|JOB DESCRIPTION: Technical and thought-leadership responsibilities for multiple information security disciplines such as security policy, awareness and education, risk management, incident response, vulnerability management, intrusion detection and prevention, regulatory compliance, and security operations. Drafts and reviews information security policies, processes, and procedures. Prepares information security awareness and education materials and other documentation. Determines and documents information security requirements and controls necessary for the protection of information resources. Implements and administers plans, processes, and procedures necessary to ensure compliance. Provides guidance and assistance regarding information security matters such as the interpretation of information security policies and requirements or their applicability to particular situations. Oversees information security incident response activities, risk assessment and risk management activities, and vulnerability assessment and vulnerability management activities spanning multiple business units. Manages detailed network, operating system, database, and application vulnerability assessments and security configuration audits. Manages information security projects and initiatives. Oversees operational tasks supporting information security functions such as intrusion detection and prevention, security event log analysis, management reporting, virus prevention and remediation, encryption, network segmentation, remote access and authentication. Supports, maintains, monitors, troubleshoots and enhances security infrastructure tools, methodologies, software, and hardware. Independently develops automated tools and methodologies in support of Information Security functions. Analyzes data from Information Security functions and provides reports and recommended response actions to Information Security management. Represents Information Security to other organizations on information security related matters, as assigned. Publishes regular status reports and submits to management. Performs related responsibilities as required.
MINIMUM QUALIFICATIONS: A bachelor's degree and five years of related IT experience including demonstrated technical expertise in multiple information security domains, project management skills and lead or supervisory experience or an equivalent combination of education, training and experience. Excellent project management and team participation skills. Good written and verbal communication skills. Strongly preferred qualifications include: knowledge of information security technologies, methodologies, and practices in security policy, standards, and best practices; security awareness; security incident response; risk assessment and management; vulnerability assessment and management; intrusion detection and prevention; system administration (Windows, OS X, Linux, Solaris, etc.); auditing and security administration of network, operating system, database and application security; access control; encryption; firewalls and proxies; networking; security event log analysis; virus prevention and remediation; and programming/scripting. Security certifications are a plus (e.g. SANS/GIAC, CISSP, CISA, CISM).
DATE CREATED/MODIFIED/REVIEWED: 01/15/09 DRS
Emory University is dedicated to providing equal opportunities to all individuals regardless of race, color, religion, ethnic or national origin, gender, age, disability, sexual orientation, gender identity, gender expression, veteran's status, or any other factor that is a prohibited consideration under applicable law.