This is a key position for establishing standards, directions and technological implementations to protect the privacy and security of individuals’ data, research data, or other institutional data . The goal of this position is to establish, implement and maintain information security programs as well as to manage College of Engineering (CoE) IT security projects to support the mission of the CoE in activities that include academic, research, outreach, and administrative use of information technology.
The person in this position is responsible for assessing and monitoring the security of the CoE information technology infrastructure in a distributed, inter-networked environment. The components included in this distributed environment are all manner of endpoints, such as desktop computers, laptops, instrumentation, network infrastructure (hardware and software) and the application software packages, databases and data stored.
This person will: collaborate and coordinate with other UW – Madison and UW – System security efforts, such as MIST (Madison Information Security Team); exercise leadership regarding creation, implementation, and enforcement of information technology security standards; help identify problems with security in the CoE; and identify ways to improve security and limit exposure.
The person in this position shall take the lead in any situation where security is suspected to have been compromised with information systems in the college, working with the person responsible for that system to resolve the problem, and coordinating with appropriate internal and external authorities. This position is part of Computer-Aided Engineering and interacts with CoE administrators, the campus’s Office of Cybersecurity (OCS), and faculty and staff on the design, development and implementation of an integrated, secure environment with distributed, networked information systems.
Principal duties include, but are not limited to:
- Interact with college technology groups on the design, development and implementation of an integrated, secure environment with distributed, networked information systems.
- Lead CoE security projects in responding to situations where information security has been compromised to ensure proper procedures are followed and corrections to the security flaw(s) are made to prevent future compromises, whenever possible.
- Guide the investigation, recommendation and implementation of the use of technical and physical information security controls to enhance information security for academic and research departments in the CoE.
- Develop and maintain a method to quickly and efficiently communicate current security situations to college technologists, providing proactive recommendations when possible.
- Participate in campus-level development of security standards for new projects, products and services for instructional, research and student use.
- Collaborate with OCS to triage possible security issues and to represent the College’s interests.
- Manage the College’s firewall instances and VPN implementation.
- Monitor network traffic and alerts for indicators of compromise
- Monitor threat intelligence in order to proactively protect College assets and interests.
- Attend training, workshops, and courses to increase knowledge of information security, project management, leadership, team building, and other applicable skills.
- Participate in relevant university meetings.
- Bachelor’s degree with relevant course work or work experience in computing, information technologies or related fields.
- Minimum of two years experience related to information technology security
- Knowledge of network protocols, firewalls, encryption, and IAA (Identify, Authenticate, Authorize) methods and other information security controls.
- Excellent communication (oral and written), collaborative, and negotiating skills.
- General knowledge of major computer systems and operating systems. Knowledge of those systems’ strengths, weaknesses and vulnerabilities.
- Experience using or understanding of the capability of endpoint management tools
- Strong analytical, problem solving, and inter-personal skills.
- Knowledge of developing and evolving security standards or protocols.
- Knowledge of disaster preparedness and recovery methodologies.
- Experience interpreting requirements of NIST, ITAR, HIPAA, CMMC, PCI, or similar
- Knowledge of the UW-Madison network topography.
- Functional knowledge of Palo Alto Firewalls
- Knowledge of network protocols and stacks, including packet capture and interpretation
- Experience working in a large university environment