IS Security Administrator
PA College Of Health Sciences
9860 Information Technology
Information Services Administration
Under supervision of the department Chief Information Officer, this position will have responsibility and authority regarding all matters of information security. This is to include responsibility for protecting college computing assets and data and is accomplished with technical controls, policies, procedures and training/awareness. The Information Security Administrator designs, develops, and documents risk assessments, policies, procedures and processes; identifies opportunities for process and/or system improvements by partnering with end users, vendors, and system/application administrators; provides IT Security related data, analysis, metrics, and reports; develops strong partnerships with assigned functional area(s) to fully understand their processes and ensure that security and regulatory compliance is met. The Information Security Administrator provides technical security architectural design guidance as well as general guidance and recommendations for other projects. The Information Security Administrator must possess a foundational understanding of security best practice concepts across operating systems, networking, onsite or hosted/SaaS applications and experience with security applications.
Essential Duties and Responsibilities: (ability to perform with or without reasonable accommodations)
- Promotes and contributes to the enhancement of PA College’s high performing learner-centered environment
- Designs, implements and monitors vulnerability management system and process. This includes periodic vulnerability assessments, scanning, and remediation.
- Works with IT team to prioritize, remediate and resolve vulnerabilities as identified.
- Develop, improve, and document security related configurations, processes, and policies including identity management, payment card industry (PCI) security, training and awareness, and other processes as identified.
- Actively assesses risks and assists in risk mitigation.
- Works with others within IT to improve security and general functionality of current systems.
- Provides expert security review and risk assessment on all new projects and applications prior to selection and implementation.
- Assists in the development and compliance of a Security Framework.
- Provides technical leadership and support for incident response.
- Monitors and advises team on emerging vulnerabilities, hacking trends.
- Monitors infrastructure, systems and applications for alerts, abnormal behavior or signs of a suspected data breach.
- Monitors connectivity of external devices to protect the integrity of the network and infrastructure.
- Works closely with Legal, and Compliance to insure that legal and regulatory requirements are met.
- Ensures that all systems, applications, databases and data flows containing confidential information are accounted for, documented, and encrypted.
- Leads end user information security awareness and training programs.
Secondary Duties and Responsibilities:
- Assists with the development of the IT business continuity, disaster recovery, data retention plans.
- Works with external vendor(s) to coordinate vulnerability and penetration testing of our internal and external facing environments.
- Keeps up to date on regulatory compliance such as HIPAA, FERPA, and PCI.
Specific Education, Certifications, and Licensure:
- Bachelor’s degree in Computer Science, Business Administration or Engineering; or approved equivalent combination of education and experience.
To perform this job successfully…..
- Two (2) years’ experience in information security, auditing, risk assessment performance and review.
- Two (2) years’ experience of providing process improvement and direction to users of computer applications.
- Two (2) years’ experience in developing processes and policies.
- Two (2) years’ experience in training users and writing of IT documentation.
- Two (2) years’ experience working with diverse teams and stakeholders.
- Two (2) years’ experience in network/server administration
- At least one industry recognized security certification or progress towards a certification such as Security +, GCWN, ECSS, CEH
PENN MEDICINE LANCASTER GENERAL HEALTH is an Equal Opportunity Employer, committed to hiring a diverse workforce. All openings will be filled based on qualifications without regard to race, color, sex, sexual orientation, gender identity, national origin, marital status, veteran status, disability, age, religion or any other classification protected by law.
Search Firm Representatives please read carefully: PENN MEDICINE LANCASTER GENERAL HEALTH is not seeking assistance or accepting unsolicited resumes from search firms for this employment opportunity. Regardless of past practice, all resumes submitted by search firms to any employee at PENN MEDICINE LANCASTER GENERAL HEALTH via-email, the Internet or directly to hiring managers at Penn Medicine Lancaster General Health in any form without a valid written search agreement in place for that position will be deemed the sole property of PENN MEDICINE LANCASTER GENERAL HEALTH, and no fee will be paid in the event the candidate is hired by PENN MEDICINE LANCASTER GENERAL HEALTH as a result of the referral or through other means.
Posted on 08/26/2022