$50.72-$62.84 hourly / $8,791.76-$10,891.45 monthly / $105,501.12-$130,697.40 annual
Performs complex work related to the District’s information security plan including testing, analysis and evaluation of the integrity and confidentiality of enterprise systems, assets, and communication technology throughout the District.
Performs risk analysis of IT assets, infrastructure and systems to: isolate potential threats and hazards; assess the potential impact on business assets; identify measures to minimize or eliminate any negative effects; and inform plans to mitigate and/or prevent such hazards or threats.
Performs audits of the disaster recovery and business continuity plans for IT infrastructure and systems of the District and colleges, including hardware and software, networks, procedures, and people.
Participates in response efforts to information security incidents throughout the District, including post-incident recovery assessment and coordination with third-party responders such as law enforcement.
Analyzes data and document security plans, standards, and measures to ensure alignment with District, government, and industry standards.
Analyzes and evaluates security controls and procedures for: business process owners using information systems and assets; and items related to the acquisition, development, and lifecycle change of information systems.
Updates asset inventory of computing and networking related devices owned, managed, or otherwise used by the District, including information about the criticality of the asset and sensitivity of stored data.
Tests and assesses new security products and technologies, identifying integration issues and preparing cost and resource estimates.
Assists in the administration of authentication and access controls, including provisioning, changes, and deactivation of user and system accounts, security/access roles, and access permissions.
Assists in coordination and evaluation of the work of third-party resources employed for special projects related to the development, implementation, and monitoring of security program initiatives.
Assists in providing technical training, mentoring, and coaching to professional and technical staff on complex matters related to information security.
Maintains effective and cooperative working relationships with administrators, functional and technical team members, and users.
May conduct education and awareness seminars and programs related to information security activities, issues, and vulnerabilities for a broad range of audiences including administrators, managers, supervisors, staff, and students.
May serve in place of the Chief Information Security Officer as technical advisor on projects related to enterprise architecture, hardware, software, and technical controls that have security requirements and implications.
Performs related duties as assigned.
An Information Security Analyst analyzes and evaluates information systems, assets, and communication technology of the District and colleges to ensure compliance with the District’s information security plan. Employees in this class work at a journey-level and are expected to work independently and without immediate supervision.
A Chief Information Security Officer plans, develops, implements, and enforces information security strategies, policies, standards, response plans, and procedures; conducts risk analysis and assessments; and coordinates day-to-day incident monitoring, response, and reporting activities designed to protect enterprise systems, assets, and communication technology throughout the District.
A Software Systems Engineer is a member of a technical team responsible for analyzing, installing, customizing, optimizing, troubleshooting, and monitoring large scale, complex application and system software for the District. An employee of this class receives assignments that are geared towards meeting high-level technical goals and objectives and assuring implementation of software that meets those objectives with maximum effectiveness and efficiency.
General supervision is received from the Chief Information Security Officer. Functional supervision may be exercised over assigned professional, technical, and clerical staff.
Communications and network architecture and design including operating systems, network utilities, access control, transmission media, and communication hardware
Security assessment and testing tools
Technical sources of information for vulnerability alerts and advisories, security threat intelligence, and computer security standards, trends, and developments
Federal, state, and local regulations and guidelines related to information security such as HIPAA, FERPA, FISMA, and GLBA Principles and methods of risk management and analysis as applied to technology and information security
Principles of data management including data replication, retention, and security controls
Methods and techniques of technical documentation and record keeping
Principles of training
Conduct vulnerability audits, forensic investigations, and risk management assessments
Detect, investigate, and analyze threats and emergency security incidents
Respond immediately to security-related incidents and provide a thorough post-event analysis
Evaluate controls and procedures to mitigate risk, hazards, and threats to IT systems and their operation
Monitor internal and external policy compliance
Manage personal and institutional data in accordance with legal, regulatory, administrative and contractual requirements
Consistently use and promote professional standards and practices related to assignments
Actively contribute to a culture of constructive collaboration and innovation with colleagues
Maintain high levels of customer service and satisfaction
Provide effective and timely liaison among management, programmers, security team staff, and auditors on IT security issues and activities
Effectively communicate highly technical information accurately, concisely and in understandable terms, both orally and in writing
Foster a culture of constructive and effective collaboration and innovation within the architecture, solution designers, operations team, and with other functions
Train technical staff in the application of information security concepts and practices
Stay abreast of current trends and technical advancements in the area of information security and apply knowledge to solving complex problems
Education and Experience:
A bachelor’s degree from a recognized college or university preferably with a major in computer science, computer engineering, network security, information security, information technology, mathematics, or a related field.
Three years of recent, full-time, paid, professional-level experience in network administration and maintenance in an environment with a variety of network devices, DDNS, VPN, and firewalls.
Possession of one or more of the following certifications or an equivalent is required.
• Certified Information Systems Security Professional (CISSP)
• Security Essentials Certification (GSEC)
• Information Security Fundamentals (GISF)
• Certified Vulnerability Assessor (CVA)
The professional licenses must remain current and valid throughout employment with the District.
A valid Class “C” California driver's license may be required for some positions.
Travel to locations throughout the District may be required for some positions.
Our class specification generally describes the duties, responsibilities, and requirements characteristic of the position(s) within this job class. The duties, responsibilities, and requirements of a particular position within this class may vary from the duties of other positions within the class.
In accordance with the Americans with Disabilities Act (ADA), the Los Angeles Community College District provides reasonable accommodation to qualified individuals with covered disabilities on a case-by-case basis throughout the application, examination, and hiring processes and throughout employment. If an individual is in doubt about his or her ability to perform the duties and responsibilities of a position or possession of any other requirement noted in a class specification or job announcement, he or she should always apply for a position and request reasonable accommodation at the appropriate time.