IT Security Administrator

About The Position

Requirements

• Knowledge of information security principles, practices, frameworks (e.g., NIST CSF, CIS Controls, ISO 27001) and regulatory requirements. (e.g., FERPA, GLBA)
• Knowledge and skill in log analysis, security event monitoring, and incident response processes.
• Knowledge and skill with email security gateways, phishing detection, and remediation strategies.
• Ability to write clear and structured policies, procedures, standards, and guidelines.
• Knowledge in technical documentation, regulatory references, and policy lifecycle management.
• Ability to work independently with minimal supervision, while also functioning effectively as part of a team.
• Skill in security awareness, communication, and end-user guidance.
• Skill in oral, written, and interpersonal communication.
• Bachelor’s Degree in Computer Science, Computer Information Systems, or Cybersecurity and 3 years of directly related experience; or any equivalent combination of education, training, and/or experience approved by Information Technology Services and Human Resources.

Nice To Haves

• Master’s Degree in Computer Science, Cybersecurity, or a directly related field
• Certifications in appropriate platforms
• Over 5 years of directly related experience

Responsibilities

• Develop, write, review, and maintain clear, concise, and actionable ITS security policies, standards, and procedures aligned with institutional goals and regulatory requirements (e.g., FERPA, GLBA, NIST).
• Collaborate with ITS leadership, compliance officers, and key stakeholders to ensure policy documents reflect current operational practices and evolving cybersecurity threats.
• Translate technical security controls and frameworks (e.g., NIST CSF, CIS Controls) into user-friendly documentation for both technical and non-technical audiences.
• Ensure version control, audit trails, and documentation integrity are maintained across all ITS security documentation.
• Assist in the development of cybersecurity awareness content, acceptable use guidelines, and secure computing practices tailored to faculty, staff, and students.
• Support internal and external audits by preparing or reviewing security documentation to demonstrate policy compliance and control effectiveness.
• Monitor industry trends and best practices in cybersecurity governance to recommend enhancements to institutional policy frameworks.
• Partner with internal ITS teams to document technical procedures related to system hardening, access control, network security, and data protection.
• Review and analyze infrastructure and security system logs, investigating anomalies and escalating incidents as appropriate.
• Schedule and maintain vulnerability scanning, analyze and create documentation of remediation of discovered vulnerabilities.
• Respond to Phish Alert submissions, validate potential threats, and provide timely guidance or remediation actions in coordination with senior analysts.
• Review suspicious messages quarantined by the email security gateway, making informed release or block decisions to protect end users.
• Collaborate with the Infrastructure team to ensure timely detection, analysis, and response to security alerts across systems and networks.
• Document incident response activities, lessons learned, and recommendations to strengthen detection and response capabilities.
• Performs other duties as assigned.

Benefits

• Cafeteria Plan: In addition to the base compensation, benefits-eligible employees receive an extra $6,720 per year to put toward benefit costs or to be used as additional take-home pay
• Paid Holidays: 21 (including a full week off between Christmas and New Year’s Day and over Spring Break)
• Vacation & Sick Leave: Approximately 17 paid vacation days & 9 paid sick leave days accrued annually
• Health Insurance and Other Coverage: see https://www.coconino.edu/benefits/full-time-benefits