Job Description

Job Title-Data Security Specialist

The following statements are intended to describe the general nature and level of work being performed. They are not intended to be construed as an exhaustive list of all responsibilities, duties and skills required of personnel so classified.


Summary
Under limited supervision, provides strategic and technical advice, guidance, and assistance in the design and implementation of appropriate access protection, system integrity/reliability, audit control, and system recovery methods and procedures for university-wide administrative information systems. Recommends and monitors computing practices to ensure that individual and departmental access and rights, resources, and information are secure. Coordinates the handling of security incidents, recoveries, breaches, intrusions, and/or system abuses.

Position Duties and Responsibilities:

  1. Participates in development and implementation of computing center information security policies and procedures; develops security guidelines and safe practices for university-wide computing and networking systems.
  2. Coordinates the handling and resolution of incidents of security breach, to include system intrusions and abuse; acts as primary point of contact for external law enforcement entities.
  3. Investigates and identifies solutions to viral infestation and damage; administers the antiviral program, and works with platform experts to select and coordinate the support of virus protection software for common platforms in use across the organization.
  4. Develops, facilitates, and presents information security awareness and security training within the computing center, across the university, and within the community at large.
  5. Reviews, updates, and enforces data security practices within the central computing center shared-system environments; tests for exposures to ensure adherance to guidelines and procedures, and works with platform experts to implement remedial measures as appropriate.
  6. Coordinates and participates in special projects concerning information security, including testing and implementation of security software enhancements.
  7. Maintains a broad knowledge of state-of-the-art technology, equipment, and/or systems.
  8. Ensures strict confidentiality of client and university information.
  9. Performs miscellaneous job-related duties as assigned.

    MINIMUM EDUCATION AND EXPERIENCE:
    Bachelors Degree in a field or discipline specified by the department, depending upon individual position requirements. Three to five years experience directly related to the duties and responsibilities specified.

    LICENSES/CERTIFICATIONS REQUIRED:

    UNM REQUIRED TRAINING:
    In addition to the following, all new employees are required to attend New Employee Orientation:
    Basic Annual Safety Training

    KNOWLEDGE, SKILLS, AND ABILITIES REQUIRED:
    Knowledge of computer security issues, requirements and trends. Skill in developing policy and procedure documentation. Ability to identify and eliminate computer system intrusions and security breaches. Records maintenance skills. Ability to devise solutions to computer virus problems. Knowledge of the nature and sources of computer viral infestations. Ability to develop and present educational programs and/or workshops. Ability to establish, implement, maintain, and modify computer data security guidelines and procedures. Strong interpersonal and communication skills and the ability to work effectively with a wide range of constituencies in a diverse community. Ability to install, troubleshoot, and maintain information security software and software enhancements. Knowledge of current technological developments/trends in area of expertise. Ability to train clients on security policies and awareness.

    DISTINGUISHING CHARACTERISTICS:
    Position requires: a) Developing guidelines, policy and procedures for university security issues; b) developing and presenting security awareness and training for the university; c) investigating and identifying solutions to security breaches; and d) testing for exposure to ensure adherence to guidelines; and e) recommends and monitors access and rights to university systems.

    WORKING CONDITIONS:
    Work is normally performed in a typical interior/office work environment.

    PHYSICAL EFFORT:
    No or very limited physical effort required.

    ENVIRONMENTAL CONDITIONS:
    No or very limited exposure to physical risk.

    REVISED DATE:: 2/1/00