Educause Security Discussion mailing list archives
Job Posting - Cybersecurity Risk Administrative Associate
From: "Barnes, Joe" <jdbarns1 () ILLINOIS EDU>
Date: Thu, 9 May 2019 20:35:35 +0000
Please see below for a job opening at the University of Illinois at Urbana-Champaign. Applications must be received by May 30, 2019. Direct link to positon: https://jobs.illinois.edu/academic-job-board/job-details?jobID=113509&job=cybersecurity-risk-administrative-associate-technology-services-113509 Thanks Joe *********************************** Joe Barnes, CISSP Chief Privacy & Security Officer Technology Services University of Illinois at Urbana-Champaign jdbarns1 () illinois edu<mailto:jdbarns1 () illinois edu> Cybersecurity Risk Administrative Associate Technology Services University of Illinois at Urbana-Champaign Illinois is a world leader in research, teaching, and public engagement. We serve the state, the nation, and the world by creating knowledge, preparing students for lives of impact, and addressing critical societal needs through the transfer and application of knowledge. However, every great undertaking entails the risk of an event which impacts an organization's ability to effectively pursue its mission. The goal of prudent risk management is not to eliminate risk, but to help the organization identify areas where reasonable steps can be taken to reduce the likelihood and impact of untoward events on the primary mission. The Governance, Risk and Compliance arm of the Privacy and Information Security function at the University of Illinois at Urbana-Champaign works with compliance officers and units all across the university, and the university system, to facilitate IT Security risk analysis and help develop effective risk mitigation approaches that contribute to enabling the University of Illinois to become the preeminent Research 1 land grant university. Primary Position Function/Summary: Provide risk-focused privacy and security administrative assistance to customers across the university, which can include one or more of the following: cybersecurity risk consulting, security initiatives, exception requests, risk reporting and assignment; contract reviews, security event monitoring, metrics gathering, security-focused reports, and risk-related assessments, as needed. The goal is to assist in the facilitation of the strategic, efficient, and timely measurement, management, notification of, acknowledgement, and mitigation of cybersecurity risks. Major Duties and Responsibilities: Process and complete risk administration tasks, work orders, projects, and duties on behalf of Security's Governance, Risk, and Compliance function, in a timely manner: * Oversees the cybersecurity risk management aspects of IT and administrative operations. * Independently complete assigned projects. * Process policy and/or standards exception requests, evaluate the risks involved, and facilitate the university cybersecurity risk process amongst stakeholders, risk owners, data stewards, and executive decision makers. * Conduct or assist with periodic security-focused risk assessments of systems and tools used across the university. Produce related reports. * Complete contract reviews as assigned. Prepares cybersecurity risk sections of proposals. * Develop and maintain Technology Services-specific security procedures. Consult with the Privacy and Security team, university customers, and strategic partners on IT-related risks, requirements, policies, and standards: * Work with units, end users, and IT Professionals to advise on and provide user-focused education about security practices that align with the university's NIST-based privacy and security policies, standards, and other requirements. * Serve as a service and information resource for faculty, researchers, IT Professionals, and other employees on the subject of sensitive data logistics, risks, and requirements; and as a consultant to campus constituents as necessary. * Consult with faculty and researchers on the development of technology control plans and grant proposals. * Advise on university requirements for development, implementation, and refinement of solutions for security monitoring, detection, and response with members of the operational Cybersecurity teams. Represent the security office in collaborative and strategic initiatives, including: * Apply professional information security knowledge, experience, skills, and abilities independently on projects and programs. * Participate and facilitate internal and university meetings. * Present findings and other reports to technical, management, administrative, and executive leadership audiences. * Review existing procedures and practices with operational staff across the university and implement university standards and industry best practices for security. * Provide excellent Customer Service on behalf of the Security Office. * Advocate for Technology Services or other clients and partners in service planning and deployment across the organization. * Resolve customer concerns. * Understand the overall processes and procedures of the organization and make recommendations in the continual improvement of those processes and procedures, provide for management analysis and recommendations on continual improvement. Develop and maintain personal and professional excellence as follows: * Attend outside seminars/courses