TITLE Information Security Specialist
CLASSIFICATION NUMBER 5182
IMMEDIATE SUPERVISOR Information Security Analyst
MAJOR ADMINISTRATOR Information Security Officer
The Information Security Specialist operates information security tools, including Security Information and Event Management (SIEM) and vulnerability assessment systems, and collaborates with other University information technology professionals to expand their use. The Information Security Specialist administers access control for the University’s Enterprise Resource Planning (ERP) information system, monitors access controls to assure adherence to University policies, maintains the integrity of the access control process, and adjusts access control rights when personnel changes occur. The Information Security Specialist assists the Information Security Analyst in researching and recommending information technology products and services that can be securely used throughout the University system.
MINIMUM ACCEPTABLE QUALIFICATIONS
Education/Experience: An Associate’s degree and two years of experience in the information technology field is required or an equivalent combination of education and information technology experience (per the Job Family 3 Education and Experience Equivalencies Chart) is required. A Bachelor’s degree, with an emphasis in a computer-related field is preferred. Work experience in a higher education environment is preferred.
Skills: Excellent technical aptitude in the areas of microcomputers and related peripherals is required. A basic understanding of network topologies, file server administration, microcomputer-based application software, and computer-related diagnostic techniques is required. The ability to perform in a problem-solving capacity including the evaluation of crisis and emergency situations is required. Effective verbal and written communication and customer service skills are required. The ability to follow technical instructions is required. The ability to manage multiple tasks concurrently is required. The ability to develop knowledge of, respect for, and skills to engage with those of other cultures or backgrounds is required. Functional knowledge of operating systems and software associated with enterprise computing is preferred.
ESSENTIAL DUTIES AND RESPONSIBILITIES
1. Grants and revokes access to the University’s ERP information systems by using professional judgement and effective communication skills to confirm the validity of the request, gain approval from system owners, and grant access according to define roles.
2. Maintains documentation of access requests and authorizations and rejections to provide an appropriate audit log of activity.
3. Assists with the development and maintenance of information security procedures to govern access control.
4. Operates and monitors information security monitoring tools and escalates issues discovered to the Information Security Analyst.
5. Works with the Information Security Officer and others as appropriate to develop an effective information security compliance training program, including appropriate introductory training for new employees as well as ongoing training for all employees and managers.
6. Engages and collaborates with other information technology professionals to advance the University’s information security short-term and long-term goals.
7. Ensures the confidentiality, integrity, and availability of University systems and information by application and enforcement of the University’s information security policies.
8. Contributes to a work environment that encourages knowledge of, respect for, and the development of skills to engage with those of other cultures or backgrounds.
9. Remains competent and current through self-directed professional reading, developing professional contacts with colleagues, attending professional development courses, and attending training and/or courses as directed by the Information Security Analyst.
10. Contributes to the overall success of the University by performing all other duties as assigned.
The Information Security Specialist is supervised by the Information Security Analyst and may supervise part-time employees.
OFFICE OF HUMAN RESOURCES
JOB FAMILY 3
Factor 1: Educational/Experience Requirements of the Job
Level 6 - 1182 Points: A combination of education and experience equivalent to a Level 6 as indicated by the Equivalencies Chart, when permitted by the Minimum Acceptable Qualifications.
Factor 2: Supervisory Responsibility
Level 2 - 598 Points: Irregular but occasional responsibility to direct the work of student workers and/or temporary or part-time workers. At this level are jobs in which the incumbent may be asked to supervise small numbers of student workers, graduate assistants, or part-time employees, but the supervisory work is irregular or infrequent. The nature of supervision is largely confined to assigning tasks to others and does not include a full range of supervisory responsibilities.
Factor 3: Skill, Complexity, and Technical Mastery
Level 5 - 1600 Points: Knowledge of information technology methods and procedures applicable to several types of work processes. Knowledge permits the employee to carry out work assignments where the objectives are clearly identified and can be accomplished by adapting precedents and established practices.
Factor 4: Budgetary Control
Level 1 - 193 Points: Jobs at this level involve no budgetary control except for the normal responsibilities associated with monitoring and reporting everyday expenses.
Factor 5: Work Environment and Physical Demands
Level 1 - 25 Points: The work environment has only everyday discomforts associated with an office or commercial vehicle. The work area is adequately lighted, heated or cooled, and ventilated. Work is largely sedentary involving mostly sitting with occasional walking, standing, bending, or carrying of small items. No special physical demands are required of the work.
Factor 6: Work Impact and Effect
Level 3 - 2340 Points: Work products or services directly impact the operation, accuracy, reliability, acceptability, or design of programs, systems, or equipment, that affect the operation of individual departments or units. The work activity may be complex, but normally involves addressing conventional problems or situations with established methods that allow departments, programs, or units to function properly. Improperly performed work and/or equipment or software failures likely produce significant errors and/or create delays that directly affect the ability of a department, program, or unit to function properly, and the welfare of faculty, students, or others that use the services and/or products of the department, program, or unit. While the scope of improperly performed work and/or equipment or software failure is limited, the nature of the activity may require that emergency repairs be performed.