Docsity
Docsity

Prepare for your exams
Prepare for your exams

Study with the several resources on Docsity


Earn points to download
Earn points to download

Earn points by helping other students or get them with a premium plan


Guidelines and tips
Guidelines and tips

Information Security Lead, Exercises of Computer Networks

The Information Security Lead is primarily responsible for planning, designing, and executing security solutions, benchmarking technology strategies, ...

Typology: Exercises

2022/2023

Uploaded on 05/11/2023

ekaatma
ekaatma 🇺🇸

4.2

(34)

268 documents

1 / 4

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
UNIVERSITY OF SOUTHERN CALIFORNIA
Information Security Lead
Job Code: 166031
OT Eligible:
Comp Approval:
The Information Security Lead is primarily responsible for planning, designing, and executing
security solutions, benchmarking technology strategies, and providing input for the selection and
implementation of technology solutions. The role is also accountable for identifying security
deficiencies and recommending corrective actions of identified vulnerabilities. Responsibilities
include the creation and publication of internal controls, ensuring the development and
maintenance of adequate compliance resources and training opportunities, and fostering a risk
and compliance-focused culture within the division. This position works with IT internal support
teams as well as external clients within the university to provide the highest standards of support
relative to information security governance and risk management practices. Other responsibilities
include providing guidance on security solutions, preparing benchmarking reports and
presentations, monitoring security metrics to evaluate efficacy of security programs, and
supporting security incident response activities.
JOB SUMMARY:
JOB ACCOUNTABILITIES:
% TIME
No
2/9/2018
______
Leads planning, design and execution of appropriate technology security solutions.
Examines technology vision, opportunities and challenges with regard to
information security standards and their impact on technology, and reacts
accordingly in alignment and support of the execution of the USC Information
Security Program vision and strategy. Participates in developing security strategy,
architecture and tools in accordance with university standards, policies, procedures
and other formal guidance, ensuring security technology standards and best
practices are maintained across the university.
______
______
Provides assistance in benchmarking technology strategies and architectures.
Monitors and anticipates trends and investigates organizational objectives and
needs. Provides guidance on security solutions and prepares benchmarking
reports and presentations.
______
______
Interfaces with peers and senior leadership and communicates relative information
at all levels. Provides Cybersecurity guidance to less-experienced Information
Security team members and other technologists across the university. Meets with
project teams and other system architects to develop system designs and project
plans that include the appropriate security controls and meet security standards.
______
______
Leads and contributes to the assessment of multiple project risks and complexities.
Participates in project handoffs including document preparation, training and
education, and support to ensure smooth transitions. Assists in the selection and
design of tools that allow reuse of design components and plans between similar
projects.
______
pf3
pf4

Partial preview of the text

Download Information Security Lead and more Exercises Computer Networks in PDF only on Docsity!

UNIVERSITY OF SOUTHERN CALIFORNIA

Information Security Lead

Job Code: 166031

OT Eligible: Comp Approval: The Information Security Lead is primarily responsible for planning, designing, and executing security solutions, benchmarking technology strategies, and providing input for the selection and implementation of technology solutions. The role is also accountable for identifying security deficiencies and recommending corrective actions of identified vulnerabilities. Responsibilities include the creation and publication of internal controls, ensuring the development and maintenance of adequate compliance resources and training opportunities, and fostering a risk and compliance-focused culture within the division. This position works with IT internal support teams as well as external clients within the university to provide the highest standards of support relative to information security governance and risk management practices. Other responsibilities include providing guidance on security solutions, preparing benchmarking reports and presentations, monitoring security metrics to evaluate efficacy of security programs, and supporting security incident response activities.

JOB SUMMARY:

JOB ACCOUNTABILITIES:

*E/M/NA % TIME

No 2/9/ ______ Leads planning, design and execution of appropriate technology security solutions. Examines technology vision, opportunities and challenges with regard to information security standards and their impact on technology, and reacts accordingly in alignment and support of the execution of the USC Information Security Program vision and strategy. Participates in developing security strategy, architecture and tools in accordance with university standards, policies, procedures and other formal guidance, ensuring security technology standards and best practices are maintained across the university.

