INFORMATION SECURITY ARCHITECT

Responsible for the consultation on the design of secure systems and services across the institution and Regional Security Operations Center (RSOC), to include the Universitys infrastructure, applications, Cloud services, and endpoint devices. Description of Duties Assists in coordinating cyber investigations, incident response, and forensics.Designs and sets configuration standards and oversees the firewall rule set to ensure compliance with both law and best practices.Incorporates the principles of privacy-by-design in all aspects of information security.Coordinates and conducts vulnerability and penetration analysis/tests on University systems and services to identify weakness.Oversees the Information Security Office SIEM tools and primary Information Security oversight of security.Evaluates and recommends security controls for infrastructure systems, local and remote, endpoint devices, and applications, local and remote.Evaluates Cloud architecture for security compliance.Consults on disaster recovery and business continuity of operations plans.Conducts independent risk assessments of systems and services.Conducts security analysis on systems and services. Coordinates and oversees Office and other Cloud services security setting and standards.Develops automated event monitoring and alert tracking.Assists with overall IT security risk management.Assists with IT security planning and compliance reporting.Oversees, plans, and conducts penetration tests.Develops security standard configurations.Reviews, tests, and approves non-standard security configurations.Serves as a member of the IT-CERT team.Keeps current with IT network security and recommends improvements for disaster recovery, business continuity, intrusion detection, incident remediation, monitoring of network and bandwidth resources, and other pertinent security software and utilities.Keeps current with advancements in information security related subjects, participates as an internal consulting resource on viruses, spyware, exploits, computer forensics, recovery and similar subject matter and recommends improvements to the university security program.Evaluates and recommends new information security policies, procedures, standards, guidelines, tools, technologies, organizational changes, etc.Actively participates in the higher education security community such as Educause, REN-ISAC, Unisog, etc.Participates in university committees and meetings with the UT System Security Council.Performs other duties as assigned. Supervision Received General supervision from assigned supervisor. Supervision Given Direct supervision of assigned staff. Required Education Bachelors degree from an accredited university in information security, information technology, computer sciences, risk management, or closely related field. Preferred Education Bachelors degree in Cyber security or similar field from an accredited University Licenses/Certifications Preferred: Certified penetration tester (GPEN), or Certified Information Systems Security Professional (CISSP) within two years of hire; and the Certified Information Systems Security Professional with Information Systems Security Architecture Professional designation. Required Experience Four years of professional experience in Information Security, Identity and Access Management, PCI, application security, networking, or device security including experience conducting risk assessments and identifying effective risk mitigation strategies or Bachelors degree in unrelated field from an accredited university with six years of the required experience.or Masters degree in information or cybersecurity with three years of the required experience.Required experience can be substituted for up to two years of education on a 1-for-1 basis. Preferred Experience Knowledge and experience with programing and computer languages such as SQL, PowerShell, Python, or similar.Experience in managing, configuring, deploying, and monitoring security infrastructure.Experience with standard concepts, practices, and procedures for security operation centersKnowledge of ITIL processes and standards.Demonstrated ability to multitask and self-manage assigned projects and daily tasks in an environment with shifting priorities.Demonstrated ability to follow established procedures, even in a high-pressure situation.Excellent communication skills, verbal and written, including the ability to convey technical information to a non-technical audience.Knowledge of and familiarity with Cloud security practices, network operating systems, endpoint devices, Active Directory, ITSM, Amazon Web Services, Environment and PII vulnerability scanning, Office , and Oracle Identity Manager or similar IAM product.Ability to independently analyze Information Security Threat Intelligence and vulnerability information and provide recommendations for remediation.Ability to coordinate IT security and compliance projects to meet legal, regulatory, and contractual guidelines. Equipment Proficiency in the use of a personal computer and applicable software necessary to perform work assignments e.g. word processing, spreadsheets (Microsoft Office preferred). Use of standard office equipment. Working Conditions Needs to be able to successfully perform all required duties. Exposure to standard office conditions. Indoor activity, exposure to fluorescent lighting, computer emissions, and confined space. Frequent use of personal computer, copiers, printers, and telephone. Frequent standing, sitting, listening, and talking. Frequent work under stress, as a team member, and in direct contact with others. Job involves moderate amount of walking daily, occasional bending and stooping and infrequent lifting and climbing. Some travel and weekend work is required, including travel to meetings and training outside the area. May work extended hours. UTRGV is a distributed institution, which requires presence at multiple locations throughout the Rio Grande Valley. Work is performed primarily in a general office environment. Other Strong attention to detail and ability to problem solve. Ability to function independently and as a team player in a fast-paced environment. Demonstrated ability to develop and maintain collaborative working relationships with varying constituencies and teams. Knowledge of security best practice standards such as the Center for Internet Security (CIS) Top 20 Critical Security Controls, NIST Cybersecurity Framework and OWASP. Exceptional planning and organizational skills. Demonstrated ability to perform independent research and apply critical reasoning skills to solve technical issues. Familiarity with information security compliance and best practices, including COBITS, PCI, NIST, ISO, CJIS, and information security related federal and state laws and regulations, including privacy protection, identity protection, HIPAA, FERPA, records retention requirements, and CALEA.To the extent this position requires the holder to research, work on, or have access to critical infrastructure as defined in Section . of the Texas Business and Commerce Code, the ability to maintain the security or integrity of the critical infrastructure is a minimum qualification to be hired and to continue to be employed in the position. Physical Capabilities N/A Employment Category Full-Time Minimum Salary Commensurate with Experience Posted Salary Commensurate with Experience Position Available Date 12/05/ Grant Funded Position No If Yes, Provide Grant Expiration Date Posting Detail Information EEO Statement It is the policy of The University of Texas Rio Grande Valley to promote and ensure equal employment opportunities for all individuals without regard to race, color, national origin, sex, age, religion, disability, sexual orientation, gender identity or expression, genetic information or protected veteran status. In accordance with the requirements of Title VII of the Civil Rights Act of , the Title IX of the Education Amendments of , Section of the Rehabilitation Act of , and the Americans with Disabilities Act of , as amended, our University is committed to comply with all government requirements and ensures non-discrimination in its education programs and activities, including employment. We encourage women, minorities and differently abled persons to apply for employment positions of interest. Special Instructions to Applicants Dear Applicant,Human Resources will not be held responsible for redacting any confidential information from the documents you attach with your application. The confidential information includes the following:Date of BirthSocial Security NumberGenderEthnicity/RacePlease make sure that you omit this information prior to submission. We are advising that Human Resources will be forwarding your application to the department as per your submission.