Senior Security Specialist ICT and IT Security

The Senior Security Specialist, part of the Information Security team in the IT Department, is responsible for supporting the team in protecting computer assets by establishing and enforcing system access controls, providing security incident response, conducting security awareness activities, and maintaining disaster preparedness.

This position will significantly enhance the InfoSec team’s ability to proactively address evolving security threats and protect the organization’s ICT infrastructure and information assets. With the addition of this role, the team will have the capacity to strengthen security operations, improve monitoring capabilities, and effectively implement security measures for both ongoing and upcoming projects, including those involving cloud technologies and new services.

This role will enable the team to deliver projects on time, enhance current security controls, and respond swiftly to incidents, minimizing potential risks to the organization. It will also alleviate the workload on existing team members, fostering a more balanced and collaborative work environment.

Job Responsibilities

• Support the Information Security Manager and the Information Security team with daily tasks, including but not limited to incident response, investigations, project management, assurance tasks, and reporting responsibilities.
• Ensure authorized access by investigating improper access attempts and reporting violations.
• Create concise and comprehensive reports on security violations, including recommendations for addressing identified control weaknesses.
• Conduct system and process audits methodically to verify compliance with adopted processes, policies, and standards.
• Advocate for security awareness, stay up-to-date with cybersecurity trends, and incorporate best practices into daily work.
• Protect systems by defining access privileges, control structures, and resources.
• Assist in the development and implementation of AUS’ IT Disaster Recovery/Business Continuity plan, and maintain disaster recovery documentation, policies, and protocols.
• Implement security improvements by assessing the current situation, evaluating trends, and anticipating future requirements.
• Provide thought leadership within the Information Security and IT teams to help implement or enhance existing information security controls.
• Maintain technical knowledge by attending educational workshops and reviewing relevant publications.
• Ensure industry-standard practices are followed across various IT areas, such as network security, server security, application security, end device security, and forensic investigations.
• Create, maintain, and enforce the university’s security documents (policies, standards, guidelines, and procedures).
• Stay updated on IT security industry trends, including new or revised security solutions, improved security processes, and the development of new attacks and threat vectors.
• Select and acquire additional security solutions or enhancements to existing solutions to improve overall enterprise security, in line with the university’s procurement processes.
• Oversee the deployment, integration, and initial configuration of new security solutions and enhancements to existing solutions, following best practices.
• Ensure the confidentiality, integrity, and availability of data residing on or transmitted to/from/through workstations, servers, and other systems, as well as in databases and other data repositories.
• Engage in ongoing communication with peers in the Systems and Networking groups, as well as with various business groups, to ensure enterprise-wide understanding of security goals, solicit feedback, and foster cooperation.
  
  

• Maintain and encourage open and honest business relationships within the team and across AUS.
• Lead change as AUS continues to adapt to new and exciting ways of delivering ICT services.
• Build and foster strong working relationships with internal business partners across the organization.
• Communicate respectfully and in a manner that is clear and well-understood.
• Prioritize health and safety for yourself and others.
• Manage a diverse range of tasks while working under tight deadlines.
• Balance the demands of multiple stakeholders, sometimes with conflicting interests.
  
  

• Bachelor’s degree in related field: Computer Science, Information Technology, Systems Security.
• Minimum of 6 years of experience in an Information Security role within the last 12 years.
• Knowledge of the Information Technology Infrastructure Library (ITIL), with a focus on security administration and IT governance in a multiplatform environment (ITIL certification preferred).
• Experience in establishing cybersecurity and risk metrics for reporting purposes.
• Strong emotional intelligence with demonstrated leadership skills, including the ability to engage with multiple stakeholders in a higher education organization.
• Demonstrated management skills, including budget development and administration, policy development and implementation, personnel administration, and staff training and development.
• Proven ability to work with diverse individuals, with effective oral and written communication skills.
• Ability to apply knowledge and experience to achieve enterprise strategy, mitigate external risks, improve internal processes, and deliver business outcomes.
• Strategic Thinking: Ability to balance multiple goals and deadlines while keeping the big picture in mind.
• Facilitation, Negotiation, and Problem Resolution Skills: Ability to build strong networks and relationships at the executive level with technology and solutions teams, customers, and vendor groups.
• Resilience and resourcefulness.
• At least one of the following certifications: Certified Information Security Manager (CISM), GIAC Security Essentials (GSEC), or Certified Information Systems Security Professional (CISSP).
• Four or more of the following certifications:
• (ISC)² SSCP, CCSP, or CCFP
• ISACA Certified Information Security Manager or Auditor
• GIAC Security Management and Leadership or Technical Security Certifications
• EC-Council CEH or EDRP
• Cisco CCNA or CCNP Security
• Microsoft Certified Systems Engineer: Security
• Cloud Security Certifications, such as the Cloud Security Alliance’s CCSK or certifications specific to major platforms like AWS or Azure.
  

• Master’s degree preferred.
  
  

• Interested applicants should fill out the form.
• AUS alumni are encouraged to apply. Applicants who do not meet specified requirements will not be shortlisted. Only shortlisted candidates will be contacted.
• AUS is an equal opportunity employer. We adhere to a policy of making employment decisions without regard to race, color, age, gender, religion, national origin, disability or marital status. Opportunities for employment are based solely upon one’s qualifications.