Job Posting - Cybersecurity Risk Administrative Associate

["Barnes, Joe" <jdbarns1 () ILLINOIS EDU>]

Please see below for a job opening at the University of Illinois at Urbana-Champaign.  Applications must be received by 
May 30, 2019.

Direct link to positon: 
https://jobs.illinois.edu/academic-job-board/job-details?jobID=113509&job=cybersecurity-risk-administrative-associate-technology-services-113509

Thanks
Joe


***********************************
Joe Barnes, CISSP
Chief Privacy & Security Officer
Technology Services
University of Illinois at Urbana-Champaign
jdbarns1 () illinois edu<mailto:jdbarns1 () illinois edu>



Cybersecurity Risk Administrative Associate

Technology Services

University of Illinois at Urbana-Champaign



Illinois is a world leader in research, teaching, and public engagement. We serve the state, the nation, and the world 
by creating knowledge, preparing students for lives of impact, and addressing critical societal needs through the 
transfer and application of knowledge. However, every great undertaking entails the risk of an event which impacts an 
organization's ability to effectively pursue its mission. The goal of prudent risk management is not to eliminate risk, 
but to help the organization identify areas where reasonable steps can be taken to reduce the likelihood and impact of 
untoward events on the primary mission. The Governance, Risk and Compliance arm of the Privacy and Information Security 
function at the University of Illinois at Urbana-Champaign works with compliance officers and units all across the 
university, and the university system, to facilitate IT Security risk analysis and help develop effective risk 
mitigation approaches that contribute to enabling the University of Illinois to become the preeminent Research 1 land 
grant university.

Primary Position Function/Summary:

Provide risk-focused privacy and security administrative assistance to customers across the university, which can 
include one or more of the following: cybersecurity risk consulting, security initiatives, exception requests, risk 
reporting and assignment; contract reviews, security event monitoring, metrics gathering, security-focused reports, and 
risk-related assessments, as needed. The goal is to assist in the facilitation of the strategic, efficient, and timely 
measurement, management, notification of, acknowledgement, and mitigation of cybersecurity risks.

Major Duties and Responsibilities:

Process and complete risk administration tasks, work orders, projects, and duties on behalf of Security's Governance, 
Risk, and Compliance function, in a timely manner:

  *   Oversees the cybersecurity risk management aspects of IT and administrative operations.
  *   Independently complete assigned projects.
  *   Process policy and/or standards exception requests, evaluate the risks involved, and facilitate the university 
cybersecurity risk process amongst stakeholders, risk owners, data stewards, and executive decision makers.
  *   Conduct or assist with periodic security-focused risk assessments of systems and tools used across the 
university. Produce related reports.
  *   Complete contract reviews as assigned. Prepares cybersecurity risk sections of proposals.
  *   Develop and maintain Technology Services-specific security procedures.

Consult with the Privacy and Security team, university customers, and strategic partners on IT-related risks, 
requirements, policies, and standards:

  *   Work with units, end users, and IT Professionals to advise on and provide user-focused education about security 
practices that align with the university's NIST-based privacy and security policies, standards, and other requirements.
  *   Serve as a service and information resource for faculty, researchers, IT Professionals, and other employees on 
the subject of sensitive data logistics, risks, and requirements; and as a consultant to campus constituents as 
necessary.
  *   Consult with faculty and researchers on the development of technology control plans and grant proposals.
  *   Advise on university requirements for development, implementation, and refinement of solutions for security 
monitoring, detection, and response with members of the operational Cybersecurity teams.

Represent the security office in collaborative and strategic initiatives, including:

  *   Apply professional information security knowledge, experience, skills, and abilities independently on projects 
and programs.
  *   Participate and facilitate internal and university meetings.
  *   Present findings and other reports to technical, management, administrative, and executive leadership audiences.
  *   Review existing procedures and practices with operational staff across the university and implement university 
standards and industry best practices for security.
  *   Provide excellent Customer Service on behalf of the Security Office.
  *   Advocate for Technology Services or other clients and partners in service planning and deployment across the 
organization.
  *   Resolve customer concerns.
  *   Understand the overall processes and procedures of the organization and make recommendations in the continual 
improvement of those processes and procedures, provide for management analysis and recommendations on continual 
improvement.

