The Information Security Specialist provides security-focused support to users and leads key security initiatives for the TBR Central Office and TBR institutions, while operating under the direct guidance of the Chief Information Security Officer (CISO).
This role is responsible for incident monitoring, collecting metrics, generating detailed security reports, and conducting security-related audits as needed. The specialist manages the operation and maintenance of security infrastructure, evaluates, recommends, and implements approved new technologies and innovations, addresses and resolves reported information security issues.
Additional responsibilities include incident management, risk assessment, implementation and oversight of security controls, delivery of awareness training, development and enforcement of security policies and compliance measures, and maintaining IT security architecture, policies, and standards.
This position allows for remote work with the occasional need to visit the system office or travel to various campuses and satellite locations across the state.
Responsibilities:
Oversees security operations, security engineering, and compliance of information systems and services across the enterprise; develops, delivers and manages IT Security standards, best practices and architecture information that supports IT Security operations, engineering, and compliance across the enterprise; conducts studies within and outside the organization to ensure compliance with standards and conformity with industry security norms; consults with members of TBR community regarding security best practices and compliance; maintains awareness of how IT security services and systems affect the organization's security posture and exposure; weighs business needs against security concerns and articulates any issues to constituents and senior leadership; holds responsibility for the troubleshooting and resolution of reported information security issues; recognize and respond to information security incidents; analyze network traffic for anomalous activity and investigate as appropriate; identify and understand potential threats and vulnerabilities and recommend mitigations; perform digital forensics as part of incident response and in response to other community needs; author and edit incident reports; perform periodic security-focused risk assessments and audits of systems and tools; develop, implement, and refine solutions for security monitoring, detection, and response on TBR community systems; perform high-level analysis of complex and disparate computing systems, networks and data architectures to identify, rectify and prevent technical and information security vulnerabilities; scanning for vulnerabilities, evaluating scope and exposure, working with system and service owners to patch, isolate, or otherwise mitigate critical vulnerabilities; developing exposure metrics, detecting trends, and assisting the team in developing controls or defensive measures; use forensic, incident response, and process expertise to respond to and investigate system, service, or network attacks and breaches; applies IT security concepts to execute complex security controls to prevent hackers from infiltrating campus information or jeopardizing web-based programs for the campus; researches, analyzes and addresses attempted efforts to compromise security protocols and measures; evaluates and tests systems and applications for security vulnerabilities; maintains, uses and/or operates complex security systems; administers, tests or reviews complex security configurations to control access to systems; applies IT security concepts to use applicable encryption methods; gathers, analyzes, and summarizes information and reporting to management regarding the negative impact on the campus caused by theft, destruction, alteration or denial of access of information; applies it security concepts to select appropriate response to serious security incidents
Maintains the Information Systems Security Program (ISP) for the TBR Central Office and works with TBR institutions on related security issues with regard to the ISSP;
promotes TBR information systems reliability and accessibility, while protecting and defending against unauthorized access to systems, networks, and data; lead the planning, design, development, integration, testing, documentation, training, implementation and maintenance of TBR IT security systems and products; provide leadership through strong working relationships and collaboration across the TBR community to develop strategic goals for information security compliance and risk mediation; coordinates the Incident Response function of the TBR IT Security Office; oversees ongoing activities related to the development, implementation, and improvement of the TBR information security program in compliance with applicable federal and state laws and regulations and the TBR's information security policies; focusing on: security risk assessments (TBR, schools, departments, and vendors); risk management (including risk prioritization and mitigation); education and awareness; advises TBR personnel on managing effective security practices; develops and maintains strong working relationships to collaborate and partner with key stakeholders (across the TBR community) and external solution providers to advocate for appropriate security practices; plan, design, enforce, and audit security policies and procedures which safeguard the integrity of and access to TBR community systems
Maintain the campus Cyber Incident Response Plan (CIRP) and foster security- and audit-related regular communications with campus Security Incident Response Teams (SIRT);
Ensure monitoring of security-related information sources for security alerts and assess security breaches/ events, oversee appropriate corrective actions, inform the campus community, andidentify needed changes based on new security technologies or threats; serve as the liaison with external agencies and organizations, including law enforcement, as needed for incident response and planning; oversee the development and implementation of training programs and communications to make systems, network, and data users aware of and understand security policies and procedures; assists in managing security incidents across the TBR community; acts as the primary control point during information security incidents; assists in communicating progress to the TBR community, as appropriate, in managing security incidents; interfaces with law enforcement agencies and other government agencies to address security lapses and respond to information security issues; works with the IT staff of TBR, community and technical colleges and departments to help them maintain a high level of technical competence and a professional approach to handling confidential matters while maintaining a customer-focused attitude; investigate security incidents; perform computer forensics studies and maintain incident tracking records. prepare status reports on security matters; develop security risk analyses; keep management informed of risks and critical issues that might affect clients or TBR community security objectives;
Develop security awareness training programs; penetration testing timelines; security standard
