Download Information Security Lead and more Exercises Computer Networks in PDF only on Docsity!
UNIVERSITY OF SOUTHERN CALIFORNIA
Information Security Lead
Job Code: 166031
OT Eligible: Comp Approval: The Information Security Lead is primarily responsible for planning, designing, and executing security solutions, benchmarking technology strategies, and providing input for the selection and implementation of technology solutions. The role is also accountable for identifying security deficiencies and recommending corrective actions of identified vulnerabilities. Responsibilities include the creation and publication of internal controls, ensuring the development and maintenance of adequate compliance resources and training opportunities, and fostering a risk and compliance-focused culture within the division. This position works with IT internal support teams as well as external clients within the university to provide the highest standards of support relative to information security governance and risk management practices. Other responsibilities include providing guidance on security solutions, preparing benchmarking reports and presentations, monitoring security metrics to evaluate efficacy of security programs, and supporting security incident response activities.
JOB SUMMARY:
JOB ACCOUNTABILITIES:
*E/M/NA % TIME
No 2/9/ ______ Leads planning, design and execution of appropriate technology security solutions. Examines technology vision, opportunities and challenges with regard to information security standards and their impact on technology, and reacts accordingly in alignment and support of the execution of the USC Information Security Program vision and strategy. Participates in developing security strategy, architecture and tools in accordance with university standards, policies, procedures and other formal guidance, ensuring security technology standards and best practices are maintained across the university.
______
______ Provides assistance in benchmarking technology strategies and architectures. Monitors and anticipates trends and investigates organizational objectives and needs. Provides guidance on security solutions and prepares benchmarking reports and presentations.
______
______ Interfaces with peers and senior leadership and communicates relative information at all levels. Provides Cybersecurity guidance to less-experienced Information Security team members and other technologists across the university. Meets with project teams and other system architects to develop system designs and project plans that include the appropriate security controls and meet security standards.
______
______ Leads and contributes to the assessment of multiple project risks and complexities. Participates in project handoffs including document preparation, training and education, and support to ensure smooth transitions. Assists in the selection and design of tools that allow reuse of design components and plans between similar projects.
______
______ Directs the research, evaluation, proof-of-concept, selection and implementation of technology solutions. Provides detailed pros-and-cons, build-vs-buy analyses of options. Facilitates flexible and scalable solutions. Ensures that the technical design considers security controls, performance, confidentiality, integrity, availability, access and total cost. Assists with working solutions or prototypes and resolves any issues that arise.
______
______ Conducts highly technical/analytical security assessments of custom web applications, mid-tier application services and backend mainframe applications, including manual penetration testing, source code and configuration review using a risk-based intelligence-led methodology. Identifies potential misuse scenarios, and advises on secure development practices.
______
______ Promotes implementation of new technology, solutions and methods to improve business processes, efficiency, effectiveness and security. Configures operational, architectural and design documentation including procedures, task lists, and roadmaps.
______
______ Helps mature information security risk management processes, programs and strategies. Aligns information security activities with regulatory requirements and internal risk management policies. Identifies security gaps and deficiencies by conducting risk assessments and recommends corrective action of identified vulnerabilities and weaknesses. Leads the planning, testing, tracking, remediation, and acceptance level for identified security risks, and the creation and publication of internal controls. Ensures requisite compliance monitoring is in place to identify control weaknesses, compliance breaches and operational loss events. Ensures adequate compliance resources and training, fostering a risk and compliance focused culture and optimizing relations with team members and regulators.
______
______ (^) Conducts enterprise due-diligence activities, including security monitoring and security metrics, to evaluate effectiveness of the enterprise security program and established controls.
______
______ Guides security incident response activities and post-event reviews of security incidents. Ensures the clear and professional documentation of root cause and risk analysis of all findings. Reviews action plans for issue resolution. Conducts investigation and reports contribution of security threats and incidents.
______
______ Participates in security testing projects according to a structured process, including writing test plans, test cases and test reports. Conducts basic proof-of-concept exploits of vulnerabilities.
______
______ (^) Maintains awareness and knowledge of current changes within legal, regulatory, and technology environments which may affect operations. Ensures senior management and staff are informed of any changes and updates in a timely manner. Establishes and maintains appropriate network of professional contacts. Maintains membership in appropriate professional organizations and publications. Attends meetings, seminars and conferences and maintains continuity of any required or desirable certifications, if applicable.
E_
*Select E (ESSENTIAL), M (MARGINAL) or NA (NON-APPLICABLE) to denote importance of each job function to position. Performs other related duties as assigned or requested. The university reserves the right to add or change duties at any time. EMERGENCY RESPONSE/RECOVERY: Essential: No
SIGNATURES:
Employee: _____________________________________ Date:_____________________________ Supervisor: ____________________________________ Date:_____________________________ The above statements are intended to describe the general nature and level of work being performed. They are not intended to be construed as an exhaustive list of all responsibilities, duties and skills required of personnel so classified. The University of Southern California is an Equal Opportunity Employer Supervises: Level: May oversee student, temporary and/or resource workers. Supervises: Nature of Work: Administrative Professional/Paraprofessional Database and application security Network communications technologies Network security access, management and testing Network systems/data backup, storage and recovery Server security policies and procedures, access management