Develop and maintain personal and professional excellence as follows:

  *   Attend outside seminars/courses and thorough review of published literature.
  *   Stay abreast of industry trends, methods, solutions, and technologies.
  *   Participate in university-sponsored training.
  *   Participate in manager-approved individual development initiatives.
  *   Participate in professional development.
  *   Participate in manager-approved innovation programs.

Actively network and maintain relationships within the university community. Proactively communicate relevant 
security-related information. Stay informed of needs and initiatives.

Assist with the development and maintenance of disaster recovery and business continuity plans for Technology Services.

Formulate, optimize, or enhance procedures such that they facilitate desired outcomes and work in concert with all 
Security workflows.

  *   Draft and review documentation, including but not limited to:

  *   analysis documents for technical, administrative, or procedural security issues
  *   procedural documentation/playbooks
  *   team documentation

Participate in team discussions. Drive discussions as needed to represent the needs of the area in which you work.

Other duties as assigned.

Qualifications:

Education:

Required:  Bachelor's degree

Preferred:  Bachelor's degree in a business, IT, cyber security, technical, or legal-related discipline.

Experience:

Required:  Two years of accumulative work experience in IT security, IT risk, or IT compliance, in an IT or business 
related field

Preferred:

*Professional IT administrative experience, cybersecurity operational experience, IT policy experience, or 
cybersecurity Governance, Risk, & Compliance experience.

*Experience authoring and presenting a wide range of formal and informal business and technical communications tailored 
to individual or plural organizational audiences.

*Experience working with policies and standards based on recognized industry framework (e.g. NIST, ISO, COBIT).

*Experience with large scale higher education enterprise computing environments.

Training, Licenses or Certifications:

Preferred:   Security or compliance-related certifications such as CISSP, CRISC, SANS, GIAC.

Knowledge, Skills, and Abilities:

Knowledge and ability in one or more of the following domains:

  *   IT compliance, security risk management, security architecture, network security, identity and access management; 
Security assessment and testing; security operations, software development/application security, and/or security and 
risks in cloud computing environments.
  *   Base knowledge of risk management principles, practices, methods, and techniques.
  *   Excellent attention to detail.
  *   Problem solving ability.
  *   Decision-making ability
  *   Demonstrated ability in effective communication and collaborating in a high performance team environment, 
including oral, written, and active listening.
  *   Demonstrated commitment to customer service and customer satisfaction principles.
  *   Ability to collaborate positively and effectively with diverse workgroups.
  *   Individuals will be required to submit to a background examination.
  *   Ability to maintain high security/privacy controls when dealing with sensitive information.

Knowledge, Skills, and Abilities Preferred

  *   Expertise with various cybersecurity technologies, methods, solutions, and detection solutions.
  *   Knowledge of programming languages, software development practice, and/or application security.

Environmental Demands:

Work is performed in a high-volume office setting with other employees that involves the ability to function while 
dealing with interruptions and distractions to meet the many day-to-day deadlines.

SALARY AND APPOINTMENT INFORMATION

This is a full-time Civil Service IT Technical Associate position appointed on a 12-month service basis. The expected 
start date is as soon as possible after May 30, 2019.  Salary is commensurate with experience.

To Apply:

Applications must be received by May 30, 2019. Apply for this position using the "Apply for Position" button below.  If 
you have not applied before, you must create your candidate profile at 
http://jobs.illinois.edu<http://jobs.illinois.edu/>.  If you already have a profile, you will be redirected to that 
existing profile via email notification.  To complete the application process:

Step 1) Submit the Staff Vacancy Application using the "Apply for Position" button below.

Step 2) Submit the Voluntary Self-Identification of Disability forms.

Step 3) Upload your cover letter, resume (months and years of employment must be included), and academic credentials 
(unofficial transcripts or diploma may be acceptable), and names/contact information for three references.

In order to be considered as a transfer candidate, you must apply for this position using the "Apply for Position" 
button below. Applications not submitted through this website will not be considered. For further information about 
this specific position, contact Rhonda Miller at 217-333-4222.  For questions about the application process, please 
contact 217-333-2137.

The University of Illinois conducts criminal background checks on all job candidates upon acceptance of a contingent 
offer.

The University of Illinois is an Equal Opportunity, Affirmative Action employer. Minorities, women, veterans and 
individuals with disabilities are encouraged to apply. For more information, visit http://go.illinois.edu/EEO.