Los Angeles Community College District

Information Security Analyst (#1078)

$50.72-$62.84 hourly / $8,791.76-$10,891.45 monthly / $105,501.12-$130,697.40 annual


Definition

Performs complex work related to the District’s information security plan including testing, analysis and evaluation of the integrity and confidentiality of enterprise systems, assets, and communication technology throughout the District.

Typical Duties

Performs risk analysis of IT assets, infrastructure and systems to: isolate potential threats and hazards; assess the potential impact on business assets; identify measures to minimize or eliminate any negative effects; and inform plans to mitigate and/or prevent such hazards or threats.

Performs audits of the disaster recovery and business continuity plans for IT infrastructure and systems of the District and colleges, including hardware and software, networks, procedures, and people.

Participates in response efforts to information security incidents throughout the District, including post-incident recovery assessment and coordination with third-party responders such as law enforcement.

Analyzes data and document security plans, standards, and measures to ensure alignment with District, government, and industry standards.

Analyzes and evaluates security controls and procedures for: business process owners using information systems and assets; and items related to the acquisition, development, and lifecycle change of information systems.

Updates asset inventory of computing and networking related devices owned, managed, or otherwise used by the District, including information about the criticality of the asset and sensitivity of stored data.

Tests and assesses new security products and technologies, identifying integration issues and preparing cost and resource estimates.

Assists in the administration of authentication and access controls, including provisioning, changes, and deactivation of user and system accounts, security/access roles, and access permissions.

Assists in coordination and evaluation of the work of third-party resources employed for special projects related to the development, implementation, and monitoring of security program initiatives.

Assists in providing technical training, mentoring, and coaching to professional and technical staff on complex matters related to information security.

Maintains effective and cooperative working relationships with administrators, functional and technical team members, and users.

May conduct education and awareness seminars and programs related to information security activities, issues, and vulnerabilities for a broad range of audiences including administrators, managers, supervisors, staff, and students.

May serve in place of the Chief Information Security Officer as technical advisor on projects related to enterprise architecture, hardware, software, and technical controls that have security requirements and implications.

Performs related duties as assigned.

Distinguishing Characteristics

An Information Security Analyst analyzes and evaluates information systems, assets, and communication technology of the District and colleges to ensure compliance with the District’s information security plan. Employees in this class work at a journey-level and are expected to work independently and without immediate supervision.

A Chief Information Security Officer plans, develops, implements, and enforces information security strategies, policies, standards, response plans, and procedures; conducts risk analysis and assessments; and coordinates day-to-day incident monitoring, response, and reporting activities designed to protect enterprise systems, assets, and communication technology throughout the District.

A Software Systems Engineer is a member of a technical team responsible for analyzing, installing, customizing, optimizing, troubleshooting, and monitoring large scale, complex application and system software for the District. An employee of this class receives assignments that are geared towards meeting high-level technical goals and objectives and assuring implementation of software that meets those objectives with maximum effectiveness and efficiency.

Supervision

General supervision is received from the Chief Information Security Officer. Functional supervision may be exercised over assigned professional, technical, and clerical staff.

Class Qualifications

Knowledge of:

Communications and network architecture and design including operating systems, network utilities, access control, transmission media, and communication hardware

Security assessment and testing tools

Technical sources of information for vulnerability alerts and advisories, security threat intelligence, and computer security standards, trends, and developments

Federal, state, and local regulations and guidelines related to information security such as HIPAA, FERPA, FISMA, and GLBA Principles and methods of risk management and analysis as applied to technology and information security

Principles of data management including data replication, retention, and security controls

Methods and techniques of technical documentation and record keeping

Principles of training

Ability to:

Conduct vulnerability audits, forensic investigations, and risk management assessments

Detect, investigate, and analyze threats and emergency security incidents

Respond immediately to security-related incidents and provide a thorough post-event analysis

Evaluate controls and procedures to mitigate risk, hazards, and threats to IT systems and their operation

Monitor internal and external policy compliance

Manage personal and institutional data in accordance with legal, regulatory, administrative and contractual requirements

Consistently use and promote professional standards and practices related to assignments

Actively contribute to a culture of constructive collaboration and innovation with colleagues

Maintain high levels of customer service and satisfaction

Provide effective and timely liaison among management, programmers, security team staff, and auditors on IT security issues and activities

Effectively communicate highly technical information accurately, concisely and in understandable terms, both orally and in writing

Foster a culture of constructive and effective collaboration and innovation within the architecture, solution designers, operations team, and with other functions

Train technical staff in the application of information security concepts and practices

Stay abreast of current trends and technical advancements in the area of information security and apply knowledge to solving complex problems

Entrance Qualifications

Education and Experience:

A bachelor’s degree from a recognized college or university preferably with a major in computer science, computer engineering, network security, information security, information technology, mathematics, or a related field.

AND

Three years of recent, full-time, paid, professional-level experience in network administration and maintenance in an environment with a variety of network devices, DDNS, VPN, and firewalls.

Certification:

Possession of one or more of the following certifications or an equivalent is required.

• Certified Information Systems Security Professional (CISSP)

• Security Essentials Certification (GSEC)

• Information Security Fundamentals (GISF)

• Certified Vulnerability Assessor (CVA)

Special:

The professional licenses must remain current and valid throughout employment with the District.

A valid Class “C” California driver's license may be required for some positions.

Travel to locations throughout the District may be required for some positions.

Reasonable Accommodations

Our class specification generally describes the duties, responsibilities, and requirements characteristic of the position(s) within this job class. The duties, responsibilities, and requirements of a particular position within this class may vary from the duties of other positions within the class.

In accordance with the Americans with Disabilities Act (ADA), the Los Angeles Community College District provides reasonable accommodation to qualified individuals with covered disabilities on a case-by-case basis throughout the application, examination, and hiring processes and throughout employment. If an individual is in doubt about his or her ability to perform the duties and responsibilities of a position or possession of any other requirement noted in a class specification or job announcement, he or she should always apply for a position and request reasonable accommodation at the appropriate time.


CLASS: 1078; EST: 10/24/2018; REV: 11/7/2018;