and thorough review of published literature. * Stay abreast of industry trends, methods, solutions, and technologies. * Participate in university-sponsored training. * Participate in manager-approved individual development initiatives. * Participate in professional development. * Participate in manager-approved innovation programs. Actively network and maintain relationships within the university community. Proactively communicate relevant security-related information. Stay informed of needs and initiatives. Assist with the development and maintenance of disaster recovery and business continuity plans for Technology Services. Formulate, optimize, or enhance procedures such that they facilitate desired outcomes and work in concert with all Security workflows. * Draft and review documentation, including but not limited to: * analysis documents for technical, administrative, or procedural security issues * procedural documentation/playbooks * team documentation Participate in team discussions. Drive discussions as needed to represent the needs of the area in which you work. Other duties as assigned. Qualifications: Education: Required: Bachelor's degree Preferred: Bachelor's degree in a business, IT, cyber security, technical, or legal-related discipline. Experience: Required: Two years of accumulative work experience in IT security, IT risk, or IT compliance, in an IT or business related field Preferred: *Professional IT administrative experience, cybersecurity operational experience, IT policy experience, or cybersecurity Governance, Risk, & Compliance experience. *Experience authoring and presenting a wide range of formal and informal business and technical communications tailored to individual or plural organizational audiences. *Experience working with policies and standards based on recognized industry framework (e.g. NIST, ISO, COBIT). *Experience with large scale higher education enterprise computing environments. Training, Licenses or Certifications: Preferred: Security or compliance-related certifications such as CISSP, CRISC, SANS, GIAC. Knowledge, Skills, and Abilities: Knowledge and ability in one or more of the following domains: * IT compliance, security risk management, security architecture, network security, identity and access management; Security assessment and testing; security operations, software development/application security, and/or security and risks in cloud computing environments. * Base knowledge of risk management principles, practices, methods, and techniques. * Excellent attention to detail. * Problem solving ability. * Decision-making ability * Demonstrated ability in effective communication and collaborating in a high performance team environment, including oral, written, and active listening. * Demonstrated commitment to customer service and customer satisfaction principles. * Ability to collaborate positively and effectively with diverse workgroups. * Individuals will be required to submit to a background examination. * Ability to maintain high security/privacy controls when dealing with sensitive information. Knowledge, Skills, and Abilities Preferred * Expertise with various cybersecurity technologies, methods, solutions, and detection solutions. * Knowledge of programming languages, software development practice, and/or application security. Environmental Demands: Work is performed in a high-volume office setting with other employees that involves the ability to function while dealing with interruptions and distractions to meet the many day-to-day deadlines. SALARY AND APPOINTMENT INFORMATION This is a full-time Civil Service IT Technical Associate position appointed on a 12-month service basis. The expected start date is as soon as possible after May 30, 2019. Salary is commensurate with experience. To Apply: Applications must be received by May 30, 2019. Apply for this position using the "Apply for Position" button below. If you have not applied before, you must create your candidate profile at http://jobs.illinois.edu<http://jobs.illinois.edu/>. If you already have a profile, you will be redirected to that existing profile via email notification. To complete the application process: Step 1) Submit the Staff Vacancy Application using the "Apply for Position" button below. Step 2) Submit the Voluntary Self-Identification of Disability forms. Step 3) Upload your cover letter, resume (months and years of employment must be included), and academic credentials (unofficial transcripts or diploma may be acceptable), and names/contact information for three references. In order to be considered as a transfer candidate, you must apply for this position using the "Apply for Position" button below. Applications not submitted through this website will not be considered. For further information about this specific position, contact Rhonda Miller at 217-333-4222. For questions about the application process, please contact 217-333-2137. The University of Illinois conducts criminal background checks on all job candidates upon acceptance of a contingent offer. The University of Illinois is an Equal Opportunity, Affirmative Action employer. Minorities, women, veterans and individuals with disabilities are encouraged to apply. For more information, visit http://go.illinois.edu/EEO.
Current thread:
- Job Posting - Cybersecurity Risk Administrative Associate Barnes, Joe (May 09)