* Reporting to the Director of Information Security, this position acts as the senior technical analyst and supervisor of the Information Security team. Responsibilities include management of IS personnel and projects under the guidance of the IS Director. This position performs all procedures necessary to ensure the safety of information systems assets and to protect systems from intentional or inadvertent access or destruction; Provides guidance and direction for the protection of information systems assets to other functional units; Provides consultation and training on technical security topics to campus Information Technology Professionals; Promotes awareness of information security best practices to campus; Assigns work to subordinates, monitors performance, and conducts performance appraisals; Interviews and makes recommendations for additional staff; Reviews, recommends, and drafts policies, procedures, standards in accordance with overall NAU/ITS policy, and Information Security best practices.
* Typical Duties and Responsibilities:
* The following are examples of typical duties. Other duties may be assigned.
* Performs auditing, documentation, reporting, and review of threats and vulnerabilities, to include executing remote and on-site vulnerability scans of data networks and computing devices using commercial or open source vulnerability scanning tools.
* Works with system and network administrators to correct security related vulnerabilities and events when detected.
* Provides incident response and remediation support; as a permanent member of the Computer Security Incident Response Team.
* Provides technical advice, problem-solving assistance, and answers to questions regarding security program standards and procedures.
* Participates in the network system architecture, design, and capacity planning for new products and technologies associated with information security.
* Assists the Director of Information Security in implementing and monitoring the Security Program's goals.
* Develops objectives and activities based on the Security Program's goals.
* Supervises and mentors other IT Security staff.
* Works with vendors and University/Tri-University staff for purchase and maintenance renewal of existing IT Security tools.
* Participates on Information Security Sub-Committees as required.
* Acts as technical liaison with the community, students, faculty, and staff in facilitating university information security programs.
* Benchmarks with other institutions and researches security policies, standards, and procedures.
* Develops, maintains, and implements information security policies, standards, and procedures administrative and academic systems and networks.
* Works with central IT training group to develop and deliver technical security training for campus IT Professionals.
* Bachelor Degree in computer science, information systems or a technical, scientific or engineering discipline.
* 4+ years recent hands-on computer/network security work experience in a multiple vendor, multiple customer and multi-protocol environment, preferably working with Windows and Unix.
* Equivalent combination of related education and experience totaling approximately eight years.
* Relevant professional certification such as CISSP, GIAC/SANS.
* PeopleSoft security experience.
* Prior work experience in Higher Education.
* Training, detailed knowledge, and proficiency in the application of security principles and practices.
* Experience identifying and solving information security related problems.
* Experience administering network security technologies including firewalls, router ACLs, authentication mechanisms, IPSEC, VPN, server hardening, PKI technologies and IDS/IPS systems.
* Experience with security incident response, especially forensic experience is a plus.
* Experience with vulnerability assessment of networks, operating systems and applications.
* Experience installing, configuring and using open source and/or commercial security tools.
Knowledge Skills and Abilities
* Knowledge of UNIX, Linux, Windows XP Professional, Windows 2003 Server, and Oracle database security issues.
* Knowledge of computer networking configurations and associated protocol suites and troubleshooting techniques.
* An established record for working cooperatively and communicating effectively with management, colleagues, and end-users.
* Knowledge of industry trends and available security hardware and software.
* Knowledge and applied skills and abilities in security risk and vulnerability testing of networks, operating systems, and applications.
* Skill in both verbal and written communication.
* Excellent organizational and training skills.
* Ability to work with people from a variety of culturally diverse backgrounds.
This position has been identified as a safety/security sensitive position. Therefore, per AZ Revised Statute, Northern Arizona University requires satisfactory results for the following: a criminal background investigation, employment history investigation, degree verification (in some cases) and fingerprinting.
Additionally, as an employer in the state of Arizona, NAU is required to participate in the federal E-Verify program that assists employers with verifying new employees' right to work in the United States.
This is a Service Professional (SPF) position. NAU offers an excellent benefit package including generous health, dental and vision insurance; participation in the Arizona State Retirement System or the Optional Retirement Program; 22 days of vacation and 10 holidays per year; and tuition reduction for employees and qualified family members. More information on benefits at NAU is available at www.nau.edu/hr .
Service Professionals are hired on a contract basis, renewable each fiscal year according to terms of the Conditions of Professional Service, which may be found on the Internet at: https://azregents.asu.edu/rrc/Policy%20Manual/6-301-Conditions%20of%20Professional%20Service.pdf.
Employees offered a position on or after July 20, 2011, will be eligible for state health plans (including NAU's BCBS Plan) after 90 days of employment. If you accept an offer on or after July 20, 2011, and you choose the ASRS retirement option, you will begin participating in the Arizona State Retirement System, and the long-term disability coverage that accompanies it, on the first of the pay period following 27 weeks (6 months) after your start date. New employees who choose to participate in the Optional Retirement Plan (ORP), which is an alternative to the ASRS plan for faculty and other appointed staff, will begin to participate on the first day of employment. Additionally, the long-term disability plan that accompanies the ORP will begin on the first day of the pay period following 90 days after start date. More information is available at: http://hr.nau.edu/node/10159.
Open until further notice.