Position Title: Lead Security Analyst (Reg FT)
Department: Information Technology Svcs
Campus: Office of College Services
Additional Information: This position will remain open until filled. However, in order to ensure consideration for an interview, please submit your completed application, cover letter and resume by no later than May 20, 2022. The College cannot guarantee that application materials received after this date will be considered or reviewed.
Benefits: CCAC offers an exceptional benefits package. Highlights include an excellent health plan with very low out-of-pocket expense network option, generous time off and holiday pay, a 403b retirement plan with up to 10% employer match or other options through the State’s retirement defined benefit pension system, free employee parking, public service (student) loan forgiveness eligible employer, and employer paid benefits including group life insurance, short-term and long-term disability insurance, and flexible spending accounts.
Salary Grade: Admin 17 - $70,849
Job Category: Administrators
Employment Type: Regular Full-Time
Job Slot: 5851
Job Open Date: 5/6/2022
Job Close Date:
General Summary: Serves as
process owner for the development and implementation of the college-wide
information security program and ongoing activities to preserve the
availability, integrity and confidentiality of college information resources in
compliance with applicable security policies and standards.
degree in Information Security or related field with 3 years work experience in
information security management and/or related functions (such as IT audit and
IT Risk Management) or bachelor’s degree in Information Security or related
field with at least six years of work experience in information security
management and/or related functions (such as IT audit and IT Risk Management). Hands-on
team leadership and management experience. Must be highly analytical and
effectively able to troubleshoot and prioritize needs, requirements and other
issues. Aside from technical skills, should have excellent communications,
teamwork, leadership and conflict management skills; Information security
management qualifications, such as CISSP or CISM preferred. Ethical hacker certification or willingness
to get certified.
position will be required to report to any CCAC location to provide the
- Lead development, documentation and maintenance of information security policies, procedures, and standards across Information Technology Services and the college at large.
- Provide leadership for ongoing protection, detection and response services for college information resources and digital assets as identified in the college’s information security program and strategic plan. Monitors and routinely audits compliance to all information security procedures and policies, and ensures consistency of internal controls across departments.
- Manage and maintain information security tools such as SIEM, endpoint protection, vulnerability management systems, intrusion detection system and prevention systems (IDS/IPS) and other information security tools and cloud based management consoles.
- Monitor changes in local, state, and federal regulations and accreditation standards affecting information security, and make recommendations to the Director of Technical Services and other college leaders on the need for policy changes.
- Liaison with and offer strategic direction throughout the organization as necessary, on information security matters such as routine security activities plus emerging security risks and control technologies.
- Review, maintain, update, and recommend using a cloud computing checklist of all (SaaS, IaaS, PaaS) and other third party hosted CCAC resources.
- Initiate, facilitate, and promote activities to create information security awareness throughout the college. Develop, implement and assess suitable information security awareness, training and educational activities.
- Lead the creation and maintenance of the information systems disaster recovery and business continuity plans; coordinate and conduct testing of these plans and the actual disaster recovery process.
- Independently perform risk assessments and work closely with the college internal auditor and other third party auditors to preempt, mitigate, and respond to any audit findings that require action. Coordinate the annual audit of information security. Make recommendations for improving security measures on-site and cloud.
- Monitor the internal control systems to ensure that appropriate access levels are maintained. Monitor, identify, and analyze security risks to determine their impact and relevance to the college’s assets. Conduct research, analyze data, reach conclusions, and make appropriate recommendations.
- Provide oversight for incident response for all college systems and information technology resources. Respond to security event escalations, and conduct detailed forensic analysis of potential incidents.
- Create and maintains all information system and software security certificate activities.
- Assist in system and software architecture and design to ensure that college assets are appropriately secure at all times.
- Lead and participate on projects that are related to Information Security at the college.
- Performs other duties as required or assigned.
Clearances: Current criminal record/child abuse clearances will be required if offered the position and in order to be employed at the College. The three clearances are Pennsylvania Child Abuse History Clearance, Pennsylvania State Police Criminal Records Check, and Federal Bureau of Investigations (FBI) Criminal Background Check. The College has provided instructions on how to obtain these clearances and are available here.
Vaccination: Effective November 1, 2021, as a condition of employment, all new employees of Community College of Allegheny County must be fully vaccinated against COVID-19 and provide proof of their vaccination or have received an approved exemption to be an employee. Prospective employees who are offered a position can request an exemption from this vaccine requirement for religious or documented medical reasons. Exemption requests will be reviewed for approval on a case-by-case basis by the Office of Human Resources.