______

______ Provides assistance in benchmarking technology strategies and architectures. Monitors and anticipates trends and investigates organizational objectives and needs. Provides guidance on security solutions and prepares benchmarking reports and presentations.

______

______ Interfaces with peers and senior leadership and communicates relative information at all levels. Provides Cybersecurity guidance to less-experienced Information Security team members and other technologists across the university. Meets with project teams and other system architects to develop system designs and project plans that include the appropriate security controls and meet security standards.

______

______ Leads and contributes to the assessment of multiple project risks and complexities. Participates in project handoffs including document preparation, training and education, and support to ensure smooth transitions. Assists in the selection and design of tools that allow reuse of design components and plans between similar projects.

______

______ Directs the research, evaluation, proof-of-concept, selection and implementation of technology solutions. Provides detailed pros-and-cons, build-vs-buy analyses of options. Facilitates flexible and scalable solutions. Ensures that the technical design considers security controls, performance, confidentiality, integrity, availability, access and total cost. Assists with working solutions or prototypes and resolves any issues that arise.

______

______ Conducts highly technical/analytical security assessments of custom web applications, mid-tier application services and backend mainframe applications, including manual penetration testing, source code and configuration review using a risk-based intelligence-led methodology. Identifies potential misuse scenarios, and advises on secure development practices.

______

______ Promotes implementation of new technology, solutions and methods to improve business processes, efficiency, effectiveness and security. Configures operational, architectural and design documentation including procedures, task lists, and roadmaps.

______

______ Helps mature information security risk management processes, programs and strategies. Aligns information security activities with regulatory requirements and internal risk management policies. Identifies security gaps and deficiencies by conducting risk assessments and recommends corrective action of identified vulnerabilities and weaknesses. Leads the planning, testing, tracking, remediation, and acceptance level for identified security risks, and the creation and publication of internal controls. Ensures requisite compliance monitoring is in place to identify control weaknesses, compliance breaches and operational loss events. Ensures adequate compliance resources and training, fostering a risk and compliance focused culture and optimizing relations with team members and regulators.

______

______ (^) Conducts enterprise due-diligence activities, including security monitoring and security metrics, to evaluate effectiveness of the enterprise security program and established controls.

______

______ Guides security incident response activities and post-event reviews of security incidents. Ensures the clear and professional documentation of root cause and risk analysis of all findings. Reviews action plans for issue resolution. Conducts investigation and reports contribution of security threats and incidents.

______

______ Participates in security testing projects according to a structured process, including writing test plans, test cases and test reports. Conducts basic proof-of-concept exploits of vulnerabilities.

______

______ (^) Maintains awareness and knowledge of current changes within legal, regulatory, and technology environments which may affect operations. Ensures senior management and staff are informed of any changes and updates in a timely manner. Establishes and maintains appropriate network of professional contacts. Maintains membership in appropriate professional organizations and publications. Attends meetings, seminars and conferences and maintains continuity of any required or desirable certifications, if applicable.

E_

*Select E (ESSENTIAL), M (MARGINAL) or NA (NON-APPLICABLE) to denote importance of each job function to position. Performs other related duties as assigned or requested. The university reserves the right to add or change duties at any time. EMERGENCY RESPONSE/RECOVERY: Essential: No

SIGNATURES:

Employee: _____________________________________ Date:_____________________________ Supervisor: ____________________________________ Date:_____________________________ The above statements are intended to describe the general nature and level of work being performed. They are not intended to be construed as an exhaustive list of all responsibilities, duties and skills required of personnel so classified. The University of Southern California is an Equal Opportunity Employer Supervises: Level: May oversee student, temporary and/or resource workers. Supervises: Nature of Work: Administrative Professional/Paraprofessional Database and application security Network communications technologies Network security access, management and testing Network systems/data backup, storage and recovery Server security policies and procedures, access management