Information Security Officer

Located in the Blue Ridge Mountains in Western North Carolina, UNC Asheville is the designated public liberal arts campus in the University of North Carolina system. UNC Asheville is nationally known for the quality of our student-centered teaching, mentoring of undergraduates in research, interdisciplinary learning, and striving to be an inclusive campus community.
UNC Asheville is committed to promoting diversity and a work environment that encourages knowledge of, respect for, and the ability to engage with those of other cultures or backgrounds. Staff members are encouraged to take an active role to engage in the institution’s efforts in promoting diversity and inclusion throughout the workplace. The successful candidate is expected to foster an inclusive work culture where uniqueness of beliefs, backgrounds, talents, capabilities and ways of living are respected and welcomed. Women, traditionally under-represented minorities, and people with disabilities are encouraged to apply.

EHRA Staff

Information Security Officer

005068

$92,000 - $98,506

Typical office hours are Monday-Friday from 8:00am-5:00pm, additional hours on evenings and weekends as needed to meet the needs of the department and university.

Full-Time

12 Months

The Information Security Officer (ISO) plays an integral part in the development, implementation, and compliance of technical security across UNC Asheville. The ISO is responsible for managing security risks related to Information Security, business continuity planning, incident management, privacy, and compliance. In addition, the ISO ensures all employees are trained on enterprise and governmental security requirements through awareness programs.
In conjunction and in collaboration with other ITS systems and applications administrators, this position will assist in conducting network and information systems audits meant to identify, harden, and mitigate potential and actual security threats in the form of scanning, monitoring, and testing the UNC Asheville network and systems for vulnerabilities. This position shall assist ITS management in ensuring the compliance of University systems to federal, state and local laws, rules and ordinances; will develop controls to enforce IT security policies and compliance; will advise on the development, documentation and maintenance of disaster recovery plans; review risk assessments and support cyber incident response plans.
The ISO along with the Security Analyst will be responsible for the configuration, deployment, optimization, and management of IT security related tools. The ISO will work with various departments on alert escalation and resolution and provide risk analysis metrics to leadership based on the output of these tools. The ISO will also be responsible for assessing potential threats, such as malware or phishing alerts, and determining the validity of the alert and determining the best course of action to protect UNCA assets.
The ISO should have knowledge of and implementation experience with security tools including but not limited to vulnerability scanning, prevention, penetration testing, firewall administration, etc. that are utilized to protect, prevent, and remediate IT security threats.

Exempt

Bachelor’s degree in Computer Science, Computer Engineering or an Information Security degree or closely related field from an appropriately accredited institution; or Bachelor’s degree from an appropriately accredited institution and three years of progressive experience in IT Security or closely related area.

• Master’s degree in Computer Science, Computer Engineering, or Information Security
• Professional experience in running the Information Security office analyzing and applying Information Security, risk management, and privacy practices
• Strong decision-making capabilities, with a proven ability to weigh relative costs/benefits of potential actions and identify most appropriate options
• Experience working in a higher education environment
• Consulting and general industry experience
• An understanding of business needs and commitment to delivering high-quality, prompt, and efficient service to the University community

• A proven ability to analyze user department needs, make proactive recommendations to improve existing processes and identify where technology changes may reduce security risks
• Knowledge and experience with the Banner ERP system, Windows, Linux, Oracle, Microsoft SQL Server, Cisco Networking and Firewalls, and web technologies are preferred
• Knowledge of national and international regulatory compliances and frameworks such as ISO, SOX, GDPR, CCPA, HIPAA, and/or PCI D is preferred
• An ability to communicate complex and technical issues to diverse audiences, orally and in writing, in an easily understood, authoritative, and actionable manner
• Ability to respond to high pressure dynamic environments
• Ability to work as a team member and exhibit the ability to advance technical skills
• Experience within Azure and Google environments are a plus.

Applications will be accepted until the position is filled. Please note that any documents submitted to Human Resources or the hiring departments become property of UNC Asheville and will not be returned.
Official verification from each college/university you have attended are required upon employment, and will be requested directly from the college/university by Human Resources or from the National Student Clearinghouse. Any expense will be the responsibility of the employee. Educational degrees must be from an appropriately accredited institution.
If no applicants apply who meet the required competency and training and experience requirements, management may consider other applicants. Salary would be determined based on competencies, equity, budget, and market considerations.
It is the policy of UNC Asheville to conduct pre-employment background investigations on all candidates selected for employment. If hired, the candidate will be required to submit proof of eligibility to work in the United States. New employees are paid only by direct deposit to the financial institution of their choice.

E0380

09/18/2023

Yes