"IT Security Professional II"

Position Summary

The mission of the Office of Information Technology is to support and strengthen the academic, administrative, and associated research needs of all faculty, staff, and students at Winston Salem State University through the provisioning, support, maintenance, availability, and outreach of Information Technology Services. The IT Security Professional II position serves in the Office of Information Technology by assisting in developing, monitoring, and enforcing practices to ensure that university data and resources are secure. The candidate is expected to stay up-to-date on cyber intelligence, monitor emerging products, hacker technologies, and best practices that will improve security for the organization and enhance operations.

Key Responsibilities

• Assist in the development, implementation, and monitoring of access control, data confidentiality, system integrity, system reliability, system audit, recovery methods and procedures, and other security measures as assigned
• Conduct internal IT system audits periodically to ensure that data is being properly managed and secured in the Cloud and On-Premise and that legal or security requirements are met consistently
• Enhance or improve business processes via integration, or, as necessary, minimize the impact of integration on those processes
• Lead efforts to monitor, identify, and report cybersecurity/information technology-related incidents that involve research data, enterprise systems, and other sensitive data such as personally identifiable information (PII)
• Operate autonomously to further investigate and escalate in accordance with protocols and contractual SLAs
• Independently resolve routine and non-routine information security access, or industry established information security problems
• Assist or lead in interactions with hardware and software vendors as appropriate to solve potential or reported information security problems using best practices or established standards
• Document all pertinent end user identification information for system access, including name, department, contact information, and nature of problem or issue
• Create cybersecurity reporting metrics and information security best practices, standards, and procedures
• Communicate and report results of information security and system compliance problems and issues to key stakeholders, including management, development teams, end users, and unit leaders
• Consults with end users, university clients and higher-level specialists and analysts to resolve technical problems and ensure customer satisfaction
• Monitor and operationalize security threat feeds, articles, and reports to remain up to date on the latest security risks, threats, and technology trends
• Monitor, research, and make recommendations on emerging products, tools, services, protocols, and standards that will support the data management and information security strategy to improve IT security posture for the University, Office of Information Technology Department, and Stakeholders
• Additional duties as assigned

Requirements and Preferences

Department Required Skills

• Graduation from a 4 year institution with a degree in Information Technology, Management Information Systems, Security Systems or another related field
• 2 years of experience in Information Technology (A combination of education and experience will be considered)
• Working, practical experience, with at least one of the following: PaloAlto, McAfee ePO or ENS, ClamAV, vCenter Configuration Management Software, Oracle/Peoplesoft security, MySQL, MS SQL, LDAP, Kerberos, Active Directory, Shibboleth/SAML2, Apache, IIS, Nessus vulnerability scanner, SIEM, Office 365 Data Loss Prevention & Security, Email Encryption, Spirion/Identity Finder, other Data Loss Prevention tools, SMTP, SNMP, PHP, or Java
• Experience with web development, scripting, or programming helpful
• Excellent communication skills
• Team-oriented and self-motivated within a team environment required

Preferred Years Experience, Skills, Training, Education

Certifications related to the duties and responsibilities specified, including but not limited to Security+, CNA, CCNA, CISA, CISSP, MCSE, SSCP, and SANS GIAC preferred but not required.

Required License or Certification

n/a

Valid US Driver's License

Yes

Commercial Driver's License Required

No

Physical Required

No

List any other medical/drug tests required

n/a