Job Description - Officer, Information Security Description View created on 09/01/2014
Officer, Information Security
Associate Vice President, Information Technology
To provide a high level of information security analysis for Information Technology and other ACC departments.
Description of Duties and Tasks
Essential duties and responsibilities include the following. Other duties may be assigned.
Directs the planning, implementation, and execution of security policies, activities, and facilities against network and data security breaches and vulnerabilities.
Reviews application design documents and educates the development team on security techniques, compliance requirements, and industry best practices.
Remains current on information security topics and trends.
Participates in development of information technology disaster recovery and business continuity planning.
Audits existing systems, and directs the creation and administration of information technology security policies, activities, and standards.
Develops goals, objectives, and policies to ensure ACC compliance with all applicable state and federal data and network security guidelines, rules, and statutes.
Conducts periodic audits of internal data and network security controls to validate effectiveness, identify risks, and promote continuous improvement.
Reviews technology contracts for goods and services to ensure that data and network security aspects are properly addressed, and monitors contractor and vendor performance to these terms and conditions.
Researches, evaluates, recommends, and assists in developing systems and procedures for the prevention , detection, containment, and correction of data and network security breaches.
Creates and administers IT's data and network security related policies, procedures, processes, and checklists to ensure success of the ACC information security program.
Educates users and promotes security awareness.
Must possess required knowledge and be able to explain and demonstrate, with or without reasonable accommodations, that the essential functions of the job can be performed.
Operational knowledge of networking, operating systems, internet and data security application support.
Knowledge of limitations and capabilities of computer systems.
Knowledge of hacking techniques and culture.
Knowledge of local, state, and federal laws and regulations relating to information security.
Knowledge of statistical analysis process preferred.
Must possess required skills and be able to explain and demonstrate, with or without reasonable accommodations, that the essential functions of the job can be performed.
Planning, organizing and working independently, as well as within a team environment.
Presenting technical data in an understandable format to lay- and technical-audiences.
Resolving complex security issues in diverse environments.
Maintaining an established work schedule and being on call 24 hours per day to resolve security-related problems.
Meeting deadlines, schedules, and target dates.
Supervising, leading, and delegating tasks and authority.
Effectively using interpersonal and communications skills including tact and diplomacy.
Effectively using organizational and planning skills with attention to detail and follow through.
Configuring, deploying and monitoring security infrastructure.
Performing security risk assessments and audits.
Reviewing system and application specifications and making recommendations for security enhancements.
Maintaining confidentiality of work related information and materials.
Establishing and maintaining effective working relationships
Demonstrated proficiency using standard office software applications, query and control languages, programming languages, and database systems.
Occasional lifting of objects up to 10 pounds
Subject to standing, walking, sitting, bending, reaching, kneeling, pushing and pulling
Work is performed in a standard office environment.
Three years work experience in information security, network security, or IT auditing.
Five or more years related work experience with direct experience in maintaining an information resources technology security program; working in business continuity and disaster recovery; and experience in planning and managing projects.
Bachelor's degree in information technology, computer science, computer information systems, management information systems, business, or related field.
Certification in one of more areas of information security.
Experience with UNIX or Windows XP/2000/NT systems administration, enterprise backup systems such as Tivoli Storage Manager (TSM), and working experience in a TCP/IP environment.
Supervise safe operation of unit. Facilitate safety inspections. Take reasonable and prudent actions to eliminate identified hazards. Ensure employees receive appropriate safety training and foster a workplace safety culture.