IT Compliance and Security Coordinator

POSITION DESCRIPTION

DUTIES AND RESPONSIBILITIES

The work below is representative of the scope of work performed within this job classification. Individual job duties will vary based on work assignment.

• Strategy and Policy Development

• Recommend short-and-long-term objectives to secure business assets which are balanced with ensuring high levels of customer service delivery, regulatory/audit compliance and system standardization.
• Analyze and proactively identify areas where policies can be improved, provide recommendations for new products or changes to mitigate business risk.
• Determine system and security requirements by evaluating business strategies and requirements, research information systems and security standards.

• Monitor, audit and take proactive action in cooperation with system administrators to mitigate identified issues on an ongoing basis. Provide IT Management with regular status updates and assessments of overall risk profile.
• Implement and maintain and ongoing employee education program to ensure security awareness throughout the user population. Recommend specific security related training for system administrators.
• Conduct system security and vulnerability assessments and report status to IT and Senior Management.
• Generate and maintain documentation for security specific system hardware and software to include system security plans, configuration, equipment lists, practices and procedures.
• Perform complex technical and professional work relative to planning, design, implementation and administration of security related enterprise networking solutions in a multi-departmental network environment.

• Implement, and maintain approved security controls, policies, processes and procedures to manage risk across the RPU information system environment.
• Ensure the confidentiality, integrity, and availability of the RPU IT system.
• Develop and recommend an ongoing audit plan to evaluate and improve the security effectiveness of the current network systems.
• Provide oversight and administration of security assessments and audits performed by internal staff or third-party vendors; implement an action plan to address any deficiencies; ensure completion of action plan.
• Examine and evaluate the appropriateness and effectiveness of technological and operational controls and provide recommendations for improvements.
• When needed, complete or coordinate audits for internal controls, PCI, NERC/CIP and other regulatory bodies of the IT infrastructure.
• Provide periodic updates to the IT and Senior Management relative to key initiatives, audit findings, and improvement plans.
• Monitor and analyze security logs and alerts from various sources, (E-ISAC, CISA) such as firewalls, antivirus, intrusion detection and prevention systems, and security information and event management (SIEM) tools.
• Lead development and testing of risk management activities including incident response, disaster recovery, IT related business continuity, backup and restore.

• 
  Leadership and Direction

• Provide leadership and expertise to IT staff and RPU employees regarding technical and security-related projects (new systems and improvements to existing systems).
• Engage departmental IT staff for the purpose of analyzing technical issues and security risks, recommending solutions, planning and implementing infrastructure changes.
• Consult with internal and external customers to define requirements for complex systems and infrastructure development.
• Serve as a liaison with external vendors.
• Maintain awareness of changes in the technology/regulatory environment and the relevance to information systems.
• Serve as a subject matter expert on IT optimization/security as it relates to infrastructure, industry best practices, trends and network system performance.
• Participate in and/or lead IT projects using standard project management methodology.
• Coordinate efforts with third parties to enhance RPU’s security posture. This may include seeking grant opportunities and other security related services.

• 
  Technical Support Services

• Provide budget planning assistance, service cost allocations, and monitoring of IT budgets including operations, and project budgets.
• Provide recommendations to and IT Management to improve the performance and optimization of Information Technology resources.
• Troubleshoot and develop solutions to complex technical processing problems.
• Provide high-level server/network related technical assistance to teammates in the organization.
• Serve as subject matter expert and resource for department system administrators and other teammates.

MINIMUM QUALIFICATIONS

ADDITIONAL INFORMATION