Class specifications are intended to present a descriptive list of the range of duties performed by employees in the class. Specifications are not intended to reflect all duties performed within the job.

SUMMARY DESCRIPTION

Under the direction of District IT management staff, incumbents assigned to this classification ensure the secure operation of computer systems, servers, and network connections.

Information Security Analyst will assist in detecting, investigating, and defending against

information security incidents targeting the District-wide systems and data. This includes

checking server and firewall logs, scrutinizing network traffic, establishing and updating virus scans, and troubleshooting. The incumbent will also keep apprised of existing and emerging regulations applicable to the district and will ensure board policies, administrative regulations, and departmental procedures are appropriate for continual compliance.

DISTINGUISHING CHARACTERISTICS

Incumbents assigned to this class serve as the primary administrator and technical resource of the District-wide information security program.

REPRESENTATIVE DUTIES

The following duties are typical for this position. Incumbents may not perform all of the listed duties and/or may be required to perform additional or different duties from those set forth below to address business needs and changing business practices.

Serve as a core member of District IT security performing varying security duties including threat awareness, proactive network traffic analysis, incident response, forensic analysis, and resolution of security incidents.

Acts as Team Leader on information security project.

Act as a liaison to the District-wide user community; perform regular workshops and inservices on topics of information security.

Maintain, refine, and expand existing data security program.

Evaluate existing and emerging regulations and laws to ensure continual SOCCCD

compliance.

Integrate knowledge of network protocols, services, threats, vulnerabilities, mitigation

strategies, hardware capabilities, and other information to build a security environment that reduces and mitigates risk.

Evaluate a wide range of data to detect security incidents. Take timely action as appropriate:

block problem traffic, send alerts and/or investigate when suspicious activity is detected.

Develop new methods to detect and mitigate security attacks.

Communicate with internal and external security personnel and technical staff about

incidents.

Develop and implement enforcement policies, procedures and associated plans for system security administration and user system access based on industry-standard best practices.

Promote a strong security culture throughout SOCCCD, consulting with management and staff.

Conduct assessments of information systems security requirements, evaluate current

security posture and recommend priorities for remediation.

Perform other duties as assigned.

QUALIFICATIONS

The following generally describes the knowledge and ability required to enter the job and/or be learned within a short period of time in order to successfully perform the assigned duties.

Knowledge of:

Data encryption techniques including but not limited to PKI.

Experience in incident response procedures and computer forensics.

Experience with SSAE 16 audits, GLBA, PCI-DSS, FERPA, HIPPA compliance.

Role-base access applied to various services and technologies.

Security best practices of Servers, LAN and WAN networks, virtualization and Cloud.

Software development security best practices including but not limited to OWASP.

Ability to:

Communicate clearly both orally and in writing about information security concepts to

users with varying degrees of technical ability.

Establish and maintain cooperative and effective working relationships with those

contacted in the course of work.

Evaluate and recommend industry security standards and emerging security

technologies.

Maintain confidentiality in sensitive information security matters.

Manage the technical aspects of and information security incident response.

Report to work on a regular and consistent basis, as scheduled, to assigned job.

Research and evaluate information security laws and regulations including but not

limited to GLBA, PCI-DSS, HIPAA, FERPA and how they impact the District.

Work independently with minimum of direct supervision.

Work with and exhibit sensitivity to and understanding of the varied racial, ethnic,

cultural, sexual orientation, academic, socio-economic, and disabled populations

of community college students.

Work with Campus technology staff on district-wide security issues.

EDUCATION AND EXPERIENCE GUIDELINES

Any combination of education and experience that would likely provide the required knowledge and abilities is qualifying. A typical way to obtain the knowledge and abilities would be:

Education/Training:

Equivalent to a Bachelor’s degree from an accredited college or university with major

course work in a technical field such as computer science. CISSP highly desirable and

preferred, but not required.

Experience:

Three years of increasingly responsible technical work experience in technology service

operations with demonstrated information security responsibilities.

WORK ENVIRONMENT AND PHYSICAL DEMANDS

The conditions herein are representative of those that must be met by an employee to

successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential job functions.

Work Environment:

Work is performed primarily in a standard office setting. Duties are typically performed at a desk or computer terminal; subject to noise from office equipment operation; frequent interruptions and contact in person and on the telephone with academic and classified staff and others. At least minimal environmental controls are in place to assure health and comfort.

Physical Demands:

Primary functions require sufficient physical ability and mobility to work in an office

setting; to stand or sit for prolonged periods of time; to occasionally stoop, bend, kneel,

crouch, reach, and twist; to lift, carry, push, and/or pull light to moderate amounts of

weight; to operate office equipment requiring repetitive hand movement and fine

coordination including use of a computer keyboard; and to verbally communicate to

exchange information.

Vision: See in the normal visual range with or without correction.

Hearing: Hear in the normal audio range (with or without correction).