This is a professional position which is responsible for protecting the confidentiality, integrity, and availability of the university’s information assets. Works to ensure the continuing operation of university information systems and coordinates their timely recovery during uncertain conditions or events.
Meets strategic information security objectives through the development of security policies, procedures, plans, training, and compliance initiatives. Coordinates risk assessments, user awareness training, incident management, and business continuity and disaster recovery exercises. Oversees physical and logical access control, encryption, logging, data retention, intrusion detection, and intrusion prevention.
Southern Polytechnic State University, a member of the University System of Georgia, is a residential university with over 6,200 students pursuing bachelors and masters degrees in many of the nation’s fastest growing technology fields. The university, located one mile west of 1-75’s Exit 263, is just 20 minutes northwest of downtown Atlanta. Southern Polytechnic is an EOE / ADA /AA Employer.
1. Leads in the development, implementation, and review of a cost-effective campus information security program.
2. Leads the development, implementation, and review of an information assurance program including: classification of information assets; performing risk assessments; developing a risk management plan; and evaluating the effectiveness of the plan.
3. Develops and tests IT disaster recovery and IT business continuity plans.
4. Actively mitigates risks by assisting in the development, dissemination, and auditing of: policies, procedures, best practices, and user awareness training.
5. Researches, implements, and manages technological solutions such as: transport data encryption, endpoint data encryption, lost device tracking, remote data wipes, anti-malware software, firewalls, vulnerability scanning, IDS and IPS .
6. Coordinates a computer incident response team.
7. Develops an information security incident response plan and enacts an appropriate incident response program.
8. Forensically analyzes threats, vulnerabilities, and information security incidents.
9. Works with campus resources to protect the university’s reputation and assets by staying at the forefront of information security legislation, regulations, standards, and best practices affecting the institution and its constituents, such as: PCI compliance, Red Flag rules, FERPA , and HIPAA .
10. Investigates and responds to reports of computer related abuse, including infringement of intellectual property.
11. Performs internal information security audits to ensure compliance with local and USG policies, along with state and federal law. Works with campus resources to implement resulting corrective actions.
12. Acts as a liaison between campus resources and law enforcement authorities in computer security related matters.
13. Performs access audits to ensure that systems and data are only accessible to appropriate personnel that require such access to perform their job functions.
14. Performs related duties as assigned.
Desirable Knowledge Skills and Abilities
1. Security audit experience.
2. Risk assessment experience.
3. Enterprise application and database security.
4. Enterprise network security.
5. E-commerce security.
6. Physical security and access control.
7. Linux and Windows security experience.
8. Data encryption and PKI experience.
A BA/BS with a technical focus, such as computer science or engineering, from a college or university accredited by a reputable accrediting body recognized by the U.S. Department of Education or the Council for Higher Education Accreditation. A minimum of three years of experience working in the Information Security field. One or more of the following Information Security certifications: CISSP , CISA , CISM , HISP , SSCP , Encase Certified Examiner, SANS GIAC , Certified Ethical Hacker.
Required Knowledge, Abilities, and Skills
• Policy development experience
• Strong project management skills
• Excellent written and verbal communication skills, specifically in the areas of: training, awareness, policies, presentations, negotiations, and documentation
• Strong TCP /IP networking skills
• Advanced packet analysis experience
• Security forensics experience
• Linux and Windows systems administration experience
• Hands-on experience conducting in-depth analysis of exploits and attack signatures
• Hands-on experience with IDS / IPS and firewalls
Special Instructions for Applicants
In addition to the required documents which must be uploaded, please note the following additional information:
-A minimum of three professional references (name, phone number and address information)
According to University President Lisa Rossbacher, "Southern Polytechnic is a special-purpose institution in the University System of...