Information Technologist IV/S
Back to search results
Job no: 548265
Work type: Support Staff
Major Administrative Unit / College:
Information Technology Services
It Services Security 40000819
Salary Commensurate with Experience
Location: East Lansing
Categories: Full Time (90-100%), Professional Supervisory- APSA, Information Technology, Union
This position will specialize in leading the information security risk management process within the University. The primary responsibilities of the position are to assess adequacy of application/data security controls, business continuity/disaster recovery controls, evaluate threats and vulnerabilities and calculate the level of current and residual risk and communicate these risks to business units and management.
The candidate must have the ability to convey complicated technology and security concepts to management and ideally has technical knowledge and/or experience in security, networking, systems administration, database administration, architecture or another technical domain. Alternatively, proficiency in a risk management framework and conducting risk assessments in a regulated environment is desired.
The IT Security GRC Lead needs excellent verbal and written communication skills with the ability to understand business requirements. To succeed in this position, they must be able to develop risk management strategies that align with business goals and operations and protect the confidentiality, integrity and availability of information systems and our data.
This position will require a highly qualified individual who has strong problem solving and technical skills; is a strong critical thinker who is detail oriented; can analyze and process large data sets. This individual should be able to be responsive and biased towards speed and execution; can work under pressure across multiple roles and hierarchies, is highly collaborative but can also work independently, and is innovative.
Unit Specific Education/Experience/Skills
Knowledge equivalent to that which normally would be acquired by completing a four-year college degree program in Computer Science, Information Systems, Business or a related information technology field, with coursework in an information technology specialization related to the area of employment; and more than eight years of related and progressively more responsible or expansive work experience in an information technology area related to the duties to be performed, including experience overseeing large, complex or critical information technology projects; broad knowledge of best practices and trends in the field of Information Security and Risk Management; experience in developing and/or implementing an overall risk management strategy for new or existing services with key business stakeholders; knowledge of information security standards and frameworks (e.g., ISO 17799/27002, NIST 800-53, COBIT 5, etc.), rules and regulations related to information security and data confidentiality (e.g., FERPA, HIPAA, PCI-DSS, FISMA, etc.); experience identifying risks between desktop and server operating systems as they relate to application and database connections; experience with network security principles towards risk identification and analysis; knowledge of project management and in the use of project management tools; or an equivalent combination of education and experience.
- A bachelor's degree in information systems, computer science, or related field with coursework in an information technology specialization related to the area of employment.
- Experience in reviewing software designs (vendor purchased or custom engineered) for compliance with local, state and federal information security laws and compliance requirements, business continuity and disaster recovery requirements and recommending appropriate language as necessary.
- Experience in information technology security policy development, security awareness education, application vulnerability assessments, risk analysis and compliance testing.
- Experience in identifying and communicating recommended security and business continuity controls and control deficiencies for business units.
- Experience documenting and monitoring the implementation of controls for technology and business project plans.
- Excellent interpersonal/communication skills (both verbal and written).
- Ability to understand, discuss, and explain technical issues with diverse audiences.
- Demonstrated pursuit of excellence and mastery in the field of Information Assurance, such as publication in industry trade journals, active participation in trade associations, or speaking at conferences.
- Dedication to advancing the field of Information Assurance through community service such as volunteer work for philanthropic or nonprofit organizations.
- Applicant should have at least one of the following certifications:
- Certified Information Systems Auditor (CISA)
- Certified Information Systems Manager (CISM)
- Certified Information Systems Security Professional (CISSP)
Required Application Materials
Cover Letter & Resume
Bidding eligibility ends on 12/11/18 at 11:55 PM.
Advertised: Eastern Standard Time
Applications close: Eastern Standard Time
Back to search results Apply now Refer a friend