Job Description - Analyst, IT Security Description View created on 04/01/2015
Analyst, IT Security
Officer, Information Security
To use technology to provide security of data and systems for ACC College-wide; to address various external regulatory and internal needs in meeting those needs; to be an advocate for computer systems security within the College.
Description of Duties and Tasks
Essential duties and responsibilities include the following. Other duties may be assigned.
Conducts routine security reviews to ensure that the security set-up, user logon validity, and application usage for IT systems is in compliance with ACC policies, guidelines, and local/state/and federal regulations.
Coordinates implementation of security audits and system vulnerability tests with outside vendors.
Serves as subject matter expert and provides level 2 & 3 support for troubleshooting users, application, and data access issues.
Trains users and conducts employee orientation on ACC security Awareness program.
Assists in development, implementation, and review of IT systems user access rules to balance security needs with ease of use in accordance with job related requirements and ACC security policy and guidelines.
Assists in advising management and users regarding security procedures.
Assists in the development of information technology, disaster recovery, and business continuity planning.
Installs, configures, monitors, and responds to security system needs.
Proactively assesses potential items of risk and opportunities of vulnerability in the network.
Evaluates and develops approach to solutions in IT security area.
Supports day-to-day administration of various firewalls.
Must possess required knowledge and be able to explain and demonstrate, with or without reasonable accommodations, that the essential functions of the job can be performed.
Solid knowledge of information security principles and practices.
Understanding of current, advanced data security standards and protocol.
Technical support processes and protocol.
IT quality control processes.
Methods and procedures for transmitting electronic data.
System and application software and hardware.
Technical knowledge of UNIX, AIX, Linux, Cisco Network ISD, Cisco Host-based-IDS, eTrust Access Contol, ESM, and IDS, DES encryption, Digital Certificates, SSl, VPN, IPSec, TCP/IP, CNS and web security architecture, mySQL, subversion, SpamAssassin, Nmap, Nikto, Nessus, and/or Paros.
Working knowledge of higher education; local, state, and federal regulations; issues; techniques; data integrity and analysis related to systems; and data with applications security.
Must possess required skills and be able to explain and demonstrate, with or without reasonable accommodations, that the essential functions of the job can be performed.
Maintaining an established work schedule and provide on-call assistance, including nights and weekends.
Effectively using interpersonal and communications skills including tact and diplomacy.
Effectively using organizational and planning skills, including attention to detail and follow-through.
Effectively keeping up with administrative system security demands.
Conducting research, analysis, audits, and quality assurance in relation to administrative application security.
Tracking, troubleshooting, and resolving user problems.
Efficiently meeting deadlines, schedules, and target dates.
Maintaining confidentiality of work related information and materials.
Establishing and maintaining effective working relationships.
Demonstrated proficiency using standard office software applications, query and control languages, and database management systems.
Occasional lifting of objects up to 20 pounds.
Subject to standing, walking, sitting, bending, reaching, kneeling, pushing and pulling.
Work is primarily performed in an office environment.
Two years related work experience.
More than two years of combined IT systems and application security work experience.
Work experience with intrusion detection systems, software and security architecture, or security practices of Intranet and Extranet.
Associate degree, or educational equivalent, in Computer Science, Information Technology, or related field.
Bachelor’s degree in Computer Information Systems, Computer Science, or related field.
Work safely and follow safety rules. Report unsafe working conditions and behavior. Take reasonable and prudent actions to prevent others from engaging in unsafe practices.