard University data.
Track all end-user interactions in the ITSM. Tickets must be kept up to date and include full details of customer interactions and issue/request resolutions.
Remediate compromised accounts by following security procedures to restore access and secure the system. Contact and assist users when their accounts may have been compromised. In addition, disable accounts and work with appropriate administrators in special circumstances, such as termination, inappropriate account access, and related issues.
Work with Information Security, Cloud Service Admins, Core Services Infrastructure, and any other appropriate Systems Admin to coordinate the development of information security procedures and protocols.
Respond to ITSM tickets, phone calls, and shared mailbox requests for account support. This includes assisting end users with account access issues, account creation/activation, account inactivation, and password issues. Includes various University system IT accounts such as NetID, PeopleSoft, Solar, Google Apps, SUNY Financials, and any other appropriate accounts handled by the Device & Account Compliance Team. Some of these systems are complex and require additional training. These are role-based systems where incorrect access may result in conflicts of interest and are subject to periodic state audits.
Account monitoring will be accomplished through tools including SailPoint IDM, ReACT Password Tool, PeopleSoft ERP, Active Directory & GCDS (Google Cloud Directory Sync), SUNY Financial System Admin Portal, DUO MFA, and SUNY Admin Portals.
Provide guidance, perform warm transfers, and assist in resolving or escalating technical access issues.
Track all end-user interactions in the ITSM. Tickets must be kept up to date and include full details of customer interactions and issue/request resolutions.
Develop, prepare, maintain, and refine documentation for device management, account provisioning, and access procedures (including Standard Operating Procedures for various University IT accounts, Multi-factor authentication accounts and PeopleSoft ERP, etc.).
Maintain documentation to support audits, onboarding, and internal process consistency.
Generate quarterly reports on usage and compliance, providing recommendations for decommissioning or upgrading devices.
Develop and maintain device-compliance processes and procedures. This includes identifying compliance issues, notifying end users, creating email templates for end-user notifications, and collecting data for the email campaign (emails sent, dates, responses, and remediation success rates).
Create and maintain documentation for University-owned mobile devices. This includes the setup of mobile devices, the repair/loaner of devices, and the management of devices via MDM.
Develop, prepare, and assist other DoIT teams with documentation for various systems, including user help instructions and website information.
Duties may include working with other departmental technicians on out-of-compliance devices, testing of new mobile device procedures, and advising on profiles for managing devices.