Information Security Administrator

The Information Security Administrator is responsible for helping safeguard the confidentiality, integrity, and availability of the Colleges electronic information systems, networks, and data. This position develops, implements, and maintains cybersecurity practices and procedures designed to protect institutional information assets and reduce organizational risk. The Information Security Administrator works collaboratively with the Information Technology department and campus stakeholders to identify vulnerabilities, monitor emerging threats, respond to security incidents, support regulatory compliance efforts, and promote security awareness throughout the College community. This position also provides training and guidance regarding cybersecurity best practices for faculty, staff, and students.

Job descriptions are intended to present a descriptive list of the range of duties performed by employees and are not intended to reflect all duties performed within the job.

• Assist the IT Director with strategic planning related to information and network security, including plans to safeguard institutional data from accidental or unauthorized access, modification, destruction, or disclosure.
  
  
• Assist in developing, documenting, implementing, and maintaining information security policies, procedures, standards, and testing protocols.
  
  
• Collaborate with Information Technology staff to evaluate security risks, identify vulnerabilities, and implement appropriate mitigation strategies and security controls.
  
  
• Conduct regular risk assessments, vulnerability reviews, and security audits to identify potential threats and ensure effective protection of institutional systems and data.
  
  
• Monitor system, network, and security logs to identify suspicious activity, attempted intrusions, or indicators of compromise.
  
  
• Assist with the implementation and maintenance of firewalls, encryption methods, endpoint protection, multifactor authentication, and other cybersecurity technologies and safeguards.
  
  
• Monitor cybersecurity trends, threat intelligence, and industry best practices to assess potential impact on College systems and recommend appropriate responses.
  
  
• Lead information security incident response activities, including investigation, containment, remediation, recovery efforts, documentation, escalation, and reporting.
  
  
• Assist with internal and external notifications related to cybersecurity incidents in accordance with applicable laws, regulations, policies, and institutional procedures.
  
  
• Generate reports, documentation, and recommendations to support institutional leadership, compliance requirements, audits, and continuous improvement efforts.
  
  
• Provide cybersecurity awareness training and educational resources to faculty, staff, and students regarding phishing, social engineering, password security, data privacy, and related topics.
  
  
• Receive, prioritize, document, and respond to information security requests and tasks received through ticketing systems, project management systems, department communications, and other official channels.
  
  
• Lead and facilitate regular departmental meetings related to information security initiatives, trends, priorities, goals, and ongoing projects; prepare agendas, track progress, and provide written updates to leadership.
  
  
• Maintain current professional knowledge and technical expertise through ongoing training, professional development, and industry certifications.
  
  
• Collaborate effectively with internal departments, external vendors, auditors, regulatory agencies, and technology partners as needed.
  
  
• Support compliance with applicable federal and state regulations, accreditation standards, and College policies related to information security and data protection.
  
  
• Perform other duties as assigned.

Any combination of experience and training that would likely provide the required knowledge and abilities is qualifying. A typical way to obtain the knowledge and abilities would be:

Education

Bachelors degree in Information Security, Cybersecurity, Information Technology, Computer Science, Management Information Systems, or a related field preferred. Equivalent combinations of education, technical training, certifications, and directly related experience may be considered.

Experience

At least five years of combined education and work experience in information technology, cybersecurity, network administration, systems administration, or a related field preferred.

Experience with:

• Cybersecurity principles, frameworks, and best practices.
• Risk assessment, vulnerability management, and incident response procedures.
• Network security technologies including firewalls, endpoint protection, encryption, authentication systems, and intrusion detection/prevention tools.
• Monitoring and analyzing system and security logs.
• Developing and implementing information security policies and procedures.
• Security awareness training and communicating technical concepts to individuals with varying levels of technical knowledge.
• Regulatory compliance standards and data protection practices applicable to higher education environments.
• Managing multiple priorities, documenting processes, and responding effectively in high-pressure or time-sensitive situations.
• Working collaboratively with multifunctional teams and individuals from a variety of backgrounds in a professional environment.
• Maintaining confidentiality and handling sensitive or protected information appropriately.

License or Certificate:

Industry certifications such as CompTIA Security+, CISSP, CISM, GIAC, CEH, or related cybersecurity certifications preferred.

Possession of, or the ability to obtain, an appropriate, valid driver's license and an acceptable driving record that does not exclude the driver from coverage under WNCCs vehicle insurance required.

Work is primarily performed in an office and technology environment using computers and standard office equipment for extended periods of time. Duties frequently require sitting, speaking, hearing, reading detailed information on computer monitors, and repetitive hand and wrist movements associated with keyboard and mouse use.

The position may occasionally require standing, walking, bending, reaching, lifting, or carrying light to moderate office or technology equipment and materials. The employee may occasionally respond to urgent or after-hours information security incidents, system outages, or emergency situations requiring immediate attention.

Work requires the ability to analyze detailed information, maintain concentration, and respond appropriately in stressful or time-sensitive situations involving cybersecurity risks or operational disruptions.