Title: Senior Network and Technical Security Auditor
Anticipated Closing Date: 7/21/2019
Position Summary: The Information Systems Auditor facet of this position performs audits of the information technology, governance structure, general and data application controls, data integrity, and security for Pellissippi State. The Coordinator of Information Security facet of this position works with various units across campus to implement practices that meet defined policies and standards for information security. Both facets of this position would relate to the performance of vulnerability scans and pen testing of the various computerized systems operated by the college.
Required Documents Needed at Time of Application: Resume and copy of unofficial transcripts
Type of Appointment: Full-Time
Department: Internal Audit
Typical Duties & Responsibilities:
20% Perform vulnerability scans using Nessus of various college systems and document issues noted and provide guidance to end users regarding necessary action to correct the issues noted.
20% Plan and conduct information systems audits to evaluate the control environment and internal controls regarding information technology governance structure, general and application controls, system development, backup and disaster recovery, data integrity, and system security.
20% Ensure that compliance for PCI standards is maintained across all departments. Coordinate with members of the information technology function and end user departments to implement and sustain appropriate technical and procedural controls to support this objective. Remain apprised of pending changes to standards and proactively design and recommend appropriate measures. Monitor PCI DSS compliance of relevant hosting partners and application vendors. Perform ongoing security procedures, vulnerability scanning of the network (anti-virus, software/firmware patch) annually to assist with the colleges PCI/DSS compliance assessment. Evaluate new technology deployment initiatives, contributing to the colleges overall adoption of best security practices.
5% Monitor the internal/external threat environment for emerging threats, and advise relevant stakeholders on the appropriate course of action.
5% Keep current regarding latest security and privacy legislation regulations, advisories, alerts, and vulnerabilities pertaining to PSCC.
5%Identifies factors causing deficient conditions and provides constructive, economical, and practical recommendations to correct the issues noted.
10% Document audit work to ensure that adequate documentation exist to support the audit recommendations and conclusions.
5% Prepare concise, accurate and professional written and oral reports to communicate audit results and other relevant information to management.
5% Consult with and advise the President, Vice President of Finance, and CIO regarding information system matters and other compliance and operational matters as needed.
5% Perform administrative and other duties as assigned.
· Bachelor's Degree or higher in Information Systems, Computer Science, Accounting or a related field from a regionally accredited institution.
· Emphasis within degree program in information security or management information systems is preferred.
· At least 3 years of related experience working in with computerized accounting or information systems, preference given to those who have worked in higher education with Ellucian/Banner.
(Part-time work experience is calculated at 50% credit of full-time work experience)
No licensures are required for this position. However, it is preferred that the applicant obtain a CPA, CISSP, or CISA certification within 3 years of employment.
Special Skills/Application of Knowledge:
A high degree of analytical, technical, and creative thinking is necessary to conduct an internal audit or vulnerability assessment review. Problem solving must not conflict with regulations/polices and must conform to institutional strategic planning goals and objectives. Each audit/review is different and must be geared toward very specific objectives. General guidance is typically available through policies/procedures/standards, but interpretation and adaptability is critical.
The job would require that someone have specialized knowledge and skills as follows:
· Knowledge of NIST and ISO standards that are required to evaluate information system risk.
· Technical knowledge of electronic data processing systems (Banner and related third party SQL based software) and systems design.
· Knowledge of management concepts.
· Knowledge of the requirements for effective report writing.
· Ability to audit effectively in a computer environment.
· Ability to comprehend and interpret policies, procedures, laws, regulations, and guidelines.
· Ability to produce consistently accurate work to evaluate the materiality and significance of deviations from established policies, procedures, and
regulations, and to make recommendations for corrective action.
· Ability to communicate effectively in both oral and written form.
· Ability to evaluate requirements and interpret them and manage them to minimize risk and maximize efficiency and accuracy.
Location of Position: Hardin Valley Campus
Pay Rate: $52,870 - $65,970.00/per year. Pay will be determined based on related work experience above required. To be considered in determining pay, all related work experience must be listed on the application. A summary of our benefits can be found on online: at http://www.pstcc.edu/hr/benefits.
Special Instructions to Applicants: To be considered for a position at Pellissippi State, you must create an on-line application. Your skills, abilities, qualifications, and years of experience will be evaluated using only what is recorded on your application and resume. Please note: attaching a resume does not substitute for completion of the application form. Part-time work experience is calculated at 50% of full-time experience. Please note: to scan, upload, or attach documents, a computer and scanner are available at the Hardin Valley Campus Educational Resources Center, if needed.
Pellissippi State Community College is an EEO/AA/Title VI/Title IX/Section 504/ADA employer
If you have any problems or questions please contact Pellissippi State Community College’s Human Resources office at 865-694-6406 or by email at firstname.lastname@example.org.