Security and Compliance

This is a first-level security and compliance position that works within the framework of established security and compliance policies and procedures. Conducts monitoring of data security and implements controls as directed. Assists in firewall configuration. Guides data security remediation such as security patching. Reviews data logs and activities and notifies more senior staff of “exceptions.” Delivers security awareness training. Provides input to the preparation of disaster recovery plans. Prepares documentation for all actions taken.

This is a second-level security and compliance position accountable for performing a wide range of security procedures and processes necessary to ensure the safety of information systems and assets, and protecting systems and data from intentional or inadvertent access or destruction. An employee in this position ensures that users understand and adhere to the necessary procedures and processes to maintain security. Conducts and supports audits for regulatory and standards compliance. Provides input into the development of security policies. Participates in the preparation of disaster recovery plans. Designs and delivers security compliance training. Conducts IT data and security forensic investigations. Provides advice to management on balance between business needs and data security. Provides moderately complex technical support in relevant field of discipline. May serve as project lead and/or provides technical direction to lower level team members.

This is a professional security and compliance position accountable for performing a wide range of complex security procedures and processes necessary to ensure the safety of information systems and assets, and protect systems and data from intentional or inadvertent access or destruction. Ensures that users understand and adhere to the necessary procedures and processes to maintain security. Conducts the most complex audits for regulatory and standards compliance. Provides input into the development of security policies. Prepares disaster recovery plans. Designs and delivers high-level security compliance training. Conducts complex IT data and security forensic investigations Provides advice to management on balance between business needs and data security. Provides complex technical support in relevant field of discipline. Serves as a project lead and/or provides technical direction to lower-level team members. Mentors less experienced staff.

A supervisory position at this level is accountable for the technical, physical, and administrative security of information systems. Typically supervises a small team of information security staff. Ensures security protocols and procedures are followed and standards are met. Frequent liaison with Cybersecurity Manager to ensure work is performed in accordance with enterprise security standards. Mentors information security staff.

A specialist position at this level performs highly complex assignments involving multiple small platforms or a singular large platform. Accountable for application security, validation, evaluation and implementation. Works on and solves highly complex problems where analysis requires in-depth evaluation of various factors. Provides highly complex technical support in relevant field of discipline. May serve as project lead and/or provides technical direction to lower-level team members.

This is a managerial position accountable for oversight of the technical, physical, and administrative security of information systems in assigned functional areas. Oversees the development and deployment of security technology and processes in a designated functional area. Ensures data is safe from alteration and erasure. Manages the workload and deliverables for assigned resources. Oversees training of employees in data security. Responsible for assisting the Chief Information Officer (CIO) with strategic planning and direction.