Security Administrator/Information Security Specialist (0097556T)

About The Position

Requirements

• Possession of a pertinent baccalaureate educational degree in Computer Sciences or Information Security or related field and 5 years of progressively responsible professional information technology experience with responsibilities for Information Security, of which 2 years of the experience must have been comparable in scope and complexity to the next lower pay band in the University of Hawaii broadband system; or any equivalent combination of education and/or professional work experience which provides the required education, knowledge, skills and abilities as indicated.
• Considerable working knowledge of Information Security as demonstrated by the broad knowledge and understanding of the full range of pertinent standard and evolving information technology concepts, principles and methodologies.
• Considerable working knowledge and understanding of the broad technology, systems, hardware and software associated with Information Security.
• Demonstrated ability to recognize a wide range of intricate problems, use reasoning and logic to determine accurate causes, and apply principles and practices to determine, evaluate, integrate, and implement practical and thorough solutions in an effective and timely manner.
• Proven ability to comprehend, interpret and implement administrative directives and guidance to ensure IT operations align with organizational standards and industry best practices.
• Demonstrated ability to interpret and present information and ideas clearly and accurately in writing, verbally and by preparation of reports and other materials.
• Demonstrated ability to establish and maintain effective working relationships with internal and external organizations, groups, team leaders and members, and individuals.
• If applicable, for supervisory work, demonstrated ability to lead subordinates, manage work priorities and projects, and manage employee relations.
• Strong understanding of IT service management, cybersecurity principles, risk management, and compliance requirements.
• Demonstrated experience implementing and maintaining IT best practices, standards, and governance.
• Considerable knowledge of information security related standards.
• Considerable knowledge of international, federal, state and local laws, rules, regulations related to information security, privacy and higher education.
• Considerable working knowledge of current information security technologies and tools.
• Considerable knowledge of establishing/managing a GRC program for a large, decentralized organization.
• Working knowledge of computer forensics and investigative techniques.
• Experience with systems, systems administration, and network hardware and administration.
• Demonstrated ability to develop effective training materials.
• Demonstrated ability to develop and conduct effective in-person training/workshops.
• Demonstrated ability to combine and apply skill sets from many areas of IT.
• Demonstrated ability to speak, read, comprehend, interpret and write fluently in English.
• Demonstrated ability to establish and maintain effective working relationships in a positive, service-oriented manner with others.
• Demonstrated ability to work cooperatively with leadership, supervisor, project staff, and customers in a team environment to accomplish tasks and meet deadlines.
• Demonstrated ability to understand and follow oral and written instructions and documentation, write reports and procedures, and communicate effectively in a variety of situations.
• Demonstrated ability to learn and apply new technologies independently and in a timely manner using books, manuals, online research, and other resources.
• Working knowledge of common Internet protocols (such as TCP/IP) and applications.
• Working knowledge of one or more programming or scripting language.
• Ability to manage multiple projects.
• Ability to travel out-of-state.
• Ability to work a variable work schedule; and work outside normally scheduled work hours including day, night, weekend and/or holiday hours as directed.

Nice To Haves

• Certifications related to the information security area (e.g. CISSP, GIAC/GSEC, CISM, etc.)
• Working knowledge of configuring and implementing technical security solutions.
• Ability to supervise student employees.
• Prior cybersecurity experience in or with higher education.
• Masters or PhD in a related field.

Responsibilities

• Oversees, manages & maintains the UH information security data protection/compliance program.
• Serves as a security Governance, Risk, Compliance (GRC) Analyst.
• Performs compliance risk assessments.
• Provides reports on a regular basis & keep UH officers/senior leadership & functional groups informed of the operation and progress of compliance efforts.
• Identifies potential compliance vulnerabilities & risk; develops/implements corrective action plans for resolution of issues.
• Provides guidance to management & employees to ensure compliance & reduction/minimization of risk to the University.
• Provides technical advice, problem-solving assistance, and answers to questions regarding the information security program, compliance programs, policies, standards and procedures.
• Consults and collaborates with other departments (e.g. Legal, Internal Audit, HR, treasury, data governance, etc.) to direct compliance issues to appropriate channels for clarification, guidance, investigation, and resolution.
• Develops & revises policies/procedures of the compliance operation of the Information Security Program to maintain currency & relevance; integrate into existing policies/procedures; communicate changes & provide guidance to affected groups.
• Monitors the performance of the compliance programs and takes appropriate steps to improve its effectiveness.
• Responds to alleged violations of rules/regulations, policies/procedures & standards by evaluating or recommending the initiation of investigative procedures.
• Ensure compliance Issues are being appropriately evaluated, investigated & resolved.
• Ensures proper reporting of violations or potential violations to duly authorized enforcement agencies as appropriate and/or required.
• Develop an effective compliance training program for specific regulations as necessary for UH employees and conduct ongoing training.
• Incorporate into general information security awareness training as appropriate.
• Participates in security incident responses & investigations, including any emergency situations, and provides remediation support.
• Assists with analyses and investigations of reports of inappropriate use of technology and institutional/personal information, any alleged computer or network security compromises, and assists with the reporting and resolution of such incidents.
• Manage & monitor security hardware & applications in cooperation with Information Technology Services (ITS) staff.
• Monitors security threats, trends, technological developments and emerging practices in the IT industry and higher education.
• Participate in projects related to the evaluation and implementation of security-related technologies.
• Follows and implements directives and guidance related to best practices from University of Hawai'i System Information Technology Services.
• Ensures the consistent adoption, implementation, and enforcement of recommendations issued through University of Hawai'i System Information Technology Service.
• Keeps abreast of recommendations issued through University of Hawai'i System Information Technology Service, and takes timely action as needed.
• Continuously monitor and lead initiatives to enhance system reliability, security, and operational efficiency.
• Supervise and mentor IT staff to assure that administrative directives and industry best practices are understood and followed.
• Other duties as assigned.

Benefits

• Salary schedules and placement information